Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Google Privacy Security United States

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services 281

jfruh writes Google Chairman Eric Schmidt told a conference on surveillance at the Cato Institute that Edward Snowden's revelations on NSA spying shocked the company's engineers — who then immediately started working on making the company's servers and services more secure. Now, after a year and a half of work, Schmidt says that Google's services are the safest place to store your sensitive data.
This discussion has been archived. No new comments can be posted.

Eric Schmidt: To Avoid NSA Spying, Keep Your Data In Google's Services

Comments Filter:
  • Or better yet (Score:5, Insightful)

    by NeoGeo64 ( 672698 ) on Monday December 15, 2014 @08:51AM (#48599945) Homepage Journal
    Just keep everything on your hard drive on a computer that is *not* connected to the Internet.
  • by xophos ( 517934 ) * on Monday December 15, 2014 @08:52AM (#48599951)

    They will be immediately forced to hand over everything and be silent about it.
    Until US laws are fixed AND respected, data going to a US Corporation can by definition not be safe.

    • by Overzeetop ( 214511 ) on Monday December 15, 2014 @08:59AM (#48600009) Journal

      Tell that to SpiderOak.

    • by Anonymous Coward

      That just shows how evil google is. Eric Schmidt is lying throught his teeth when he is saying sensitive data is safe with him.

      • Well, at least according to the summary, he never spoke of "safe". He said "safest" Big difference.

        And I'd even go further and say that he might be right. Unless I'd go completly offline, I can't afford half the brainpower and expertise that Google buys for their datacenter to keep my desktop machine clean and safe. (to be honest. I couldn't afford hiring a single person from their security department)

        • by shaitand ( 626655 ) on Monday December 15, 2014 @12:25PM (#48601797) Journal
          No but if you got a government request for your keys you'd know about it. If google gets such a request you wouldn't know you were compromised.

          It isn't like they are sending l33t hackers to break in and get the data.
          • by non0score ( 890022 ) on Monday December 15, 2014 @02:03PM (#48602737)
            While the major providers can't talk about it, not all gov't requests get served. The point is that yes, there is always that possibility that your account gets handed a request, but at least with Google services, you won't get picked up in random dragnet-style surveillance. That's difficult to claim for all the other major providers, and is precisely what Eric Schmidt is claiming.
            • by shaitand ( 626655 ) on Monday December 15, 2014 @02:19PM (#48602925) Journal
              The government doesn't need to request your account, they can request google's own keys and never tell google what they are actually looking at.
              • The point of forward secrecy is there are no such keys to seize. The "master keys" are only used for identification, not encryption. So whilst a gov could theoretically seize Google's keys, this does not help them decrypt wire traffic. They'd have to do a large MITM attack, and to get everything? They'd have to decrypt and forward ALL Google's traffic. Not feasible.

                Good use of applied cryptography means that realistically the only way for a government to get data out of it means requesting it specifically f

          • No but if you got a government request for your keys you'd know about it.

            The government "request" would come in form of customised malware and you'd never even know you got hacked.

            If google gets such a request you wouldn't know you were compromised.

            You aren't gonna know, no matter what.

            It isn't like they are sending l33t hackers to break in and get the data.

            Schmidt isn't an idiot, despite how the press like to portray him via selective quoting (note that TFA does not provide much context for this quote). Wh

    • by Framboise ( 521772 ) on Monday December 15, 2014 @09:07AM (#48600095)

      Google is investing massively abroad, such as in Zurich, Switzerland, where privacy laws are especially strong. Expect that if US laws continue to have negative effects on Google income, the company is going to be more and more international.

      • by Anonymous Coward on Monday December 15, 2014 @09:30AM (#48600259)

        It's not going well for Microsoft. They are requesting data from the servers in Ireland.

      • by Registered Coward v2 ( 447531 ) on Monday December 15, 2014 @10:16AM (#48600579)

        Google is investing massively abroad, such as in Zurich, Switzerland, where privacy laws are especially strong. Expect that if US laws continue to have negative effects on Google income, the company is going to be more and more international.

        Which is pretty much irrelevant when it comes to a US Court requiring them to turn over the data if they have it. It used to be, in the age of paper, that stuff could be kept off-shore making it essentially unreachable; especially since no one might even now it existed unless someone told the authorities. Now, a US corporations data is essentially one big collection of stuff to be made available on demand; and refusal to turn it over could result in fines and contempt charges. In the end, he with the biggest stick wins.

