Slashdot Mirror
Google To Encrypt Cloud Storage Data By Default
jfruh writes "Worries about snooping are now a permanent part of our computing landscape, but Google is attempting to ameliorate those fears by encrypting all data on its Google Cloud Storage service by default. Data is encrypted with 128-bit AES, and you can manage the keys yourself or have Google do it for you. A Google spokesperson said that the company "does not provide encryption keys to any government."" (Also at SlashCloud.)
Just like how they already lied the first time. Lies Lies Lies. But I don't care. Go ahead and do that NSA thing.
And we have what guarantee, exactly, that they're telling the truth?
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Of course they don't provide encryption keys to any government, they just hand over the plaintext.
A Google spokesperson said that the company "does not provide encryption keys to any government.""
As Google is a U.S. based company, I'm pretty sure this is a bald faced lie due to the "Patriot Act".
Until they receive a National Security Letter and a gag order to boot.
They don't provide any keys. They provide the decrypted data.
What does it matter if they encrypt it all and then give the keys to the government?
"A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law."
What does this mean, exactly? That they would provide encryption keys in accordance with the law? That they could?
A robust system would mean the hosting company wouldn't be more able to decypher encrypted damage than anyone else. Are they offering that?
"If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," Barth wrote. "We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing."
That sounds meaningless.
All that it prevents is interception of data to/from your computer.
It does nothing to stop the NSA from requesting your data from Google, who would control your encryption keys.
A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.
Which is exactly my point. If they control your key, they have access to your data.
[Fuck Beta]
o0t!
Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.
Which is how it should all be done. Relying on Google's honesty, or some Google employee who doesn't want his fingers broken one by one, is just false security.
Have gnu, will travel.
Given what we know about the NSA, NSLs, and Lavabits, " [we do] not provide encryption keys to any government" is a worthless statement. With an NSL, Google will turn over everything and won't be able to say anything about it. With an NSL, Google will be required to lie (like claiming data is encrypted when it's not). Lavabits received an NSL and chose to shut down rather than honor it and sell out their customers. Google compiles with their NSLs.
You cannot trust Google or the cloud with your data.
Do you even lift?
These aren't the 'roids you're looking for.
Fool me once..
"I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
Server side encryption is only potentially beneficial for limited data breaches where the attacker gains access to the data but not the keys. In the case of government requests, they have the same rights to ask for the keys as for the data. Perhaps if there is a seizure of entire disks then having encryption may oblige them to ask for specific keys and therefore protect your data from snooping when you are not the target. It is also unclear exactly how unique/granular the keys are.
This is not Google Drive that's getting automatic encryption, it's their Cloud Storage, which is only available to developers.
Hail Eris, full of mischief...
E pluribus sanguinem
If your data is worth encrypting, do you really want it in the cloud at all? The internet never forgets. Given the rapid advances in both raw compute power and cryptography, something that takes unimaginably long to brute force today, might be trivial to crack in just a few years.
Loading...
In other news leaked internal NSA documents show that they only begin to have trouble cracking AES at 256-bit key sizes and higher.
As long as your store your data in as the AES key, Google will not sure it with the government.
The summary leaves out a critical bit of the company spokesperson's quote from the article: they won't give anyone your encryption keys directly, but they'll happily USE the encryption keys they're managing for you to decrypt your data and give the decrypted data to anyone who makes a legal request.
All this buys you is a tiny bit of defense in depth in case someone tracks down the Google server(s) that are storing your data, breaks into the data center, and physically yanks the hard drive out of the machine. Doesn't do anything to prevent a government from getting access by asking politely, and doesn't do anything to address the wide-open front door of someone guessing your account password.
If you care at all, you should be using client-side encryption. If you don't, this is just adding extra latency.
I will encrypt my data myself, that is the only way I can keep it private. But hey, thanks for the free storage. Maybe you'll manage to trick someone else with this?
Signature intentionally left blank.
"does not provide encryption keys to any government."
Means, "we provide encryption keys to the whim of any government." Guessing this is true.
When I first read the summary I thought Google was going to provide me a way to manage my own keys in a practical sense. I would like for my browser to automatically decrypt when I download from Google Drive using private keys stored on my local store (with a pass phrase, of course).
