Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes

Posted by Soulskill on from the or-at-least-get-the-public-relations-departments-some-more-work dept.

CWmike writes "Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments — started last year, but accelerated in June following the NSA leaks — is as much about economics as data encryption, experts say. Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained. However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained. 'The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical,' Bruce Schneier, a renowned security technologist and cryptographer, wrote in The Guardian. 'They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.' The NSA's capabilities for cracking encryption are not known outside the agency. However, the most secure part of an encryption system remains the 'mathematics of cryptography,' Schneier said. The greater weaknesses, and the ones mostly likely to be exploited by governments in general, are the systems at the start and end of the data flow. 'I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks.' Is this about citizen's rights, or a business decision (some might say an existential issue) for Google? Does it matter, and will it make a difference?"

51 of 216 comments (clear)

  1. Arms race by udachny · · Score: 5, Insightful

    Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

    - yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

    --
    MY OTHER COMMENTS
    1. Re:Arms race by fuzzyfuzzyfungus · · Score: 5, Interesting

      Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

      - yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

      You might be underestimating the influence of the 'lobby furiously' step in American politics:

      Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress (Gen. Alexander's star trek paraphernalia and all) and slug it out with the representatives of all the major technology companies who are missing out on sweet foreign contracts because of (accurate) perceptions that they are the US government's little stooges. That isn't unwinnable; but it's a lot less comfortable than just slurping packets in the shadows, or basking in the warm glow of misplaced public confidence that you only go after 'bad people'.

      It's not as though the civil libertarians can win this (either the legislative flavor, or the ones who think that their guns will save them); but the NSA has crossed the line into threatening shareholder value. That's serious business, probably Unamerican. We've installed brutal, CIA-backed, military juntas in countries we don't care about for pulling shit like that.

    2. Re:Arms race by Mitreya · · Score: 2

      Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress

      That may be, but it is pretty obvious that Google has no interest in fighting that battle. They are making some noises now that it became apparent that they handed over the data -- but I have little reason to believe they are going to invest in a real fight (and maybe it isn't their responsibility).

      Based on the previous post on slashdot, tech companies are fighting furiously to report the "total number of NSA requests" they complied with. Once they win, all will be well in the world.

    3. Re:Arms race by Zemran · · Score: 5, Interesting

      Criminals and terrorists do not have a problem getting around the NSA, it is only ordinary people that are being spied on. Anyone organisation that does anything suspect will set up their own DNS with their own TLDs (just like the .onion network) and work away unnoticed, even some companies are already doing this so that they have their own intranet on the internet, all requests for a .com address etc. are just passed on the normal DNS server. They can use their own mail system with as much good encryption as they like and the NSA do not even know it is there or have access if it is in another country. The normal people who are using Hotmail, Yahoo, Gmail etc. are the ones being spied on, even Snowden said this. They say that they are fighting terrorism but that is only to justify what they are doing, they are spying on you and I.

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    4. Re:Arms race by Anonymous Coward · · Score: 3, Insightful

      That's one of the (unofficial) goals, population control. For that they track connections (so called metadata), in realtime can track and activate cellphones. So if there occupy-something is going on it easy to track who participates and who may be connected. Simply by checking phone locations and calls, and history. More important having private data NSA (or whatever agency or individual has access) can convince key person to "cooperate". It can be CEO or ordinary engineer. And yes, no way to complain, secret court and pocked judges are for this. System "works" and lives its own life. There is probably no one in charge, but many who use and abuse it. The way it evolves soon it will be used for targeted crowd control. To take out the leaders like ruling parties do in Russia and China, and many other countries.

    5. Re:Arms race by FriendlyLurker · · Score: 3, Insightful

      tech companies are fighting furiously to report the "total number of NSA requests" they complied with.

      Considering that those requests are "extras" on top and in addition to the NSA's always on access to the backend servers (as per Prism docs), then even if they win that fight it will be little comfort. All the "total number of NSA requests" tell us is that after looking through all the users stored emails and search profiles the NSA then decided to put in an extra request to track a users search keystroke and other front end data.

  2. That's a relief by theweatherelectric · · Score: 5, Insightful

    Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments

    So.. the only organisation conducting invasive surveillance of my Internet activity will be Google? I'm most relieved.

    1. Re:That's a relief by bhagwad · · Score: 2

      At least you have a choice to not use Google's products. I would much rather Google had access to my data than the government.

