Forgot your password?
typodupeerror
Google Encryption Government Privacy

Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes 216

Posted by Soulskill
from the or-at-least-get-the-public-relations-departments-some-more-work dept.
CWmike writes "Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments — started last year, but accelerated in June following the NSA leaks — is as much about economics as data encryption, experts say. Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained. However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained. 'The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical,' Bruce Schneier, a renowned security technologist and cryptographer, wrote in The Guardian. 'They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.' The NSA's capabilities for cracking encryption are not known outside the agency. However, the most secure part of an encryption system remains the 'mathematics of cryptography,' Schneier said. The greater weaknesses, and the ones mostly likely to be exploited by governments in general, are the systems at the start and end of the data flow. 'I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks.' Is this about citizen's rights, or a business decision (some might say an existential issue) for Google? Does it matter, and will it make a difference?"
This discussion has been archived. No new comments can be posted.

Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes

Comments Filter:
  • Arms race (Score:5, Insightful)

    by udachny (2454394) on Tuesday September 10, 2013 @09:04PM (#44815457) Journal

    Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

    - yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

    • Re:Arms race (Score:5, Interesting)

      by fuzzyfuzzyfungus (1223518) on Tuesday September 10, 2013 @09:48PM (#44815721) Journal

      Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

      - yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

      You might be underestimating the influence of the 'lobby furiously' step in American politics:

      Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress (Gen. Alexander's star trek paraphernalia and all) and slug it out with the representatives of all the major technology companies who are missing out on sweet foreign contracts because of (accurate) perceptions that they are the US government's little stooges. That isn't unwinnable; but it's a lot less comfortable than just slurping packets in the shadows, or basking in the warm glow of misplaced public confidence that you only go after 'bad people'.

      It's not as though the civil libertarians can win this (either the legislative flavor, or the ones who think that their guns will save them); but the NSA has crossed the line into threatening shareholder value. That's serious business, probably Unamerican. We've installed brutal, CIA-backed, military juntas in countries we don't care about for pulling shit like that.

      • by Mitreya (579078)

        Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress

        That may be, but it is pretty obvious that Google has no interest in fighting that battle. They are making some noises now that it became apparent that they handed over the data -- but I have little reason to believe they are going to invest in a real fight (and maybe it isn't their responsibility).

        Based on the previous post on slashdot, tech companies are fighting furiously to report the "total number of NSA requests" they complied with. Once they win, all will be well in the world.

        • by Zemran (3101)

          Yes, there will be so much less spying on individuals if they tell us what we already know.

        • Re:Arms race (Score:4, Insightful)

          by FriendlyLurker (50431) on Wednesday September 11, 2013 @03:15AM (#44817043)

          tech companies are fighting furiously to report the "total number of NSA requests" they complied with.

          Considering that those requests are "extras" on top and in addition to the NSA's always on access to the backend servers (as per Prism docs), then even if they win that fight it will be little comfort. All the "total number of NSA requests" tell us is that after looking through all the users stored emails and search profiles the NSA then decided to put in an extra request to track a users search keystroke and other front end data.

        • by swillden (191260)

          They are making some noises now that it became apparent that they handed over the data

          There is no evidence of that, and Google categorically denies handing over any data except in response to narrowly-tailored and proper legal requests.

          Snowden's PRISM slide is the only thing that even points at Google handing over data, and given the time frame shown on the slide it's more likely that the NSA was snooping their network links without their knowledge -- until they switched to SSL by default for nearly everything.

      • by AmiMoJo (196126) *

        The logical solution is for Google to leave the US. Move their main business to Iceland or perhaps one of the better European countries, and have the US as just a subsidiary. Obviously any servers left in the US (for caching/content distribution) will be considered compromised but at least Google's staff would be beyond the reach of National Security Letters and other such bullshit.