"No Legitimate Expectation of Privacy," Says Google, Quoting the Supreme Court
http://reason.com/blog/2013/08/14/no-legitimate-expectation-of-privacy-say
“a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979).
Based on recent evidence these words mean absolutely nothing* and you would be a fool to trust them.
* That doesn't mean they are technically a lie. Maybe 128 bit AES has a hidden weakness. Maybe there is NSA sponsored back door to their code. Who knows?
Who, except for the forensic types, cares?
This is the same Google that insists in court: of COURSE we read your email... why would you expect anything else, right?
Obama killed the cloud star. Google must comply with legislation, they could deny (at least till NSA summons another secret law that essentially says all your data are belong to us), but at least for citizens of other countries, or americans that contacts them they must give the data anyway. Once they put in the tables laws that force you to do something and not speak about it you can't trust in anything they say, you just can't decide if its true or is a lie that is forced to say (even assuming their best good will in this topic).
Anybody else think that this cloud business is taking a hit? Maybe they should try a different angle and tell us that NSA is good for us and is perfectly safe...
“He’s not deformed, he’s just drunk!”
That's funny, because here I thought that Google's Cloud Storage was going to be hosted in NSA's new data center. Brilliant really. Why bring the NSA to you when it's less trouble to let the NSA host your shit for you.
The encryption master keys are subpoenaed under a NSL by our good friends looking out for us, so nothing bad happens.
The only really secure data are the ones written to your own HDD in your safe in your basement, encrypted with opensource program, with part of encryption key entrusted to some friend who is instructed to return it to you when he is satisfactorily ensured that you are not under coercion.
OK, so you have the option to manage your own keys, but we're trusting that Google doesn't copy your keys when you create them and that they don't have a backdoor. Based on recent revelations, I wouldn't put either past them.
Once Google unequivocally tells the feds to fuck off the next time they come sniffing around for user data, I'll put some stock into such supposed privacy measures.
Google complies with local laws and regulations. Remember their previous venture in China:
"The new local Google site, expected to be launched Wednesday at Google.cn, will include notes at the bottom of results pages that disclose when content has been removed, said Andrew McLaughlin, senior policy counsel for Google. "Google.cn will comply with local Chinese laws and regulations," he said in a statement. "In deciding how best to approach the Chinese--or any--market, we must balance our commitments to satisfy the interest of users, expand access to information, and respond to local conditions.""
http://news.cnet.com/Google-to-censor-China-Web-searches/2100-1028_3-6030784.html
When a legal order to turn over info is received they will do it. The only question is what constitutes a legal order.
Of course they don't provide encryption keys to any government, they just hand over the plaintext.
Now how are they going to do that if one encrypts the data before sending it to the cloud service? Don't give your cloud service the plain text.
It might have been. But too late now.
http://stephan.sugarmotor.org
Its AES. Its a symmetric-key algorithm. The encryption key is the decryption key. Whats with all the jokes about decryption keys?
Anyway, you can already do this for Chrome's sync data. I setup a pass phase for my sync data thats only known to my browser, and never sent to Google. Of course, that means I trust Chrome, but at least I don't have to trust them to protect the data on their end.
This (letting the user hold the keys) is exactly what we should be rooting for. I'm amazed how negative the posts here are.
What they will do is snoop your connection for when you input the password. Https connection? They will have the cert keys already.
You might as well be using open to send the password.
Unless you are uploading locally encrypted files to the cloud (for convenience I suppose) and never sharing keys except in person you should be fine.
Until they kick your door in that is.
If Google had a way to PROVE that their service was secure, then that might be worth entertaining. Such PROOF would need to satisy concerns about the handling and passing of data and keys, and securely deleting information when the user requests it to be deleted. Unless they can prove that they are secure, this is an utter joke. Their reputation has been trashed as a result of their unfortunate run in with the three letter orgs. Its a pity.
X
Data might be the new oil, but the data of any one average person is worth almost exactly nothing. Should I charge Google almost exactly nothing for my data?
Where are the keys generated? If they are generated at Google and then transmitted to you, then this doesn't really give additional security. Only if the key is generated on your computer and provably never goes to Google, it gives better security than just trusting Google. Of course that means you have to manage it yourself (back it up — not on the cloud, of course —, copy it onto all of your devices — again, not per cloud synchronization, but either through a direct encrypted connection like ssh, or in a way not involving the internet (e.g. per LAN or USB stick). Any solution that doesn't give you that burden also doesn't give you the associated security.