    2. Re:That's a relief by Architect_sasyr · · Score: 3, Insightful

      It's not much of a choice - over 65% of the 10,000 most visited websites use jQuery (for example). If you want a semi-decent web experience, giving up on Google is particularly difficult. I don't imagine that it is impossible (queue hater geeks who get away with it), but it's not going to be easy.

      --
      Me failed English...
      FreeBSD over Linux. If my comments seem odd, this may explain...
    3. Re:That's a relief by Architect_sasyr · · Score: 2

      Sure, and I agree totally, unfortunately we can not convince others how to host their sites. I use jQuery on my sites, for example, and host the files myself. However, and especially with the advent of "cloud" computing, I have found this to be less and less the case. Google Analytics are another good example - people don't use AWStats (or similar) as much because Google does it all for them.

      Great business model, terrible for privacy advocates.

      --
      Me failed English...
      FreeBSD over Linux. If my comments seem odd, this may explain...
    4. Re:That's a relief by PRMan · · Score: 5, Informative

      I use NoScript to block Google Analytics. It's amazing how much faster the web is when you do that.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    5. Re:That's a relief by peppepz · · Score: 2

      That's the only reason they're making all this hand-waving: have their customers believe that their data is safe with them - even when obviously it isn't the case - in order to reduce the damage to their revenue. Google's core business model lies in harvesting, analysing and storing massive amounts of user data. This depends entirely on Google's ability to have access to that data unencrypted. NSA and the likes will always share that ability with Google - or be a piece of paper away from acquiring it - so talking about encrypting the "pipes" while retaining the key to the data is pure gimmick.

    6. Re:That's a relief by swillden · · Score: 2

      Great business model, terrible for privacy advocates.

      Is it really? Assuming Google does a good job of protecting user data (it does) and doesn't sell or otherwise distribute it to others (it doesn't, except as required by law*), then where is the harm to user privacy? Does it harm you to see ads that are relevant to you, rather than random ads?

      * I think we currently have a problem with laws that compel companies to hand over too much, but that's a flaw in our laws, and one we should fix.

      (Disclaimer: I work for Google, though I don't speak for Google and they don't speak for me.)

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  3. Certain content delivery networks already do this by kriston · · Score: 2

    Certain content delivery networks already do this. For decades.

    I find it hard to believe that Google was really not encrypting its non-client ingress/egress traffic.

    --

    Kriston

  4. Plain text is still the prize by AHuxley · · Score: 2

    The plain text is still not legally protected under a NSL/hidden self-signed "court" at the advertising keyword end.
    The metadata is still not legally protected under a NSL/hidden self-signed "court" as sent.
    The mathematics of cryptography is great PR along the tube but reality sets in at the end of the tube again.
    http://www.slate.com/blogs/future_tense/2013/09/09/shifting_shadow_stormbrew_flying_pig_new_snowden_documents_show_nsa_deemed.html
    STORMBREW and FLYING PIG show some insights into router and covert data redirection, the use of fake security certificates and the results been unencrypted.
    Also note the bypassing (man-in-the-middle) ability via security certificates aspect.

    --
    Domestic spying is now "Benign Information Gathering"
  5. Not a solution. by LWATCDR · · Score: 5, Insightful

    A technological solution will never work. The NSA had court orders and gag orders. While the NSA doing this does not shock or bother me the idea that you can stop them with technology is just silly. Human spies will get around that as they always have.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    1. Re:Not a solution. by JanneM · · Score: 5, Insightful

      "Human spies will get around that as they always have."

      Security has never been about _absolute_ security, but simply about making it too expensive, dangerous or time consuming for an adversary to bother. We don't all live in bank vaults, after all; we don't need that much security for the kind of possessions we keep at home.

      Schneiers point is the same: we don't need so much security the NSA could never get to our data. We just need enough security - and need enough of us to use it - that the effort to routinely record what we all are up to exceeds their capability of doing so. They do not have an infinite budget, or infinite man-hours.

      Make routine surveillance not impossible but too expensive, that's the name of the game.

      --
      Trust the Computer. The Computer is your friend.
    2. Re:Not a solution. by LWATCDR · · Score: 2

      The solution is change administrations and tighten the law. People are more than a bit foolish in that they see spying as a bad thing. For instance spying kept the Cuban Missile Crisis from getting out of hand. Spying prevented the UBoats from starving the UK into surrender. We just don't want too much spying. As I said the tech will never be the solution in the US. You need a political solution.
      Even if we had a perfectly balanced system it would never make the tinfoil hat crowd happy. BTW odds are if your internet traffic goes overseas at all and possibly even if it does not the Russians and Chinese are also looking at it.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    3. Re:Not a solution. by JanneM · · Score: 2

      As I'm not a US citizen and do not live in the US, it's all but certain that any political solution there will do nothing for me. And as you say, the NSA is not the only one listening anyhow. Making it too costly and difficult, and encouraging as many people as possible to do the same, is the way to go.