        Having such a large and well known company leave would really screw things up for the US government and perhaps US citizens wou

    • Re:Arms race (Score:5, Interesting)

      by Zemran (3101) on Tuesday September 10, 2013 @11:56PM (#44816337) Homepage Journal

      Criminals and terrorists do not have a problem getting around the NSA, it is only ordinary people that are being spied on. Anyone organisation that does anything suspect will set up their own DNS with their own TLDs (just like the .onion network) and work away unnoticed, even some companies are already doing this so that they have their own intranet on the internet, all requests for a .com address etc. are just passed on the normal DNS server. They can use their own mail system with as much good encryption as they like and the NSA do not even know it is there or have access if it is in another country. The normal people who are using Hotmail, Yahoo, Gmail etc. are the ones being spied on, even Snowden said this. They say that they are fighting terrorism but that is only to justify what they are doing, they are spying on you and I.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        That's one of the (unofficial) goals, population control. For that they track connections (so called metadata), in realtime can track and activate cellphones. So if there occupy-something is going on it easy to track who participates and who may be connected. Simply by checking phone locations and calls, and history. More important having private data NSA (or whatever agency or individual has access) can convince key person to "cooperate". It can be CEO or ordinary engineer. And yes, no way to complain, se

      • by msauve (701917)
        Seriously? You really don't understand how it works. You could get rid of the entire DNS system, and build everything on raw IP addresses, and it wouldn't change the NSA's ability to intercept traffic at all.
      • Criminals and terrorists do not have a problem getting around the NSA

        No, intelligent criminals and terrorists do not have a problem getting around the NSA. The fact remains that many are not intelligent because in many societies intelligent people can do better for themselves by working as part of society and even the intelligent crooks and terrorists probably have to work with incompetent ones so their plans will probably become accessible to the NSA.

        The issue with NSA surveillance is not that it doesn't achieve its stated aim - it undoubtedly does - the issue is whethe

        • by F.Ultra (1673484)
          The problem with that is however that the non-intelligent criminals is easily caught by the normal means, i.e normal police work. So you have a) criminals that are to dumb to warrant this surveillance and b) criminals that are to smart for the surveillance to work. The really paranoid criminals like Hells Angels (they operate like the mob in my country) have always assumed that they are monitored so they have always banned cellphones from their meetings and if one leader wants to talk to another leader he s
      • by AmiMoJo (196126) *

        I think you overestimate the ability of terrorists and I know you underestimate the ability of the spies. For example GCHQ is known to have taps on major internet backbones, so even if you had your nice little alternate DNS system the moment any of that traffic hits the net they would have it. Worse still it appears that the NSA has made sure that many encryption standards are flawed in such a way that they could decrypt such traffic even if you tried to protect it.

        Whenever terrorists have come to court it

    • It's an arms race that Google might lose if end users start using Chrome extension to encrypt the contents of their mail and using NOSCRIPT to hide their identity. Google lives and dies by being to be our creepy friend from tracking us, serving us ads, and generating analytics. If Google does not provide the "illusion" of security soon, it could kill the golden goose. It is in both the interest of Google and NSA to take this step. I predict we won't hear a single protest from our spooky friends.

    • by Dan667 (564390)
      foreign companies are starting to choose companies outside the US to prevent nsa spying. Google has a financial interest to stop the nsa from losing them business.
  • That's a relief (Score:5, Insightful)

    by theweatherelectric (2007596) on Tuesday September 10, 2013 @09:09PM (#44815487)

    Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments

    So.. the only organisation conducting invasive surveillance of my Internet activity will be Google? I'm most relieved.

    • by bhagwad (1426855)

      At least you have a choice to not use Google's products. I would much rather Google had access to my data than the government.

      • Re:That's a relief (Score:4, Insightful)

        by Architect_sasyr (938685) on Tuesday September 10, 2013 @09:51PM (#44815751)
        It's not much of a choice - over 65% of the 10,000 most visited websites use jQuery (for example). If you want a semi-decent web experience, giving up on Google is particularly difficult. I don't imagine that it is impossible (queue hater geeks who get away with it), but it's not going to be easy.
        • by bhagwad (1426855)

          Well, one can only control one's own actions. Websites can choose to use non google hosted jquery scripts which is very possible. Either way, it's a net of personal choices. All that can be said is that Google did a good job of convincing others to use its resources. But it didn't force them to. With the government...all choice and personal freedom is removed.