      • by houghi ( 78078 )

        Good that there are privacy laws, because we know how much the US Agencies and especially the NSA respect the law.

        The time of paranoia is over. You don't have to THINK that your could be cvomprimised. You must act as if it IS compromised. Almost all companies are stillin the 'let's protect our data' but have NO clue what to do if that fails. "Yeah, but the IT guy said that if we change the password every 30 minutes, it would be safe."

    • by tinkerton ( 199273 ) on Monday December 15, 2014 @10:40AM (#48600769)

      They will be immediately forced to hand over everything and be silent about it.

      Who says they need to be forced? They'll protect their interests but they seem to be fully in sync with the state. You know, the good guys.

    • by gweihir ( 88907 )

      Indeed. What is a bit worrying is that this has to be told to people time and again.

    • by kheldan ( 1460303 ) on Monday December 15, 2014 @10:45AM (#48600817) Journal
      Amplifying the OP here. I know people in general seem to be getting dumber and dumber with every passing decade, but have people reached the point where Google can say stupid shit like this and really expect everyone to believe it? You may as well just call the FBI, NSA, CIA, DHS, and whoever else wants to snoop on everyone, and ask them to create a share on their servers for your most-personal, most-important data, and store it in the clear, at least that way you'd save some tax dollars. For fuck's sake people, 'the cloud' is a bad joke. You want to keep your personal data safe from snooping? Do as at least one other commenter on this story has said: Put it on a storage device not connected in any way to the Internet. We do not live in a day and age where the government gives a flying fuck about your 'right to privacy', if these bastards had their way we'd all be living in a world where George Orwell's 1984 would look warm and fuzzy by comparison.
      • by digsbo ( 1292334 )
        Except for the fact that the government works for the corporations.
        • by HiThere ( 15173 )

          It's not a one-way street.

        • Would you care to expand on that statement, since I don't see how it relates to what I said?
          • by digsbo ( 1292334 )
            Yeah. I mean war is the health of the state. And really that's all driven by the military-industrial complex. Surely, Lockheed, Northrop-Grumman, etc., are not going to let war policy hurt business. Why, in this time of transferring warmaking to the digital landscape, would we think that the government policy will be detrimental to those who are best positioned to take advantage of government contracts for digital warfare (covert or otherwise)?
    • They will be immediately forced to hand over everything and be silent about it. Until US laws are fixed AND respected, data going to a US Corporation can by definition not be safe.

      Yes, but I think you mean until US laws EXPIRE on June 1, 2015. The most egregious parts of the Patriot Act are still set to expire on June 1, 2015. After that it appears that demanding ALL the records from a business or institution (or person?).... including phone records, email logs, text message logs, web site visitor logs, library records etc etc... will again require an actual constitutionally valid warrant naming the cause, the person and the things to be seized.

    • The fix could be legislation or it could be a firm Supreme Court decision. The Court could, at some point, decide that the Fouth Amendment applies to cloud services exacly the same way that it does to rental property in the physical world. Renters have the same rights as home owners under the Fourth Amendment. A landlord is not allowed to just let the police into your appartment to search without a warrant. So far, online storage has been treated as information in the possession of a third party rather
  • For sure. (Score:5, Insightful)

    by ruir ( 2709173 ) on Monday December 15, 2014 @08:53AM (#48599957)
    Why not keep the data in the police station? I am sure it would work better than at googles. Is this article a freaking joke? It is not the 1st of April yet last time I checked.
  • ... encrypted phones that self-destruct in the wrong hands, near realtime incremental cloud backups to anonymous sites, anonymous Facebooking, etc.

    There's a new market for privacy on the Internet.

  • by Anonymous Coward on Monday December 15, 2014 @09:06AM (#48600081)

    To quote Bender:

    HA HA HA HA HA HA!

    Oh wait! You're serious. Then let me laugh even harder!

    HAAAHAAAAHAAAAAAAAAAAAAAAAA

  • The cloud is... (Score:5, Insightful)

    by Anonymous Coward on Monday December 15, 2014 @09:07AM (#48600085)

    ...about control.

    Them moment you put ANYTHING in the cloud, you are relinquishing control of your data. PERIOD.

    Who gives a shit if they are reading your stuff....if you are that concerned about it, it does not take much to make it unreadable via encryption....