The Tao of math: The numbers you can count are not the real numbers.
If you manage your own keys and you use a client that isn't written by Google, how does Google get at the decrypted data? As I understand the system there's nothing they could do and they do allow third party clients?
If so it would be a very good reason to insist your cloud data provider is not the same as your OS vendor. In the end though it's your OS vendor you have to trust for everything since they clearly do have (indirect) access to the keys. Another good reason to use Ubuntu rather than Windows or Cyanogenmod/Replicant rather than Android I guess.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I don't understand all the cynical comments about the government forcing Google to decrypt everyone's data.
Would 128-bit AES encryption really bother the NSA that much? Would it even bother a committed hacker that much? If anything, this will just provide Google with a little ass coverage in case they every get hacked by someone other than the NSA.
But seriously, if this is something that you're really worried about, you should be encrypting your online storage yourself. Or better yet, don't store anything online. Even better, don't network a computer that you aren't willing to have hacked. The level of inconvenience goes up with the level of security; everyone needs to decide what will work for themselves.
Tahoe-LAFS is just as free-as-in-beer, yet also free-as-in-speech. Encryption is automatic and I can install it on any workstation.
You say "They don't provide any keys." But if they did, you would have no ability to tell. WOULD YOU? Very simply the internet can no longer be trusted. At all. Ever. It's effectively enclosed and dead.
Shoes for Industry. Shoes for the Dead.
I don't see how anybody could trust them at this point.
AES-128? Really? Why not higher at least? If you want to provide a false sense of security at least up the magic numbers and make it sound harder than just handing over the decrypted data since they obviously have the public and the secret keys.
Google doesn't need to give the keys to anyone if the algorithm is insecure.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
So they finally desided to encrypt users data? So its been unencrypted upto this point? I tough googles prime policy was do no evil? Considering who is looking to spy on you,i would not consider only 128 bit AES secure by any standard. Not to mention google can get unencrypted data to them anyways... Always wondered why every encryption standard in use on internet need to be accepted by NSA first? Most likely becouse NSA wants to make sure they can brake it.
According to TFA and the blog post it's server side encryption. Which, of course, does absolutely nothing for security as the NSA will just get the data before it's encrypted.
If you don't want your data read you encrypt it before sending it to someone else.
"Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage."
is meaningless; In other words, what they are saying is just that you could encrypt your whole file, not that you can encrypt your whole storage remotely?
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Unfortunately, it's THE fate of any large and successful corporation.
if you were in a position to look at the requests and their rationale, you'd agree
If you were a dog, and thought like a dog, you would behave like a dog.
Allow me to rephrase: I think just about any intelligent, reasonable person would look at the warrants in criminal investigations, the subpoenas in civil suits, etc., and find the requests reasonable, appropriate and in the interest of justice and society in general. You know, the 4th amendment allows warrants for a reason... because they make society a better place. National Security Letters... that I'm not so sure about. We need real oversight, and (as mentioned in another article on /. today) we don't have it. But, given appropriate oversight to make sure they're really justified -- meaning that they're directed very specifically at people for whom there is convincing evidence of terrorist or other activity that endangers large numbers of lives -- even NSLs are probably a good thing.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Most of the people will have "google managing their keys". Which means google has both keys and data. Which doesn't really help more than before.
For users who are advanced enough to set their own keys, nothing changed.
Its AES. Its a symmetric-key algorithm. The encryption key is the decryption key. Whats with all the jokes about decryption keys?
And the fact the keys are symmetric and held by Google renders the entire exercise entirely worthless. If Google have the key to encrypt/decrypt data then they can just hand it to the NSA or whomever at the same time they hand over the data.
The proper and correct thing to do is to provide a pluggable API in their client apps that allows an extension running client side to manage the key and encrypt / decrypt the data. And similarly for their cloud APIs for languages like Java.
Google would have absolutely no idea what the data contains and absolutely no way to retrieve it either. It might mean certain functionality in their apps / services is affected in some ways (e.g. encrypted folders are inaccessible via a browser) but I assume they could spell out the consequences and people motivated to encrypt data would recognize those limitations.