          • Sure, and I agree totally, unfortunately we can not convince others how to host their sites. I use jQuery on my sites, for example, and host the files myself. However, and especially with the advent of "cloud" computing, I have found this to be less and less the case. Google Analytics are another good example - people don't use AWStats (or similar) as much because Google does it all for them.

            Great business model, terrible for privacy advocates.
            • Re:That's a relief (Score:5, Informative)

              by PRMan (959735) on Tuesday September 10, 2013 @10:46PM (#44816053)
              I use NoScript to block Google Analytics. It's amazing how much faster the web is when you do that.
            • by swillden (191260)

              Great business model, terrible for privacy advocates.

              Is it really? Assuming Google does a good job of protecting user data (it does) and doesn't sell or otherwise distribute it to others (it doesn't, except as required by law*), then where is the harm to user privacy? Does it harm you to see ads that are relevant to you, rather than random ads?

              * I think we currently have a problem with laws that compel companies to hand over too much, but that's a flaw in our laws, and one we should fix.

              (Disclaimer: I work for Google, though I don't speak for Google and t

    • Google will use its information on you to serve you ads for Toyota.

      The Government will use its information on you to profile your behaviour to determine if your views are a threat to whatever political policy is in play at the time, and if so you will be deemed a "radical" and be placed on watch lists.

  • by kriston (7886) on Tuesday September 10, 2013 @09:13PM (#44815515) Homepage Journal

    Certain content delivery networks already do this. For decades.

    I find it hard to believe that Google was really not encrypting its non-client ingress/egress traffic.

    • by AHuxley (892839)
      A lesson from the consumer OS side - Lower cost and usable by not adding expensive features like good encryption until a real issue makes the press.
      Some regimes, monarchies and communist countries might have been swayed by that aspect too - trunk telco network has local rules and no encryption was allowed.
      Rapid global uptake of the brand is protected..
    • by delt0r (999393)
      So what if its encrypted, if you have the keys are are legally required to hand them over when asked to?
  • by AHuxley (892839) on Tuesday September 10, 2013 @09:21PM (#44815553) Homepage Journal
    The plain text is still not legally protected under a NSL/hidden self-signed "court" at the advertising keyword end.
    The metadata is still not legally protected under a NSL/hidden self-signed "court" as sent.
    The mathematics of cryptography is great PR along the tube but reality sets in at the end of the tube again.
    http://www.slate.com/blogs/future_tense/2013/09/09/shifting_shadow_stormbrew_flying_pig_new_snowden_documents_show_nsa_deemed.html [slate.com]
    STORMBREW and FLYING PIG show some insights into router and covert data redirection, the use of fake security certificates and the results been unencrypted.
    Also note the bypassing (man-in-the-middle) ability via security certificates aspect.
  • Not a solution. (Score:5, Insightful)

    by LWATCDR (28044) on Tuesday September 10, 2013 @09:23PM (#44815563) Homepage Journal

    A technological solution will never work. The NSA had court orders and gag orders. While the NSA doing this does not shock or bother me the idea that you can stop them with technology is just silly. Human spies will get around that as they always have.

    • by AHuxley (892839)
      Now only the NSA and select advertisers can enjoy working on your data.
    • Re:Not a solution. (Score:5, Insightful)

      by JanneM (7445) on Tuesday September 10, 2013 @09:33PM (#44815605) Homepage

      "Human spies will get around that as they always have."

      Security has never been about _absolute_ security, but simply about making it too expensive, dangerous or time consuming for an adversary to bother. We don't all live in bank vaults, after all; we don't need that much security for the kind of possessions we keep at home.

      Schneiers point is the same: we don't need so much security the NSA could never get to our data. We just need enough security - and need enough of us to use it - that the effort to routinely record what we all are up to exceeds their capability of doing so. They do not have an infinite budget, or infinite man-hours.

      Make routine surveillance not impossible but too expensive, that's the name of the game.