    The real issue is you are basically giving the keys of your kingdom to somebody else.....Encrypted or not, they can block your access to it and shut you down. Any time they want. PERIOD. And if/when it happens THERE WILL BE NOTHING YOU CAN DO ABOUT IT. Sure you can sue and spend years in court, but I do not know any company that can survive years and years without producing/selling anything until this mess is sorted out.

    Offline copies you say? Then you basically got suckered into paying for services for a cloud provider AND keep your own infrastructure.....
    Pay 2 cloud providers? At that point I think it is cheaper to simply not pay anybody and build your own infrastructure.....

    The cloud is an interesting idea, hardly new concept though: we are essentially transitioning back to the days of big powerful central mainframes that companies such as IBM had a stranglehold on and had their clients paying "protection" money that would make the mafia green with envy....

    • Re:The cloud is... (Score:4, Interesting)

      by mlts ( 1038732 ) on Monday December 15, 2014 @11:07AM (#48601025)

      The cloud is more than just storage, but usually people use the storage functionality for this.

      Realistically, the cloud needs to be treated as another storage medium, just like optical, tape, floppy disks, HDDs, SSDs, and everything else. You plan for media failure, and you build in anti-compromise measures.

      The cloud is the same way. If you are an enterprise, you turn on encryption in NetBackup or other program, create a storage pool, and have a mirror on other media (be it an Avamar, a tier 3 disk, or a LTO-6 silo.)

      If you are a home user, you encrypt your cloud backups, either by storing things in an encrypted container (TrueCrypt, BitLocker protected windows image, Mac Disk Image, LUKS, PGP Disk volume, etc.), or using a backup program that encrypts. At the worst, there are utilities like BoxCryptor which act similar to CryptFS and map an encrypted layer on top of the cloud drives. Any of this is better than nothing.

      Of course, with encryption comes the major bugaboo -- key management. You may have the data securely stashed on the cloud... but without keys, it will be inaccessible. I like having several printed out physical notebook with keys in it, as well as archive grade optical media, and a USB flash drive. Each copy of the notebook goes with a key person (corporate officer), and there is one kept in the local tape safe. This way, if the data center gets completely flattened, it may take days to weeks, but data is still recoverable. This also helps if there is an audit or motion of discovery.

      The cloud has its big issues... but treat it as its own piece of media, and it can come in handy. To be more specific, treat each cloud offering as its own media. Amazon Glacier is great for long term archiving, but one needs to well index it, to minimize the stuff retrieved, and Glacier should be the absolute last resort if data is needed, due to the charges for fetching data.

    • by HiThere ( 15173 )

      Not totally true. If *you* encrypt the data before you store it in the cloud, it's a decent backup mechanism...provided you have a totally separate backup mechanism for your keys. A couple of unlabelled usb keys in two separate places, one of which you remember, and one of which you document in a sealed letter held by your attorney (or some other place that it can be retrieved from in case you forget). You might also have a couple of dummies. ("Well, that used to be the key. I must have forgotten to up

  • Do no evil, right? (Score:5, Insightful)

    by Noryungi ( 70322 ) on Monday December 15, 2014 @09:07AM (#48600089) Homepage Journal

    Here is my problem: Google has a long history of cooperating with NSA.

    Don't believe me? Fine: read these links instead... Yahoo News article about cooperation between Google and NSA [yahoo.com], Guardian article [theguardian.com], Tom's Guide article [tomsguide.com].

    Even if Google does not/did not/will not cooperate with NSA, Eric Schmidt himself has been cooperating with the US Government, which cast serious doubts about his desire to protect the private information of Google clients.

    Again, don't believe me? Fine, read this instead: Julian Assange on Eric Schmidt [huffingtonpost.com]. Or (even better) this transcript [wikileaks.org].

    Even if Eric Schmidt does not cooperate with the US Government, he has said himself, repeatedly, that privacy is dead and that it's something for hackers.

    Don't believe me? Fine, read this instead: EFF article [eff.org], Gawker article [gawker.com].

    In other words, a company that cooperated with the NSA, led by a man who does not care about your privacy (but cares very much about his) is telling you that there is nothing to see here, sure we are protecting your privacy, please buy our products, we are safe and professionals and there is nothing to be afraid of.

    Seriously? How come this gasbag is a freaking CEO, paid millions of dollars a year?