"A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.".
First of all NSA lied to congress so how do we know that the Google spokeswomen is not lying also? Secondly if the laws are secret then how does the public know what is in accordance?
Why listen to a known liar?
The damage to their business is irreversible. Google sold out their users rights to privacy and didn't whisper a word about it until they got exposed. And then they lied and got caught again.
"Do Evil." Google's new slogan.
Trolling is a art,
If you strain to look at things in the best possible light, you will figure out there are some scenarios where this helps. And if you take a pessimistic view, I think the conclusion is that this is completely harmless. Unfortunately, it's also very dishonest, so Google earns a demerit anyway, but that's another topic that plenty of people are already going on about. ;-)
Obviously this doesn't protect the data if Google is coerced into giving up the key, or if Marketing decides there might be profiling advantages to be gained in examining the plaintext.
But it does help against certain types of inadvertent leaks or subterfuge. For example, my server's disks are encrypted with a key that is easily available on their boot SSD. If you steal my server you have my data. If you sneak into my server, you have my data. The encryption is starting to sound useless, isn't it?
But if you take a disk and leave the rest of the machine behind, you don't have anything. If I get too many Offline Uncorrectable SMART errors and send you my disk for a warranty replacement, you (nor anyone who intercepts the delivery) don't have my data. The encryption isn't useless; it's just mostly useless. Except that it's useful in what just happens to be the most common scenario, something that happens 3-4 times per year as various disks rotate through UPS' fine delivery service.
If Google is doing something like that, cool. And if they're using iSCSI or something where disk blocks are moving through their own internal network where the attack surface is even larger, and now a sneaky tap on their storage network will start seeing ciphertext instead of plaintext, I say: good!.
It's a bit slimy that Google is announcing this common-sense minor edge-case precaution right now, when the public is thinking about totally different threat models thanks to this years' news stories. And the announcement itself is completely full of bullshit. But nevertheless, look carefully and you really will see something with just a little bit of positive value.
I'll say what I've said before: It's good to fear and act against Big Brother, but the thousand Little Brothers out there are attacking you much more often and overall probably causing us all more long-term average loss. Deal with them, and you'll also be incrementally dealing with Big Brother too, by changing how we think about info security.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I trust them with my unimportant data as its not important if its seen like a book i purchased or a movie ( its still wrong of course ). I also trust them to house my pre-encrypted data, where i hold the key.
---- Booth was a patriot ----
"A Google spokesperson said that the company "does not provide encryption keys to any government."
That is a lie. A big, fat, bald-faced lie. Anyone with two brain cells to rub together knows that Google and every other corporation depends entirely on the benevolence of our despotic dictator to continue operations without "help" from the Department of Injustice.
There isn't even a reason to believe any longer that doing your own encryption protects your data, as it has been demonstrated that the NSA can read the electromagnetic emissions from your PC from hundreds of feet away and know what you are typing, what is going over your network cables, and the data whizzing by on your SATA cables. They can even tell what's in the RAM of your PC after it is turned off (since, after all, RAM is just a big bank of capacitors that discharge very slowly when not refreshed).
There is no privacy anymore. Ever. Anywhere.
Google has the keys to encrypt and decrypt. So I agree, they can still send the my information to NSA without sends the keys. Corporates thinks we are stupid. At least we are not SO stupid....
So we are to beleave a corporation that has lied...numerous times to there customers/stockholders?? HAHAHAHAHHAHAHA I would be more afraid to use any server service no matter who provides it and especially not trust Google. The do no evil corporation thats got caught lieing more then once.
Jack of all trades,master of none
Former NSA Insider Announces AES-128 Vulnerable to Trivial Attack.
Google would have absolutely no idea what the data contains and absolutely no way to retrieve it either.
They could ensure the first n bits of the data are exactly the same (a header, meta data etc) making brute forcing so much easier.
Well that's the point. People would have to decide if the data is worth protecting. If they share it with Google they are essentially sharing it with any government party which has reason to take an interest in it. Maybe that doesn't matter if you're storing weather readings. It might if you are storing personal data about or produced by people.
the essence of zero-value encryption ... I do wonder if this is really changing any minds on the business side, or if their eyes already glaze over at the mention of encryption?
Something clever