Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services

Posted by samzenpus on from the no-snooping-zone dept.

jfruh writes Google Chairman Eric Schmidt told a conference on surveillance at the Cato Institute that Edward Snowden's revelations on NSA spying shocked the company's engineers — who then immediately started working on making the company's servers and services more secure. Now, after a year and a half of work, Schmidt says that Google's services are the safest place to store your sensitive data.

5 of 281 comments (clear)

  1. Re:Under US Jurisdiction? by Overzeetop · · Score: 4, Informative

    Tell that to SpiderOak.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  2. Re:Under US Jurisdiction? by Anonymous Coward · · Score: 5, Informative

    It's not going well for Microsoft. They are requesting data from the servers in Ireland.

  3. Re:Under US Jurisdiction? by shaitand · · Score: 3, Informative

    No but if you got a government request for your keys you'd know about it. If google gets such a request you wouldn't know you were compromised.

    It isn't like they are sending l33t hackers to break in and get the data.

  4. Re:Under US Jurisdiction? by Shadow+IT+Ninja · · Score: 5, Informative

    As I remember, Lavabit was intended to not have the ability to decrypt user data but, in fact, there were at least two ways unanticipated by the designers. One way is to wait until a user logs on again and capture their key. The mistake here was that encryption is performed on the server and not on the user's own machine before sending to Lavabit. The other thing, which is apparently what was requested in the court order, was to give up their private SSL key which the government agencies would then use to decrypt previously captured network traffic and recover the keys of, potentially, every Lavabit user. One issue here is the same as before. They were sending keys over the internet when the only safe way to do it is to keep the storage encryption process entirely client side. The other thing was that they were not using Perfect Forward Secrecy, which would have created a different temporary key for each SSL session and discarded it after transfer. They were using traditional SSL where every transfer going to the server is encrypted with the one public key matching the site's SSL certificate.

    Levison (owner of Lavabit) also made the big mistake of trying to answer the court order himself without getting a lawyer first. He bolloxed the legal argument which is why he ended up getting finded.

  5. Re:Under US Jurisdiction? by shaitand · · Score: 4, Informative

    The government doesn't need to request your account, they can request google's own keys and never tell google what they are actually looking at.