      • by LWATCDR (28044)

        The solution is change administrations and tighten the law. People are more than a bit foolish in that they see spying as a bad thing. For instance spying kept the Cuban Missile Crisis from getting out of hand. Spying prevented the UBoats from starving the UK into surrender. We just don't want too much spying. As I said the tech will never be the solution in the US. You need a political solution.
        Even if we had a perfectly balanced system it would never make the tinfoil hat crowd happy. BTW odds are if your

        • by JanneM (7445)

          As I'm not a US citizen and do not live in the US, it's all but certain that any political solution there will do nothing for me. And as you say, the NSA is not the only one listening anyhow. Making it too costly and difficult, and encouraging as many people as possible to do the same, is the way to go.

          • by LWATCDR (28044)

            You never will and frankly none of us really want it. The results of perfect signals security could be a terrible thing.

        • Neither freedom nor the constitution are negotiable; there is no "balanced system" except one where innocent people aren't spied on.

        • Re: (Score:2, Informative)

          For instance spying kept the Cuban Missile Crisis from getting out of hand.

          Just a minor issue, but can we please start to call that event the Turkish Missile Crisis?

          After all, it was the USA that started the escalation by emplacing IRBMs in Italy and Turkey.

          • by LWATCDR (28044)

            That is a myth. The IRBMs in Turkey did not increase the threat to the USSR in any significant way. It is just a way that folks like the shift blame. The US already had Atlas, Titan, Titan II, and Polaris in service with Minuteman entering service. At the time and all could strike the USSR while USSR had no effective means of striking the US as the BIson lacked the range and performance and the R-7 took days to prepare for launch. The IRBMs in Turkey where going to be retired because they where not cost ef

        • Given all the lies and disregard for the law already demonstrated, it's childish to think that any political solution could be trusted. If Obama said tomorrow "We've reined in the NSA, the law has been changed so they can't spy on you any more" only the most naive people would actually believe their Internet traffic was now private.

          A political change to make privacy more important would be nice, but implementing a technical solution to make spying harder is vital. Neither is sufficient on its own, the aim H

      • by AHuxley (892839)
        The reality of large US domestic data storage would point to a total lifetime of routine surveillance been in budget and technically workable.
        The phone records aspect is a hint to that - bulk call metadata just waiting for 10's of years.
        Its not the cold war where keywords would alert to a message/voice and then keep that instance for later human translation or storage.
        Now you just keep the metadata, ip used, keywords found, voice print, image, video clip still, banking, telco use ie all traffic until nee
  • Disinformation (Score:3, Insightful)

    by xtronics (259660) on Tuesday September 10, 2013 @09:33PM (#44815609) Homepage

    To me it was obvious from the start that Google was founded with borrowed search algorithms that had been honed for a different purpose: finding connections in intercepts. So now they are trying to sell that they will have crypto that is out of reach from an agency that they are in bed with? They PAY Google some undisclosed excessive amount to provide information. It is a profit center. I'm not even sure if Google is really a public company. (The name may have come from a joke about 'G'overnment 'OOGLing' )

    Why would anyone believe they are on the publics side?

    • by AHuxley (892839)
      Re Why would anyone believe they are on the publics side?
      Globally you would want the servers in the US or near US/UK friendly sites/telco loops.
      The fear is a network of French, Germany, Russian, Spanish, Chinese, Portuguese ect. of local quality domestic ad/seaching brands.
      They would only respond to their govs interests and demands for bulk raw sharing be just to regionally politically tempting.
      http://rt.com/news/prime-time/icq-panic-russia-us/ [rt.com]
      "It all went smoothly – until the recent announcemen
    • Re:Disinformation (Score:5, Insightful)

      by u38cg (607297) <calum@callingthetune.co.uk> on Wednesday September 11, 2013 @02:15AM (#44816863) Homepage
      You had me up to the point where you seriously suggest the government could successfully run a billion+ dollar profitable business.
      • ... should be left in the capable hands of bankers, insurers, airline operators, tech geniuses (specially if they have any experience running companies about 2000) and all other shrewd business people.

        Lest not forget farmers which are great at administering subsidies and other varied industries that have become very adept at pork barrel politics, ensuring juicy subsidies and bailouts from the incompetent government come their way as soon as this is needed to boost their bonuses.

    • borrowed search algorithms

      Uh, you mean the Perron-Frobenius theorem? I'm pretty sure there was no NSA in 1912.