      --
      Trust the Computer. The Computer is your friend.
    4. Re:Not a solution. by AlphaWoIf_HK · · Score: 2

      Neither freedom nor the constitution are negotiable; there is no "balanced system" except one where innocent people aren't spied on.

      --
      Da derp dee derp da teedly derpee derpee dum. Rated PG-13.
    5. Re:Not a solution. by LWATCDR · · Score: 2

      That is a myth. The IRBMs in Turkey did not increase the threat to the USSR in any significant way. It is just a way that folks like the shift blame. The US already had Atlas, Titan, Titan II, and Polaris in service with Minuteman entering service. At the time and all could strike the USSR while USSR had no effective means of striking the US as the BIson lacked the range and performance and the R-7 took days to prepare for launch. The IRBMs in Turkey where going to be retired because they where not cost effective or a good weapons system. Same thing with the Thor systems in the UK which were also retired at the same time as the Jupiters even though they were not part of the deal. Removing the Jupiter systems was a bone thrown to the USSR and nothing more.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  6. Disinformation by xtronics · · Score: 3, Insightful

    To me it was obvious from the start that Google was founded with borrowed search algorithms that had been honed for a different purpose: finding connections in intercepts. So now they are trying to sell that they will have crypto that is out of reach from an agency that they are in bed with? They PAY Google some undisclosed excessive amount to provide information. It is a profit center. I'm not even sure if Google is really a public company. (The name may have come from a joke about 'G'overnment 'OOGLing' )

    Why would anyone believe they are on the publics side?

    1. Re:Disinformation by u38cg · · Score: 4, Insightful

      You had me up to the point where you seriously suggest the government could successfully run a billion+ dollar profitable business.

      --
      [FUCK BETA]
  7. Becoming uncivilized by Neo-Rio-101 · · Score: 4, Insightful

    "Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men."

    ~ Ayn Rand

    --
    READY.
    PRINT ""+-0
    1. Re:Becoming uncivilized by flayzernax · · Score: 2

      Cute comment. But if this is any indication of our civility.

      We are all savages. I'm ready to go savage to the max. Because its disgusting the state our society is in. Just looking for an ISP on their home pages is all it takes.

      Our species is in dire need of some house cleaning. And yep. I would gladly sacrifice my life if the future of the human race isn't guided in this direction and is strengthened through adversity. Its the same thing as fighting and dieing for your freedom from an empire who taxes you without representation.

    2. Re:Becoming uncivilized by the+eric+conspiracy · · Score: 2

      That seems rather wrong to me. Civilization is defined as the development of the city, along with writing and a shared ceremonial center.

      Cities clearly require interaction between people on a larger scale than in a pre-civilized culture. With that larger scale goes loss of anonymity across that larger scale.

      While in a band man is only known by other men in the band, and that's it. On a global civilization connected by the internet the scale is the planet.

    3. Re:Becoming uncivilized by Samantha+Wright · · Score: 5, Insightful

      It's a good soundbite, the idea of mutual respect as a civilized accomplishment—but Rand oversteps. The very cornerstones of civilization are the same as the rules of that tribe; without it, you have something entirely more primitive: solitary animals and the complete abolishment of culture. It is alas a rather tawdry thought that betrays Rand's education, no matter how elaborate the clothes.

      Strive for a balance. It's no more unattainable an ideal than an extreme like total freedom or total cooperation. There are, believe it or not, ways in which complete privacy is not optimal. Some small degree of intrusion is always necessary, both psychologically and for safety.

      In this case, I am completely on the side of recovering privacy, as these violations are gross and driven by ignorance, paranoia, and greed. They are massively inexcusable, and if I were south of the border I would probably have turned to a career of being a crazy social activist when I was an undergrad.

      Schneier hit the nail on the head last week when he pointed out the real issue, though, and I hope you'll agree with me that it is a much bigger priority than the collateral privacy loss itself. Bureaucratic and political need to save face and to manage risk has grown out of control. The post-9/11 culture of safety has led to oppression in every conceivable security-related corner, as well as moves of "me-too" safety fetishism in totally unrelated areas.