  • by pubwvj ( 1045960 ) on Monday December 15, 2014 @09:09AM (#48600107)

    No, if you want to avoid NSA spying then keep your data out of the cloud and off the web. Keep your data at home. It's that easy.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Actually it's not. If they really wanted to, they can still access it. It's just much more expensive to do so because they would need to send a team to monitor your movements, figure out when you are not home, break in, copy and analyze at HO.

      That is assuming your hardware such as keyboard and mouse was not already compromised and already sending data back wireless to them.....

      They are quite good at what they do, they have been at it for a long time and got all the angles covered.

      We, as a people, can only d

  • by Cardoor ( 3488091 ) on Monday December 15, 2014 @09:12AM (#48600129)
    can discredit anything and everything you have ever said before publicly. then again, i wonder if it's reached the point of kabuki theatre such that he's trying to deliberately be ridiculous to communicate in the only way he can. kind of like when a hostage deliberately oversells his 'newfound devotion' to his captors' cause to try and communicate that there's a gun pointed at his head.
  • by artlu ( 265391 ) <artlu@@@artlu...net> on Monday December 15, 2014 @09:13AM (#48600131) Homepage Journal

    As anyone knows, Google receives several federal subpoenas, and it attempts to cooperate with as many as possible. It has to as a public, U.S. based entity. It seems ludicrous that Schmidt would make this claim, but unless someone has gone through this system like I have (read my story here The Market is not Random [amazon.com]), I guess they wouldn't know everything the governments are capable of doing.

    Careful, Mr. Schmidt.

    • by jaseuk ( 217780 )

      No not absurd. If there systems are designed so they have no access to this information, then they can't hand it over. They can't be compelled to re-engineer their systems.

      Apple and Microsoft can most likely offer similar assurances soon, but probably won't.

      Now - none of this helps you if the spies have certs + network TAPs, but a lot better than how things were sounding before.

      Jason.

      • by artlu ( 265391 )

        I see your point, but the problem is that the government can gain access to any information it wants. In fact, if you are dealing with commodity/futures data/accounts, the CFTC was given blanket subpoena power after the 2008 crash.

  • by Cardoor ( 3488091 ) on Monday December 15, 2014 @09:15AM (#48600155)
    the more i think that maybe eric shmidt is trying to do the right thing, and so making such an outrageous statement to communicate the OPPOSITE. in other words, 'to avoid NSA spying, NEVER store ANYTHING in google services.' this might be the only way he can 'say' it with a gun at his head.
  • by david.emery ( 127135 ) on Monday December 15, 2014 @09:24AM (#48600205)

    All things considered, I trust the NSA more with my data. At least they're not in the business of selling it.

  • Here's a clue (Score:3, Insightful)

    by jbrown.za ( 2935583 ) on Monday December 15, 2014 @09:37AM (#48600289)

    From the original article:

    Back doors are a bad idea, Schmidt said. “It’d be great, if you’re the government, to have a trap door, but how do we at Google know that the other governments are not taking over the trap door from you?” he said.

    He is not saying the government (presumably the US government) shouldn't have a backdoor. He is only expressing a concern that other governments might find ways to exploit it.

    Bottom line ... it still seems like Google will hand over any data the US government wants.

  • Great News! (Score:4, Funny)

    by neurovish ( 315867 ) on Monday December 15, 2014 @09:40AM (#48600313)

    I was wondering what I could do to keep the NSA from spying on me. I'm glad that Google has it figured out. Time to upload all of the documents I have stored locally on my desktop to the Google servers so that they can keep a watchful eye on them. I was worried that this was going to be hard and require a lot of dilligence.

    I'm going to tell my boss that we need to move away from all of these Microsoft products to and only use Google cloud services for security.

  • Fast forward to the year 2017.
    Headline: NSA outsourced to Google
    In a cost cutting move, the US Government has outsource all NSA activity to Google. In a statement from President Hillary, she gives the reasoning that "[they] recognized a duplication of data collection efforts between the NSA and Google and decided to take advantage of those synergies."

  • Is it safe? (Score:5, Interesting)

    by matbury ( 3458347 ) on Monday December 15, 2014 @09:51AM (#48600407) Homepage

    It's worse than most people seem to realise. Schmidt isn't just lying, he's willingly getting Google in deeper with the NSA because, you know, the bottom line: It's very, very profitable (tax payers dollars are always the most profitable source) and the market insists that corporations go where the money is. Google appear to be doing everything they can to get into the international espionage business via their departments like "Google Ideas", which is effectively a department within the US State Department. They consult with governments and corporations to help them with their commercial and political "issues." You know, the kinds of issues that some governments and corporations don't like, such as popular protest movements, environmental campaigning, human rights protection and enforcement, exposing political corruption, etc. Google can provide such governments and corporations with very helpful data on who these "trouble makers" are, where they've been, who they've talked to, and what they may be planning to do next.

