In the one and a half years since Edward Snowden first revealed the extent of government spying, Google has locked security down so tightly that Google services are now the safest place to store your sensitive data, according to Google Chairman Eric Schmidt.
Places that aren’t so safe? “Anywhere else”, Schmidt said at a conference on surveillance at the Cato Institute on Friday.
Schmidt told conference goers that Google first learned about Edward Snowden’s revelations about the National Security Agency’s (NSA’s) surveillance programs from a 2013 Washington Post article that shocked the company’s engineers.
When reporters showed the engineers a diagram detailing the methods employed by the intelligence agency, Washington Post journalist Craig Timberg reportedly said that they reacted with a
fusillade of words that we could not print in our family newspaper.
Schmidt told the audience that Google immediately got to work securing the company’s servers and services, ITWorld reports.
The Post at the time had published a slide from an NSA presentation on “Google Cloud Exploitation”.
The drawing depicted where data resides, between where the “Public Internet” meets the internal “Google Cloud”, eliciting what the Post called an explosion of profanity from two engineers with close ties to Google.
According to the Post, the surveillance operation, codenamed MUSCULAR, was a partnership between the NSA and British counterpart GCHQ in which “entire data flows” were copied from fiber-optic cables connecting corporate data centers.
US News quotes Schmidt’s remarks to the conference audience:
The fact that it had been done so directly and documented in the documents that were leaked was really a shock to the company. When it [comes] to monitoring data traffic between Google servers, they’re clearly monitoring traffic for people who are in the US, which as I understand - and I’m not a lawyer - is not their mission.
The legal basis for such collection is actually found in Executive Order 12333 – a controversial Reagan-era decree that granted broad surveillance authority to the president.
Whistleblower John Napier Tye, former section chief for internet freedom in the State Department’s Bureau of Democracy, Human Rights and Labor and now a legal director of Avaaz, a global advocacy organization, participated in a conference panel earlier in the day, during which he warned that Executive Order 12333 can be used by the NSA to collect vast amounts of US communications from overseas servers and cables without a warrant and with neither court nor congressional oversight.
Last week, Congress for the first time codified that order in a bill that appears to condone such data collection, imposing a five-year limit for data retention on most communications but allowing for indefinite retention under certain conditions, including if such communications are “enciphered” or otherwise suspected of pertaining to secrets.
Schmidt said Google reacted to the NSA news by “massively” encrypting its systems to protect users from warrantless surveillance, to the extent that we’ll all probably be dead before anybody manages to crack the company’s 2,048-bit data encryption to get at our data.
ITWorld quotes him:
We massively encrypted our internal systems. It's generally viewed that this level of encryption is unbreakable in our lifetime by any sets of human beings in any way. We'll see if that’s really true.
Schmidt also touted the incognito browsing feature in Google’s Chrome browser and Google’s Dashboard feature: a mode that’s found in all modern browsers, sometimes referred to as “private”, and which makes it much more difficult for websites to track us.
(To find out more about browsing without being tracked, check out this quick fix. It details how to clear out cookies and the cookie-like things that can be used to track you online.)
Chris Soghoian, principal technologist with the American Civil Liberties Union, was not impressed. Chrome’s incognito mode will “do nothing” to protect users from government surveillance, he said.
At issue, of course, is the fact that any data saved on Google servers is subject to being turned over to law enforcement.
In fact, as Soghoian said, Schmidt has commented in the past about retaining user information to comply with law enforcement surveillance requests.
Schmidt said that Google complies with legal law enforcement requests, and retains user data for a year because of government mandates.
As far as collecting private user data to fuel its business model, Schmidt said that people “don’t understand how Google works”.
In fact, he said, Google’s here to tickle us pink, not to trample on our privacy:
Google's job is build stuff that delights customers. When governments illegally invade their privacy, that's like a negative. It's easy to understand why we'd make these systems stronger.
If Google’s claims to be the safest spot in the world sound hyperbolic, bear in mind that Schmidt was talking to a suspicious crowd.
According to US News, Cato Institute fellow Julian Sanchez had earlier in the day described Schmidt as “the NSA’s best frenemy”.
What do you think? Is Google the safest spot to store your sensitive data?
Can anywhere in the cloud be safe to keep sensitive information away from government surveillance, given that all US companies are subject to US mandates, warrants, or even warrantless grabs, as well as being at risk of interception by non-government entities, including cyber crooks?
Please share your thoughts in the comments section below.
Image of Eric Schmidt licensed under Creative Commons, from Guillaume Paumier, CC-BY.