      The enemy here isn't just a big government, though; it's the individuals in these organisations, departments, and legislative bodies trying to protect themselves and their careers. It's an insurrection of selfishness, regardless of who the campaign promises are designed to appeal to. Without arguing over the rightness of the system, it is at least plain that these people are horrifically mismatched to the jobs they hold, and they need to be very specifically shamed if the fundamental shift they caused is to be reversed. An Edward R. Murrow would really fit the bill right about now.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    4. Re:Becoming uncivilized by Samantha+Wright · · Score: 2

      I think it would be better if we could create an environment where no one felt a need to become a recluse in response to social or developmental troubles. Hiding as a coping mechanism means there's something wrong.

      Just to be clear: I didn't mean to suggest that spending a large part of your day alone is an issue. (I do that!) I'm talking about total self-isolation—recluses in the proper sense. Not genetic oddities with an inborn disposition against any social contact, just the garden variety hermit.

      Avoiding all social contact in such cases might be evidence of a bad situation, dissimilar friends, or a traumatic experience. Some people can handle and recover from these situations, others can't. The same goes for depression and many other mental disorders; they're are difficult topics that most people can't really self-diagnose and handle properly on their own. And yet, they can be solved trivially if someone else is around and looking for signs of discomfort.

      Ultimately, this comes down to a safety concern; I don't think that privacy should not extend to mental health problems that aren't self-correcting or easily manageable. There are over a million young people in Japan who are recluses because they can't keep up with academic and social expectations, and this group has a notably higher suicide rate. Being a recluse means no one can reach out to you. No one can be there to help you stop yourself.

      And maybe it isn't outright suicide—maybe the cost is something else, like your creativity or intelligence going underutilized. Even Ayn Rand thinks that's wrong.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    5. Re:Becoming uncivilized by N1AK · · Score: 2

      Cities clearly require interaction between people on a larger scale than in a pre-civilized culture. With that larger scale goes loss of anonymity across that larger scale.

      Anonymity can't be measured that simplistically. If I lived in a city then hiding an affair is far simpler than in a village where everyone knows everyone. I could walk into 5 different hardware shops and buy bomb making supplies with cash and it would be far less likely to be spotted than in a small village with only one shop. If I go away for a couple of days no one in my city would bat an eyelid, in a village an unexplained absence of one of the small population would be noticed.

      Conversely, living in a city means that what I am doing is being observed by far more people. Currently that is largely meaningless as the information isn't tied together, however as linking that information together and to me as an individual the balance changes entirely.

      I suppose what I am saying is that in a village you are less observed but less anonymous. In a city you are more observed but also more anonymous, until someone has a reason to put the work in to tie the observations together (and the observations continue to increase and tying it together is becoming easier).

  8. It's a PR effort by Anonymous Coward · · Score: 2, Insightful

    "Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.'"

    No it isn't. China wanted you to backdoor in China and you left China, USA wanted you to backdoor in the USA and you complied Eric. It's not an arm race when a secret letter is all it takes to get your data. Just after PRISM leaks, we learned they started to demand the keys too. In effect expanding surveillance of your services to 100% coverage while reducing the use of PRISM. Is *that* an arms race? No, it's a PR scam. It would let you Google, Microsoft, Facebook, Yahoo pretend surveillance had reduced (in PRISM) when in fact it had become total (via intercept).

    Also don't kid us that it's only for terrorism. All the NSA does when it wants to spy on anyone, is stick an agent provocateur on the form to post a threat. That gives it the excuse it needs to then spy on everyone in the forum, and their friends and families using the 3-steps deep rule. Twenty million queries a month!

    How about you come clean on Cloud Print? That data goes through your servers and can be matched to users data, I bet you give NSA that too?

    It's entirely about PR, trying to regain lost trust, WHILE THE STASI ARE STILL LIVING IN YOUR HOUSE. The best defense is to not visit your house!

  9. I will believe ... by Taco+Cowboy · · Score: 5, Insightful

    I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.

    No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:I will believe ... by niftymitch · · Score: 3, Interesting

      I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.

      No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.

      Google has seen so very many attacks on its infrastructure that all links are now or will soon be encrypted.

      Rumors are that Google is also large enough to distribute secret keys to the end point devices and can even
      manage building to building and room to room encrypted data links.

      I am of the opinion that Google is under pressure from TLA organizations to protect its resources as a mater of national
      security. i.e. penetration from China, Iran, Korea, Cuba needs to be stopped. The capability to stop industrial
      and international agents has the side effect of stopping or slowing down US agencies.

