Google Redoubles Effort to Thwart NSA Surveillance
They plan to install strong end-to-end crypto on Gmail.
The Washington Post reports today on the first of what I assume will be many announcements from tech companies worldwide:
Google is racing to encrypt the torrents of information that flow among its data centers around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments, company officials said Friday. The move by Google is among the most concrete signs yet that recent revelations about the National Security Agency’s sweeping surveillance efforts have provoked significant backlash within an American technology industry that U.S. government officials long courted as a potential partner in spying programs.
....Security experts say the time and energy required to defeat encryption forces surveillance efforts to be targeted more narrowly on the highest-priority targets — such as terrorism suspects — and limits the ability of governments to simply cast a net into the huge rivers of data flowing across the Internet. “If the NSA wants to get into your system, they are going to get in . . . . Most of the people in my community are realistic about that,” said Christopher Soghoian, a computer security expert at the American Civil Liberties Union. “This is all about making dragnet surveillance impossible.”
....Google officials declined to provide details on the cost of its new encryption efforts, the numbers of data centers involved, or the exact technology used. Officials did say that it will be what experts call “end-to-end,” meaning that both the servers in the data centers and the information on the fiber-optic lines connecting them will be encrypted using “very strong” technology. The project is expected to be completed soon, months ahead of the original schedule.
[Eric Grosse, vice president for security engineering at Google] echoed comments from other Google officials, saying that the company resists government surveillance and has never weakened its encryption systems to make snooping easier — as some companies reportedly have, according to the Snowden documents detailed by the Times and the Guardian on Thursday.
“This is a just a point of personal honor,” Grosse said. “It will not happen here.”
The question here is, Who do you trust? Google says they're going to use strong encryption and will never install back doors or hand over encryption keys to the NSA. At least, that's what they seem to be saying.
On the other hand, if the NSA gets a court order that forces Google to turn over encryption keys and prohibits them from talking about it, who would ever find out?
So which do you trust more? Google's desire to give its customers what they want, or the NSA's ability to get what they want? Good question. The vast majority of people won't care about this at all, but I suspect that more than a few will decide that NSA has more power than Google and will simply decline to do business in the future with American companies if it involves storage of information on the cloud. Whether that eventually has a noticeable impact on American tech companies is hard to predict.