  • by Neo-Rio-101 (700494) on Tuesday September 10, 2013 @09:33PM (#44815613)

    "Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men."

    ~ Ayn Rand

    • Cute comment. But if this is any indication of our civility.

      We are all savages. I'm ready to go savage to the max. Because its disgusting the state our society is in. Just looking for an ISP on their home pages is all it takes.

      Our species is in dire need of some house cleaning. And yep. I would gladly sacrifice my life if the future of the human race isn't guided in this direction and is strengthened through adversity. Its the same thing as fighting and dieing for your freedom from an empire who taxes you w

    • That seems rather wrong to me. Civilization is defined as the development of the city, along with writing and a shared ceremonial center.

      Cities clearly require interaction between people on a larger scale than in a pre-civilized culture. With that larger scale goes loss of anonymity across that larger scale.

      While in a band man is only known by other men in the band, and that's it. On a global civilization connected by the internet the scale is the planet.

      • by N1AK (864906)

        Cities clearly require interaction between people on a larger scale than in a pre-civilized culture. With that larger scale goes loss of anonymity across that larger scale.

        Anonymity can't be measured that simplistically. If I lived in a city then hiding an affair is far simpler than in a village where everyone knows everyone. I could walk into 5 different hardware shops and buy bomb making supplies with cash and it would be far less likely to be spotted than in a small village with only one shop. If I go aw

    • by Samantha Wright (1324923) on Tuesday September 10, 2013 @10:27PM (#44815973) Homepage Journal

      It's a good soundbite, the idea of mutual respect as a civilized accomplishment—but Rand oversteps. The very cornerstones of civilization are the same as the rules of that tribe; without it, you have something entirely more primitive: solitary animals and the complete abolishment of culture. It is alas a rather tawdry thought that betrays Rand's education, no matter how elaborate the clothes.

      Strive for a balance. It's no more unattainable an ideal than an extreme like total freedom or total cooperation. There are, believe it or not, ways in which complete privacy is not optimal. Some small degree of intrusion is always necessary, both psychologically and for safety.

      In this case, I am completely on the side of recovering privacy, as these violations are gross and driven by ignorance, paranoia, and greed. They are massively inexcusable, and if I were south of the border I would probably have turned to a career of being a crazy social activist when I was an undergrad.

      Schneier hit the nail on the head [slashdot.org] last week when he pointed out the real issue, though, and I hope you'll agree with me that it is a much bigger priority than the collateral privacy loss itself. Bureaucratic and political need to save face and to manage risk has grown out of control. The post-9/11 culture of safety has led to oppression in every conceivable security-related corner, as well as moves of "me-too" safety fetishism in totally unrelated areas.

      The enemy here isn't just a big government, though; it's the individuals in these organisations, departments, and legislative bodies trying to protect themselves and their careers. It's an insurrection of selfishness, regardless of who the campaign promises are designed to appeal to. Without arguing over the rightness of the system, it is at least plain that these people are horrifically mismatched to the jobs they hold, and they need to be very specifically shamed if the fundamental shift they caused is to be reversed. An Edward R. Murrow would really fit the bill right about now.

      • There are, believe it or not, ways in which complete privacy is not optimal. Some small degree of intrusion is always necessary, both psychologically and for safety.

        Such as?

        I think the point was it should be an agreement between two parties as to how "intrusions" are used to fulfil a specific need or goal.
        Typically these show up in privacy policies and wordy EULAs, in the digital realm.

        We're talking about a large government entity intruding for it's own reasons with no mutual agreement. Is *that* intrusion always necessary?
        I think not.

        • I was thinking more along the lines of "obtaining a warrant to search for evidence of what happened to all those prostitutes who keep disappearing on or around your property" or "making sure you don't become a total recluse." As I said further down in my post, this situation is completely unacceptable and needs to be destroyed. Necessity, unfortunately, is subjective; they'd argue it's necessary, no matter how much we opine otherwise. Thus we need to re-educate them and shame them for thinking it's necessar
  • It's a PR effort (Score:2, Insightful)

    by Anonymous Coward

    "Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.'"

