Google Speeding Up New Encryption Project After Latest Snowden Leaks

coolnumbr12 writes "In a new leak published by the Guardian, New York Times and ProPublica, Edward Snowden revealed new secret programs by the NSA and GCHQ to decrypt programs designed to keep information private online. In response to NSA's Bullrun and GCHQ's Edgehill, Google said it has accelerated efforts to build new encryption software that is impenetrable to the government agencies. Google has not provided details on its new encryption efforts, but did say it would be 'end-to-end,' meaning that all servers and fiber-optic lines involved in delivering information will be encrypted."

If Google cares about security...

[Anonymous Coward]

If Google cares about security, then why does it insist that companies synchronize passwords with their Google Apps domains using unsalted MD5 checksums?

Here comes the real test:

[fuzzyfuzzyfungus]

For an entity like Google (large, technically sophisticated; but most of their worthwhile data probably count as 'business records' for the purposes of nigh-limitless subpoena-under-cover-of-darkness powers, do the feds really bother sucking on the fiber when they could just flash a badge and get what they want?

If so, actually-working-encryption should create an interesting little jump in the number of information demands (whether they are the kind that Google is allowed to talk about, and whether it will be 'Google received 123,345 demands last year, and only one this year! (The one demand was "We want all of it.") are different questions).

If they already aren't sucking on the fiber because doing it through Legal is easier, this probably isn't bad security practice; but won't really slow the feds down much. They certainly don't have an aversion to genuinely covert behavior; but they also have crazy expansive 'legal' abilities to obtain information (and, especially when paid, often plenty of help from the companies who have the data...)

Re:Meaningless ...

[Xest]

Not really meaningless.

The problem is that the NSA/GCHQ have been farming literally everything that goes in and out of these companies whether it's relevant to their investigations or not. If Google succeed in implementing end-to-end encryption then they wont be able to do this.

Yes you're right they can still walk through the door with a warrant and demand the key but that forces them to be far more targeted in their investigations. It means they have to be able to justify, even if only to a secret court, that the person in question should have a warrant served against their data.

If nothing else that means no more "accidental" gathering of the data of Americans in breach of the 4th amendment. It also means the NSA can no longer rely on GCHQ to gather data on US citizens to bypass the 4th amendment because GCHQ doesn't get to use America's secret courts to serve warrants on US citizens, and nor do we have secret courts in the UK through which it could do it.

So this sort of thing does matter. It matters in that at least the spying they do is all logged down on paper somewhere and has to be justified to at least some degree rather than done automatically against everyone with fuck all oversight.

It's far from perfect, but at least Google are trying to do something and it's better than the current status quo.

Google, Money, Mouth

[Greyfox]

If Google wanted to impress me, they'd include a spot to paste a GPG public key in gmail and auto-encrypt all mails with it on the client side for gmail users or at the entry point of their network for all other mail users. As it stands Google is very much part of the problem, not very much part of the solution.

Meaningless if

[Anonymous Coward]

Sure, NSA has been farming Google's queries and emails and all the other stuff unencrypted. And for Google's PRISM link, they need a warrant if its for a USA citizen. (Well at least if they think it is, at least 51%). That means nothing to us non US citizens. (I'm a brit, my countries spy agency even spies on me for the NSA and the politician who signed off on it, William Hague, traitor to his country, is 'Sir William Hague' not 'Traitor William Hague'!).

So Google's encrypting data forces them to get a warrant, well sort of, and only for USA people.

Except NSA has also been getting warrants that let it get the keys to the certs, and also has access to the cert authorities, and it also has backdoors into the encryption itself, making the encryption meaningless. A PR stunt. "Accidental" gathering of American data still continues and for most of the world the same "massive deliberate" capturing of our data, private, political, news, business secrets the lot, continues unabated.

Android is still rooted, MS Phone is still rooted. Google's services are still part of the surveillance machine, willing or not.

It's a token response, but the real solution is to avoid letting your important communications transit the US, or US based services.

I've cancelled VPN's, webservers, Skype, stopped using Google, email has been moved. These are *real* measures that can be taken, not *PR Stunt* measures.