Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Speeding Up New Encryption Project After Latest Snowden Leaks

Posted by samzenpus on from the keep-your-eyes-on-your-own-paper dept.

coolnumbr12 writes "In a new leak published by the Guardian, New York Times and ProPublica, Edward Snowden revealed new secret programs by the NSA and GCHQ to decrypt programs designed to keep information private online. In response to NSA's Bullrun and GCHQ's Edgehill, Google said it has accelerated efforts to build new encryption software that is impenetrable to the government agencies. Google has not provided details on its new encryption efforts, but did say it would be 'end-to-end,' meaning that all servers and fiber-optic lines involved in delivering information will be encrypted."

6 of 248 comments (clear)

  1. Meaningless ... by gstoddart · · Score: 5, Insightful

    Google said it has accelerated efforts to build new encryption software that is impenetrable to the government agencies

    Unless Google is going to devise a crypto system they don't have any access to the keys, this is meaningless.

    Because when those government agencies can walk in the door with a secret warrant and demand the keys, there is nothing Google can do.

    The US lawmakers have essentially made crypto in America irrelevant when any party knows the keys.

    The rest of the world needs to be stepping up their game, but all of their governments want the same ability to spy.

    I fear the US has more or less decided that the entire world should be operating on less security to protect their interests. And I'm not sure why everybody is playing along with that.

    --
    Lost at C:>. Found at C.
    1. Re:Meaningless ... by six025 · · Score: 5, Insightful

      It's far from perfect, but at least Google are trying to do something and it's better than the current status quo.

      It's an admirable goal, but it comes down to trust. How does Google know, or more importantly how do we know, that someone from the NSA has not embedded themselves in the implementation team in order to weaken the encryption or insert a back door?

      At this point it's kinda like introducing time-travel as a plot device to the Star Trek cannon. Once time travel is introduced, absolutely anything is possible. In terms of encryption, hence forth it will be very difficult to trust anything related to computing.

      Peace,
      Andy.

    2. Re:Meaningless ... by Xest · · Score: 5, Insightful

      You're obviously unaware of what's been going on so I'll give you a brief summary.

      The NSA and GCHQ have been spying on absolutely everyone by listening in on and intercepting all data going to and from companies like Google. They haven't been going into these companies with a warrant for everyone, they've been doing all this without a warrant.

      If this no longer works such that they're forced to go in with a warrant then that's still forcing them to take an extra costly and time consuming step that they don't take currently.

      That's WTF I am on about.

  2. Skip TFA by SirGarlon · · Score: 5, Insightful

    I read TFA, and I wish I hadn't. It's just a fanboi gushing about how awesome Google is.

    What it fails to mention is the fundamental tension between developing encryption technology and Google's business model of pervasive surveillance.

    Quotations from Google executives such as:

    "This is a just a point of personal honor," Grosse said. "It will not happen here."

    fail to convince me. I am sure Mr. Grosse means what he says, but his actual ability to follow through on his personal honor is limited. It's the Almighty Dollar that is ultimately calling the shots at Google, or any company.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  3. End-to-end by DrYak · · Score: 5, Insightful

    If the "end-to-end" is correctly implemented, i.e.: not like in the bad definition in the summary (fiber optics and server encrypted), but like usually understood for privacy (i.e.: decrypted form only exist on end-point totally controlled by end users), google, nsa or any other man in the middle doesn't matter.

    That requires 2 important details:

    - sound encryption.
    The maths behind current encryption seem sound. But the implementation must be good too. NSA has notoriously interfered undercover with lots of software development team, leading to bad implementation which could leak data or have predictible key due to broken random generator, etc.
    Opensource is a lot less likely to be tainted as errors are much easier to spot. You don't know what NSA could have hidden in closed source software whithout the knowledge of the software vendors themselves.

    - secure environment.
    There's no point in having the most perfect encryption ever if the NSA could simply bypass it and use a hidden backdoor or abuse an exploit to break into and simply tap the clear message from one of the end points.
    Skype EULA clearly states that they are ready to conform with local law about collaboration with law enforcement (could probably be even implementing wire-taping point). Also I think by now backdoors inside Windows are more or less accepted to be existing in our post-Snowden world.
    Again, opensource software, both user application and the OS on which they are running, would be more difficult to abuse, as backdoors and exploitable bugs would be easier to observe.

    But in a theoretical pefrect wold of rainbow, unicorns, perfect crypto implementation and secure machine, you can then use safely an untrusted network and untrusted servers: data that will transit through them will be always encrypted and meaningless.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  4. US Trust is gone by EmperorOfCanada · · Score: 5, Insightful

    I don't think people outside the US really care if US companies use 10,000 bit quantum spiral elliptical gluon encryption with a half twist of lemon. If the NSA comes to those companies with the Open Sesame court orders then it doesn't matter. This is a massive opportunity for non-US companies to say, "We ignore any pressure from the US." Along with their governments to say, "If a local company gives data to the US government then they go to jail." Put these two together and people will start flocking to their service (assuming it is roughly equal to the US one) so create euromail.eu or whatnot and you've got customers.

    Right now is the time to have a marketing shtick where you tell people that you spend all day every day thinking up ways to keep the NSA away from their data.

    Also this is the time for Linux to strike. The key is that there are two assumptions being made by most people out there. First is that any US company with closed source software has been strong-armed into leaving a back door. Second is that the NSA have broken any common encryption scheme. So if you use the common ones they might as well be plaintext. But if you are able to use opensource obscure encryption schemes then you stand a chance.