    No it isn't. China wanted you to backdoor in China and you left China, USA wanted you to backdoor in the USA and you complied Eric. It's not an arm race when a secret letter is all it takes to get your data. Just after PRISM leaks, we learned they started to demand the keys too. In effect expanding surveillance of your services to 100% coverage while reducing the use of PRISM. Is *that* an arms ra

  • What is the point of having a big castle, with a moat, several feet inch walls and all that stuff if you then, quite literally, give away the keys to the castle?

  • If the NSA remains vigilant and Google does nothing to avoid it, they will slowly stagnate as users switch to smaller "networks." Google is all about the network effects of their products, and that same network is highly valuable to the NSA and its ilks. The only real way to defeat it is to compartmentalize the networks into much smaller segments such that associations are much harder to make.

    Much more difficult to do once the cat is already out of the bag, and it destroys much of the collectivism that ma

  • Meaningless (Score:2, Interesting)

    by comrade1 (748430)
    As long as the data is in the u.s. and subject to government subpoena this is meaningless. Depending on how google is structured they could move their data centers outside the u.s. and not have it subject to secret orders. Switzerland would be a great place as they have strict data protection laws.
  • But Google CAN'T be encrypting a lot of data and rolling out SSL on all of their services.

    Just last night here on Slashdot the crooks informed us that while "3 strikes" laws reduced torrent traffic, all those stolen movies and software must have moved to SSL. The increased SSL traffic can't be because the #1 internet company in the world expanded it's use of SSL. It HAS to because penalties for unlawful actions dont work. That's what fits the storyline they want to tell!

  • by gmuslera (3436) on Tuesday September 10, 2013 @10:15PM (#44815893) Homepage Journal

    The real point here is not Google giving the NSA your information or not, they are an US based company, they must comply and give all the information requested by the NSA. And, if the used internal encryption is good enough, the only way to get that information will be directly from Google, then Google's will know what the NSA got from them, and they could eventually control (delaying, giving partial or even fake information) what they NSA gets, or store that information for future use (in the case that law gets curious about what is that justice that is everyone talking about)

    That don't make Google a friend, but at least a potential enemy of our biggest enemy, and is something to be respected.

    • they could eventually control (delaying, giving partial or even fake information) what they NSA gets,

      Only if they want to go to jail, which I doubt. That goes especially for the "fake" information, that would be especially difficult to explain to a prosecutor and judge.

      • by gl4ss (559668)

        they could claim that they were forced by a double-secret court to do it..

      • by gmuslera (3436)

        The point is not that they won't, but that they could, thats the key of being in control of the information. If that information could be gathered also in another way it would be checked out, Will them be willing to do it? I doubt it.

        In the other hand, when the NSA is ordered to give key parts of its information, they lie [propublica.org], no matter what prosecutors and judges say, in fact when they lied to the congress [slate.com] (that should be worse), didn't ended in jail, in fact, got even more control over possible threats on th [slashdot.org]

  • by Anonymous Coward on Tuesday September 10, 2013 @10:20PM (#44815929)

    If my taxes pay for the NSA and using encryption will cost the NSA more money to decrypt. Then I'll have to give up more of my money to them decrypt my messages?

  • by Anonymous Coward

    and what they will do with what they know about me from about 1000 different channels, digital, clickstream, email text, inbound, outbound, print, video, audio, call records, transaction histories, demographic data, geneological histories, all carefully indexed and archived and MapReduce'd and data mined for moment-by-moment behavorial patterns.

    Have you ever bought anything from Google as a consumer? No? Then how do you think they keep 35,000 pampered employees on the payroll with a million servers runnin

  • The NSA keep trying the same old trick. They want to orchestrate mass adoption of a system that appears secure but isn't. Somewhere in the technology stack there's a backdoor allowing the NSA access to the plaintext. We know what the NSA's two agendas are and its a huge conflict of interests for them to release a encryption system that they cannot themselves break. Even if the code appears secure they have rigged modern hardware to leak keys through side channels. _Of course_ Google's new system will be bac
  • This must be a PR effort. How can the NSA order Google and others to let them in and have the data they want, but then just let Google go ahead and freeze them out again? It makes no sense.