      Those agencies are well armed with paper and via legal process can get that which is needed.

      There is a lesson here. Do not obstruct US national TLAs but protect fully from international and industrial
      attacks and you will be in as good a legal situation as possible. Secret orders are a tangle. Validating
      that a secret order is a valid order risks divulging the secret order to the degree that it pays to not act on
      or acknowledge the order that cannot be verified as it may well be an elaborate phishing attack by a foreign
      agency with deep pockets. OK that may not be practical but the point is that becoming the target of
      international agents unfriendly to the US is very possible and astoundingly possible. Physical, technical
      and social attacks are very possible...

      Since I am not an attorney none of what I said can be construed as advice. Do get advice in
      advance of the need for advice when adversarial stuff is flying hither and yon and clear thinking
      and communication is impossible.

      --
      Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
    2. Re:I will believe ... by hutsell · · Score: 4, Informative

      I believe that Google already has craploads of servers local to their customers. That is how they work. They have servers in America for ... Americans. They have them in Europe and many other places as well.

      Google does have crap-loads of servers worldwide, localized into 7 different regions, 2 in North America; an eight region was recently activated during the last year or so. IIRC, the regionalization allows the data centers as a whole to never experience a sunset; also, the data itself being redundant, is optimized locally to minimize delays.

      --
      Yesterday's Weirdness is Tomorrow's Reason Why
    3. Re:I will believe ... by rvw · · Score: 2

      I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.

      No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.

      They would make a good start by setting up and funding an organisation outside of US jurisdiction, so completely independent of Google. If that organisation would create this new encryption software, protocol or standard, that would be a good sign to the rest of the world about Google intentions.

    4. Re:I will believe ... by Anonymous Coward · · Score: 2, Insightful

      So now they just have to partition the data.

      US customer data is present ONLY on US based servers.

      Non-US data is not ever touching the US servers.

      NSA can go snoop the US servers as much as the US citizens allow. I couldn't care less.

      NSA can try to snoop out-of-US servers as much as local govt. allows but most likely can't just waltz in invoking national security yadda yadda.

      Not expecting them to do this. And they really cannot prove that they would be doing this, even if they claimed so.

      Any company that has any server presence inside US is currently going to be assumed to be leaking all that data directly to US spooks. Enjoy. US = Nazi Germany.

    5. Re:I will believe ... by josephtd · · Score: 2

      Here's the problem with your argument.... In most cases it is becoming apparent that data is being collected outside the established rules of the road. You are quite naive if you believe that intelligence and law enforcement agencies are somehow "better" in the EU member states. Just to refresh your memory, some of those same EU member states accepted prisoners for enhanced interrogation methods.

    6. Re:I will believe ... by FatLittleMonkey · · Score: 2

      Maybe call it GoogleNSA.

      Ticker code GOON?

      --
      Science is all about firing a drunk pig out of a cannon just to see what happens.
  10. Meaningless by comrade1 · · Score: 2, Interesting

    As long as the data is in the u.s. and subject to government subpoena this is meaningless. Depending on how google is structured they could move their data centers outside the u.s. and not have it subject to secret orders. Switzerland would be a great place as they have strict data protection laws.

  11. Who watches the watchers? by gmuslera · · Score: 5, Interesting

    The real point here is not Google giving the NSA your information or not, they are an US based company, they must comply and give all the information requested by the NSA. And, if the used internal encryption is good enough, the only way to get that information will be directly from Google, then Google's will know what the NSA got from them, and they could eventually control (delaying, giving partial or even fake information) what they NSA gets, or store that information for future use (in the case that law gets curious about what is that justice that is everyone talking about)

    That don't make Google a friend, but at least a potential enemy of our biggest enemy, and is something to be respected.

  12. Am I missing something? by Anonymous Coward · · Score: 5, Funny

    If my taxes pay for the NSA and using encryption will cost the NSA more money to decrypt. Then I'll have to give up more of my money to them decrypt my messages?

  13. Frankly I'm more worried about Google by Anonymous Coward · · Score: 2, Interesting

    and what they will do with what they know about me from about 1000 different channels, digital, clickstream, email text, inbound, outbound, print, video, audio, call records, transaction histories, demographic data, geneological histories, all carefully indexed and archived and MapReduce'd and data mined for moment-by-moment behavorial patterns.

    Have you ever bought anything from Google as a consumer? No? Then how do you think they keep 35,000 pampered employees on the payroll with a million servers running 24x7 answering search queries from around the world?

