Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes

CWmike writes "Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments — started last year, but accelerated in June following the NSA leaks — is as much about economics as data encryption, experts say. Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained. However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained. 'The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical,' Bruce Schneier, a renowned security technologist and cryptographer, wrote in The Guardian. 'They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.' The NSA's capabilities for cracking encryption are not known outside the agency. However, the most secure part of an encryption system remains the 'mathematics of cryptography,' Schneier said. The greater weaknesses, and the ones mostly likely to be exploited by governments in general, are the systems at the start and end of the data flow. 'I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks.' Is this about citizen's rights, or a business decision (some might say an existential issue) for Google? Does it matter, and will it make a difference?"

Re:Arms race

[fuzzyfuzzyfungus]

Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

- yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

You might be underestimating the influence of the 'lobby furiously' step in American politics:

Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress (Gen. Alexander's star trek paraphernalia and all) and slug it out with the representatives of all the major technology companies who are missing out on sweet foreign contracts because of (accurate) perceptions that they are the US government's little stooges. That isn't unwinnable; but it's a lot less comfortable than just slurping packets in the shadows, or basking in the warm glow of misplaced public confidence that you only go after 'bad people'.

It's not as though the civil libertarians can win this (either the legislative flavor, or the ones who think that their guns will save them); but the NSA has crossed the line into threatening shareholder value. That's serious business, probably Unamerican. We've installed brutal, CIA-backed, military juntas in countries we don't care about for pulling shit like that.

Who watches the watchers?

[gmuslera]

The real point here is not Google giving the NSA your information or not, they are an US based company, they must comply and give all the information requested by the NSA. And, if the used internal encryption is good enough, the only way to get that information will be directly from Google, then Google's will know what the NSA got from them, and they could eventually control (delaying, giving partial or even fake information) what they NSA gets, or store that information for future use (in the case that law gets curious about what is that justice that is everyone talking about)

That don't make Google a friend, but at least a potential enemy of our biggest enemy, and is something to be respected.

Re:Arms race

[Zemran]

Criminals and terrorists do not have a problem getting around the NSA, it is only ordinary people that are being spied on. Anyone organisation that does anything suspect will set up their own DNS with their own TLDs (just like the .onion network) and work away unnoticed, even some companies are already doing this so that they have their own intranet on the internet, all requests for a .com address etc. are just passed on the normal DNS server. They can use their own mail system with as much good encryption as they like and the NSA do not even know it is there or have access if it is in another country. The normal people who are using Hotmail, Yahoo, Gmail etc. are the ones being spied on, even Snowden said this. They say that they are fighting terrorism but that is only to justify what they are doing, they are spying on you and I.