    The only way to guarantee your privacy is to use open source end-to-end encryption software on open operating systems. All closed systems with physical ties to the U.S will eventually be compromised by NSA and other gov branches.
  • All it takes is for congress mandating PRISM compliance and certification all under the guise of reducing the burden of the tax payer. Mark my words. What Google is attempting to do will backfire!!! Government = demigod. Nothing is more powerful than Government in an age of men and their organizations; including corporations.

    Soon we will all see a citizens accept EULA for all new smartphones that their device has been branded PRISM compliant with a super fast NSA backdoor for enhanced performance and protec

  • This is good business for Google.
    If matters stay as they are now, users will leaving by droves when a non-american alternative present itself (and it will appear. people will not miss this opportunity). Rather than trying to defend it's data, Google must win back users trust or it wont stay in business for long.
    The same can be said for most big american software and internet companies.
  • by Jimbookis (517778) on Wednesday September 11, 2013 @12:08AM (#44816397)
    ... factories that make $5 wrenchs. I heard they are set to make a killing soon.
  • by seandiggity (992657) on Wednesday September 11, 2013 @12:40AM (#44816521) Homepage
    This is a joke and amounts to nothing but a smoke screen. We now know that Google is an active partner of the NSA and the U.S. government...we should treat them *as* the NSA. What does any of this matter when Google has whole division(s) dedicated to preparing data for use by the NSA. They'll give keys, they'll give data, they'll give metadata, they'll give educated guesses, they'll prepare 3D topographic maps about that data.
    • by swillden (191260)

      We now know that Google is an active partner of the NSA and the U.S. government

      We do? I don't. In fact I see no evidence of that whatsoever. There was one slide showing that the NSA was collecting data from Google back before Google started using SSL for everything. That's it.

      From my perspective as a Google employee, I also see no evidence from the inside of any partnership with the NSA, and I see a whole lot of cultural opposition and pragmatic difficulties with doing any such thing and successfully hiding it from the employees (like me) who build Google's security infrastructure.

  • by AbRASiON (589899) * on Wednesday September 11, 2013 @01:21AM (#44816673) Journal

    You can encrypt all you like, if there's a backdoor made for people to access, it's meaningless.

  • ... going to fight the surveillance state?

    In *our* behalf?

    Allow me the following outburst. Ha,ha,ha.

  • by Kazoo the Clown (644526) on Wednesday September 11, 2013 @05:21AM (#44817429)
    If people are inclined to choose other more secure options for email, Google could lose customers. Furthermore, if Google isn't privy to your unencrypted traffic in some way, there's no info to collect for targeted advertising. So Google has some motivation to take charge of the encryption...
  • While Americans might be pissed off about this, they're not doing much about it. The rest of the world is looking on and asking hard questions about how much reliance we want on American based companies, given what that means for our data and the US Government's desire to spy on it.

    Google doesn't have much of a choice but to try and fight this - to roll over is just to do serious damage to their international business interests. Same for any big service provider. If you're in Europe and you need to do somet

  • Gotta love a proofread summary:

    'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

    Ok, that makes sense...

    However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained.

    Whoa. That changes everything. Damn.

  • This strategy was already deployed in Orwell's book where Winston thought he was acquiring subversive materials but was really following the party surveillance plan. We trust google because...? They are a for profit company with massive marketshare. Google is merely providing the illusion of due diligence.
  • by ironicsky (569792) on Wednesday September 11, 2013 @10:27AM (#44819589) Journal

    I've never understood why encryption isn't already built in to everything we do in modern technology. As far as I am concerned the network card in your computer should generic a one-time public/private key pair for EACH connection it is making or receiving. The public key is transmitted to the other network device which uses it to encrypt the data to get sent back. Once a connection is closed the keys, salts, and other information is destroyed.

    It would take a little extra computation on the hardware to make it happen, but the storage requirements for keeping the keys is minimal since each key would, in theory on exist for a few minutes before a connection is closed, and in the case of web traffic, a few seconds.

    We could do a way with all sorts of things, like OS level encryption if it was built in by default - or keep it, and add a 2nd level of complexity to the data.

"How to make a million dollars: First, get a million dollars." -- Steve Martin

Working...