    The NSA, after all, is a bunch of guys with comfortable guaranteed (?) lifetime careers working for the Federal Government. How good can they be?

  14. This is not about technology. Its about trust. by openthomas · · Score: 2

    The NSA keep trying the same old trick. They want to orchestrate mass adoption of a system that appears secure but isn't. Somewhere in the technology stack there's a backdoor allowing the NSA access to the plaintext. We know what the NSA's two agendas are and its a huge conflict of interests for them to release a encryption system that they cannot themselves break. Even if the code appears secure they have rigged modern hardware to leak keys through side channels. _Of course_ Google's new system will be backdoored and _of course_ Google will be gagged. Google can never be trusted again. No matter what they say. The NSA are behind this. They are trying to provide a solution through Google because they fear people will move to develop a variety of encryption algorithms and products which will be expensive to analyze and break and automate surveillance of. Obscurity != Security but its fucking expensive.

  15. Trying to win back users trust? by LostMonk · · Score: 2

    This is good business for Google.
    If matters stay as they are now, users will leaving by droves when a non-american alternative present itself (and it will appear. people will not miss this opportunity). Rather than trying to defend it's data, Google must win back users trust or it wont stay in business for long.
    The same can be said for most big american software and internet companies.

  16. I'm putting all my money into... by Jimbookis · · Score: 5, Funny

    ... factories that make $5 wrenchs. I heard they are set to make a killing soon.

  17. Google is in partnership with the NSA by seandiggity · · Score: 4, Insightful

    This is a joke and amounts to nothing but a smoke screen. We now know that Google is an active partner of the NSA and the U.S. government...we should treat them *as* the NSA. What does any of this matter when Google has whole division(s) dedicated to preparing data for use by the NSA. They'll give keys, they'll give data, they'll give metadata, they'll give educated guesses, they'll prepare 3D topographic maps about that data.

    --
    Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
  18. Bullshit by AbRASiON · · Score: 2

    You can encrypt all you like, if there's a backdoor made for people to access, it's meaningless.

  19. Re:PRISM compliant by AHuxley · · Score: 2

    Make a "PRISM compliant" sticker :)

    --
    Domestic spying is now "Benign Information Gathering"
  20. So is the company mandating real names in G+... by jotaeleemeese · · Score: 2

    ... going to fight the surveillance state?

    In *our* behalf?

    Allow me the following outburst. Ha,ha,ha.

    --
    IANAL but write like a drunk one.
  21. Protect their markets... by Kazoo+the+Clown · · Score: 2

    If people are inclined to choose other more secure options for email, Google could lose customers. Furthermore, if Google isn't privy to your unencrypted traffic in some way, there's no info to collect for targeted advertising. So Google has some motivation to take charge of the encryption...

  22. Yes and no by Weezul · · Score: 3, Insightful

    Google is against anything that makes people not trust Google, including the NSA. Google would happily keep all your data secret, except from their own advertising algorithms. but Google would also sell your data to the NSA for what they consider "fair market value", which given the preceeding is a lot higher than the NSA wants to pay for it.

    Google pays a computational price for encrypting your data, but it's worth it if either
    (a) the NSA is now forced to buy your data from Google, instead of stealing it like they currently do, or
    (b) people trust Google more as a result.

    Google wants to publish the number of NSLs it receives to (a) make people feel more confident and (b) make the NSA, DEA, FBI, etc. evaluate more carefully the data they request. Why is (b) good for Google's bottom line? I think, if the agencies are spending more personnel time on the data they request, that data appears even more important, so Google can charge more for the data the agencies really want, while incurring less risk.

    Google is still a company, but it's a company run by a founder. Founders almost always make them behave much less like psycopaths than Wall St CEOs.

    --
    The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
  23. Network Layer Encryption by ironicsky · · Score: 2

    I've never understood why encryption isn't already built in to everything we do in modern technology. As far as I am concerned the network card in your computer should generic a one-time public/private key pair for EACH connection it is making or receiving. The public key is transmitted to the other network device which uses it to encrypt the data to get sent back. Once a connection is closed the keys, salts, and other information is destroyed.

    It would take a little extra computation on the hardware to make it happen, but the storage requirements for keeping the keys is minimal since each key would, in theory on exist for a few minutes before a connection is closed, and in the case of web traffic, a few seconds.

    We could do a way with all sorts of things, like OS level encryption if it was built in by default - or keep it, and add a 2nd level of complexity to the data.