Google To Encrypt Cloud Storage Data By Default

jfruh writes "Worries about snooping are now a permanent part of our computing landscape, but Google is attempting to ameliorate those fears by encrypting all data on its Google Cloud Storage service by default. Data is encrypted with 128-bit AES, and you can manage the keys yourself or have Google do it for you. A Google spokesperson said that the company "does not provide encryption keys to any government."" (Also at SlashCloud.)

Lies Lies Lies

Just like how they already lied the first time. Lies Lies Lies. But I don't care. Go ahead and do that NSA thing.

Patriot act?

[hilather]

A Google spokesperson said that the company "does not provide encryption keys to any government.""

As Google is a U.S. based company, I'm pretty sure this is a bald faced lie due to the "Patriot Act".

does not provide encryption keys

Until they receive a National Security Letter and a gag order to boot.

Re:what about decryption keys

They don't provide any keys. They provide the decrypted data.

What does this mean exactly?

[synir]

"A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law."

What does this mean, exactly? That they would provide encryption keys in accordance with the law? That they could?

A robust system would mean the hosting company wouldn't be more able to decypher encrypted damage than anyone else. Are they offering that?

Call me paranoid

[TubeSteak]

"If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," Barth wrote. "We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing."

That sounds meaningless.
All that it prevents is interception of data to/from your computer.
It does nothing to stop the NSA from requesting your data from Google, who would control your encryption keys.

A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.

Which is exactly my point. If they control your key, they have access to your data.

TFA

[PPH]

Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.

Which is how it should all be done. Relying on Google's honesty, or some Google employee who doesn't want his fingers broken one by one, is just false security.

Fool me once....

[larry+bagina]

Given what we know about the NSA, NSLs, and Lavabits, " [we do] not provide encryption keys to any government" is a worthless statement. With an NSL, Google will turn over everything and won't be able to say anything about it. With an NSL, Google will be required to lie (like claiming data is encrypted when it's not). Lavabits received an NSL and chose to shut down rather than honor it and sell out their customers. Google compiles with their NSLs.

You cannot trust Google or the cloud with your data.

Re:Fool me once....

[tftp]

You cannot trust Google or the cloud with your data.

If you store your data in the cloud, it means that:

• The 3rd party knows that you have some data stored, and they know its size, and they know how often you modify it or add to it. The observer does not need to have access to your private key to see that.
• You can never be sure that the data that you deleted was in fact deleted. In most cases, due to existence of tiered backups, it will take a long time to purge your data from an honestly operated system. If the system is ran by a Google-like entity, nothing ever gets deleted.
• If the observer wishes to decrypt your data, they can always use the $5 wrench, or (if they want to stay undetected) they can send people to duplicate your HDD or to install a keylogger.

The best way to store your data is on your own HDD, encrypted. The observer still can break into your house, but they would have to do it without any information leading to that. (Such as they wouldn't know that you even have a computer, let alone how often you modify certain files.) Modern terabyte drives (USB 3.0 or eSATA) remove every reason to bother with cloud storage - unless you want an additional bottleneck in form of the Internet link and a bunch of additional vulnerabilities, often for a small extra fee. Most people would be perfectly happy with an encrypted USB Flash disk (IronKey etc.) that they can always carry with them.

THIS IS NOT GOOGLE DRIVE

[Nimey]

This is not Google Drive that's getting automatic encryption, it's their Cloud Storage, which is only available to developers.

Re:what about decryption keys

That's funny, because here I thought that Google's Cloud Storage was going to be hosted in NSA's new data center. Brilliant really. Why bring the NSA to you when it's less trouble to let the NSA host your shit for you.

Re:what about decryption keys

[Znork]

According to TFA and the blog post it's server side encryption. Which, of course, does absolutely nothing for security as the NSA will just get the data before it's encrypted.

If you don't want your data read you encrypt it before sending it to someone else.