Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes

Posted by Soulskill on from the or-at-least-get-the-public-relations-departments-some-more-work dept.

CWmike writes "Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments — started last year, but accelerated in June following the NSA leaks — is as much about economics as data encryption, experts say. Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained. However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained. 'The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical,' Bruce Schneier, a renowned security technologist and cryptographer, wrote in The Guardian. 'They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.' The NSA's capabilities for cracking encryption are not known outside the agency. However, the most secure part of an encryption system remains the 'mathematics of cryptography,' Schneier said. The greater weaknesses, and the ones mostly likely to be exploited by governments in general, are the systems at the start and end of the data flow. 'I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks.' Is this about citizen's rights, or a business decision (some might say an existential issue) for Google? Does it matter, and will it make a difference?"

7 of 216 comments (clear)

  1. Re:Arms race by fuzzyfuzzyfungus · · Score: 5, Interesting

    Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

    - yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

    You might be underestimating the influence of the 'lobby furiously' step in American politics:

    Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress (Gen. Alexander's star trek paraphernalia and all) and slug it out with the representatives of all the major technology companies who are missing out on sweet foreign contracts because of (accurate) perceptions that they are the US government's little stooges. That isn't unwinnable; but it's a lot less comfortable than just slurping packets in the shadows, or basking in the warm glow of misplaced public confidence that you only go after 'bad people'.

    It's not as though the civil libertarians can win this (either the legislative flavor, or the ones who think that their guns will save them); but the NSA has crossed the line into threatening shareholder value. That's serious business, probably Unamerican. We've installed brutal, CIA-backed, military juntas in countries we don't care about for pulling shit like that.

  2. Meaningless by comrade1 · · Score: 2, Interesting

    As long as the data is in the u.s. and subject to government subpoena this is meaningless. Depending on how google is structured they could move their data centers outside the u.s. and not have it subject to secret orders. Switzerland would be a great place as they have strict data protection laws.

  3. Who watches the watchers? by gmuslera · · Score: 5, Interesting

    The real point here is not Google giving the NSA your information or not, they are an US based company, they must comply and give all the information requested by the NSA. And, if the used internal encryption is good enough, the only way to get that information will be directly from Google, then Google's will know what the NSA got from them, and they could eventually control (delaying, giving partial or even fake information) what they NSA gets, or store that information for future use (in the case that law gets curious about what is that justice that is everyone talking about)

    That don't make Google a friend, but at least a potential enemy of our biggest enemy, and is something to be respected.

  4. Frankly I'm more worried about Google by Anonymous Coward · · Score: 2, Interesting

    and what they will do with what they know about me from about 1000 different channels, digital, clickstream, email text, inbound, outbound, print, video, audio, call records, transaction histories, demographic data, geneological histories, all carefully indexed and archived and MapReduce'd and data mined for moment-by-moment behavorial patterns.

    Have you ever bought anything from Google as a consumer? No? Then how do you think they keep 35,000 pampered employees on the payroll with a million servers running 24x7 answering search queries from around the world?

    The NSA, after all, is a bunch of guys with comfortable guaranteed (?) lifetime careers working for the Federal Government. How good can they be?

  5. Re:Arms race by Zemran · · Score: 5, Interesting

    Criminals and terrorists do not have a problem getting around the NSA, it is only ordinary people that are being spied on. Anyone organisation that does anything suspect will set up their own DNS with their own TLDs (just like the .onion network) and work away unnoticed, even some companies are already doing this so that they have their own intranet on the internet, all requests for a .com address etc. are just passed on the normal DNS server. They can use their own mail system with as much good encryption as they like and the NSA do not even know it is there or have access if it is in another country. The normal people who are using Hotmail, Yahoo, Gmail etc. are the ones being spied on, even Snowden said this. They say that they are fighting terrorism but that is only to justify what they are doing, they are spying on you and I.

    --
    I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
  6. Re:I will believe ... by niftymitch · · Score: 3, Interesting

    I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.

    No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.

    Google has seen so very many attacks on its infrastructure that all links are now or will soon be encrypted.

    Rumors are that Google is also large enough to distribute secret keys to the end point devices and can even
    manage building to building and room to room encrypted data links.

    I am of the opinion that Google is under pressure from TLA organizations to protect its resources as a mater of national
    security. i.e. penetration from China, Iran, Korea, Cuba needs to be stopped. The capability to stop industrial
    and international agents has the side effect of stopping or slowing down US agencies.

    Those agencies are well armed with paper and via legal process can get that which is needed.

    There is a lesson here. Do not obstruct US national TLAs but protect fully from international and industrial
    attacks and you will be in as good a legal situation as possible. Secret orders are a tangle. Validating
    that a secret order is a valid order risks divulging the secret order to the degree that it pays to not act on
    or acknowledge the order that cannot be verified as it may well be an elaborate phishing attack by a foreign
    agency with deep pockets. OK that may not be practical but the point is that becoming the target of
    international agents unfriendly to the US is very possible and astoundingly possible. Physical, technical
    and social attacks are very possible...

    Since I am not an attorney none of what I said can be construed as advice. Do get advice in
    advance of the need for advice when adversarial stuff is flying hither and yon and clear thinking
    and communication is impossible.

    --
    Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
  7. Re:I will believe ... by Anonymous Coward · · Score: 0, Interesting

    If that was really a consideration they would leave today as most of their users are already outside of the USA. Only and American would think that America is the world...

    And only an idiot would think that the US doesn't effectively run the world. I'm not saying that's a good thing or a bad thing. It just is. Grow some critical thinking skills.