    Perhaps we should be more insistent when interviewing Schmidt about our data: Is it safe? https://www.youtube.com/watch?... [youtube.com] I mean, it's the kind of thing that he's endorsing, enabling, and promoting by getting into bed with the current NSA, CIA, DoJ, and State Department. It's only fair that he should be treated equally.

    • I would not reduce someone like Eric Schmidt to someone who's just in it for the money. This underestimates how ideology and interests tend to blend. I suspect that for someone like Schmidt working together with the NSA just feels morally right. And people who want to hide things from the NSA well, they're doing something they oughtn't to be doing.

  • by EmperorOfCanada ( 1332175 ) on Monday December 15, 2014 @09:52AM (#48600413)
    And then they are one court order away from being unlocked.

    Seeing that it turns out that nobody's tinfoil hat was big enough, I am going to make a prediction. It will turn out that Google was sharing data with the NSA as part of a deal where the NSA would share software patent data from potential foreign competitors with google so that google could keep the market on just about anything it wanted.

    I wonder how many foreign companies went to file a patent only to find that an American company that was friends with the NSA had filed the patent days before? Siemens filing patents only find that GE had done so the day before?

    The NSA would only have had to monitor a very few IP lawyers' offices to vacuum up a huge number of patents. This would then give the NSA something that they could afford with which to trade and it would "Protect" US commercial interests; as it would be a complete disaster for the next facebook or Google to be in a country that isn't friendly with the NSA.

    Even within the US I suspect that it would be easier to not have to negotiate a new data access deal with even domestic companies so why not hand their patents over as well.

    Think of it this way. If a company were to come up with a better search algorithm (one that didn't always bring up yellow page directories for every damn search, or spammy product sales sites) and I said you should try boobla.com (I made that up) as a search engine and you tried it and it was so much better, would you ever use google search again? How fast would you tell all your friends about boobla? Thus how long before google was seeing 40% month on month drops in search traffic? Unlike companies like Ford where a better car coming along doesn't get you to dump your ford and immediately buy the better car google can see the rug swept out from under them. If they lost search then all their other services combined would not be able to prop up the company. Plus there is no reason that boobla.com can't be Chinese, Korean, Icelandic, German, or Tanzanian?
  • ... well almost anyway. This was the funniest thing I read this morning and that includes my daily romp through the funnies.

  • Seriously?

    I trust google with my data even less than I trust the government. It's why I no longer use any of their services. This article is not for anyone with a functional brain, it's for the masses that believe what they're told to believe. I'd also suspect this wasn't something Schmidt said without some "guidance" or "suggestions" from some of his high powered friends in the government.

  • What a fucking asshole.
  • So it takes a year an a half to get something done at one of the biggest tech companies there is and in all that time bugger all said about that company's failures before that? It is really a tacit admission of failure and collusion and should not be construed by any means of any change in the status quo. Schmidt is a bullshitting rich asshole who will at this point say anything that sounds like his shit doesn't stink. But it does and we know it.
  • by delvsional ( 745684 ) on Monday December 15, 2014 @11:19AM (#48601159)
    Can someone design me a distributed raid app that encrypts and splits the data between all the major cloud options? It would be pretty hard to decrypt if they only have a fifth of it.
  • They will fight any NSA letter tooth and claw to resist handing over your data.

    After all, they still want to sell it.

  • I know I'll get s**t for this but ... Google and you-and-your-own-PC are not so different, a single court order and both have to give up any and all information requested; but in Google's case they have more lawyers than you do.

  • I remember a quote from a security whitepaper which basically says something to the effect of "Unless your security method is being utilized by the worst of the worst criminals, say pedophiles, human traffickers and terrorists...then assume it is compromised."

    Now, how one would find out what those sorts of people use for data security, you got me...but it seems like a good assumption.

  • Nobody commented on PRISM? It is nice to have inter-datacenter encryption, but if the NSA can directly tap the data from the datacenter, the privacy claim is overstated.

"We want to create puppets that pull their own strings." -- Ann Marion "Would this make them Marionettes?" -- Jeff Daiell

Working...