Google is racing to encrypt the torrents
of information that flow among its data
centers around the world in a bid to
thwart snooping by the NSA and the
intelligence agencies of foreign
governments, company officials said
Friday.
The move by Google is among the most
concrete signs yet that recent revelations
about the National Security Agency's
sweeping surveillance efforts have
provoked significant backlash within an
American technology industry that U.S.
government officials long courted as a
potential partner in spying programs.
Google's encryption initiative, initially
approved last year, was accelerated in
June as the tech giant struggled to guard
its reputation as a reliable steward of
user information amid controversy about
the NSA's PRISM program, first reported
in The Washington Post and the
Guardian that month. PRISM obtains
data from American technology
companies, including Google, under
various legal authorities.
Encrypting information flowing among
data centers will not make it impossible
for intelligence agencies to snoop on
individual users of Google services, nor
will it have any effect on legal
requirements that the company comply
with court orders or valid national
security requests for data. But company
officials and independent security
experts said that increasingly widespread
use of encryption technology makes mass
surveillance more difficult — whether
conducted by governments or other sophisticated hackers.
"It's an arms race," said Eric Grosse, vice
president for security engineering at
Google, based in Mountain View, Calif.
"We see these government agencies as
among the most skilled players in this
game."
Experts say that, aside from the U.S.
government, sophisticated government
hacking efforts emanate from China,
Russia, Britain and Israel.
The NSA seeks to defeat encryption
through a variety of means, including by
obtaining encryption "keys" to decode communications, by using super- computers to break codes, and by influencing encryption standards to
make them more vulnerable to outside
attack, according to reports Thursday by
the New York Times, the Guardian and
ProPublica, based on documents
provided by former NSA contractor Edward Snowden.
But those reports made clear that
encryption — essentially converting data
into what appears to be gibberish when
intercepted by outsiders — complicates
government surveillance efforts,
requiring that resources be devoted to
decoding or otherwise defeating the
systems. Among the most common
tactics, experts say, is to hack into individual computers or other devices
used by people targeted for surveillance,
making what amounts to an end run
around coded communications.
Security experts say the time and energy
required to defeat encryption forces surveillance efforts to be targeted more
narrowly on the highest-priority targets
— such as terrorism suspects — and limits the ability of governments to simply cast a net into the huge rivers of data flowing across the Internet.
"If the NSA wants to get into your system, they are going to get in . . . . Most of the people in my community are realistic about that," said Christopher Soghoian, a computer security expert at the American Civil Liberties Union. "This is all about making dragnet surveillance impossible.
Agency has worked with its British counterpart to break codes that protect data sent across Web.
If NSA breaks encryption, is Tor secure?
Brian Fung Executives from the Tor Project say its DoD funding is more like a research grant than anything else.
High-profile conservatives back ACLU's NSA lawsuit Brian Fung
The civil liberties group is gaining steam in its challenge to government surveillance.
The NSA declined to comment for this
article. The Office of the Director of
National Intelligence issued a statement
Thursday saying: "Throughout history,
nations have used encryption to protect
their secrets, and today terrorists,
cybercriminals, human traffickers and
others also use code to hide their
activities. Our intelligence community
would not be doing its job if we did not
try to counter that."
The U.S. intelligence community has
been reeling since news reports based on
Snowden's documents began revealing
remarkable new detail about how the
government collects, analyzes and
disseminates information — including, in
some circumstances, the e-mails, video
chats and phone communications of
American citizens.
Many of the documents portray U.S.
companies as pliant "Corporate Partners"
or "Providers" of information. While
telecommunications companies have
generally declined to comment on their
relationships with government
surveillance, some technology companies
have reacted with outrage at the
depictions in the NSA documents
released by Snowden. They have joined
civil liberties groups in demanding more
transparency and insisting that
information is turned over to the
government only when required by law,
often in the form of a court order.
In June, Google and Microsoft asked the
Foreign Intelligence Surveillance Court
to allow them greater latitude in
reporting how much information they
must turn over to the government. On
Friday, Yahoo issued its first
"government transparency report,"
saying it had received 12,444 requests for
data from the U.S. government this year,
covering the accounts of 40,322 users.
Google has long been more aggressive
than its peers within the U.S. technology
industry in deploying encryption
technology. It turned on encryption in its
popular Gmail service in 2010, and since
then has added similar protections for
Google searches for most users.
Yet even as it encrypted much of the data
flowing between Google and its users, the
information traveling between its data
centers offered rare points of
vulnerability to potential intruders,
especially government surveillance
agencies, security officials said. User
information — including copies of e-
mails, search queries, videos and Web
browsing history — typically is stored in
several data centers that transmit
information to each other on high-speed
fiber-optic lines.
Several other companies, including
Microsoft, Apple and Facebook,
increasingly have begun using
encryption for some of their services,
though the quality varies by company.
Communications between services —
when an e-mail, for example, is sent from
a user of Gmail to a user of Microsoft's
Outlook mail — are not generally
encrypted, appearing to surveillance
systems as what experts call "clear text."
Google officials declined to provide
details on the cost of its new encryption
efforts, the numbers of data centers
involved, or the exact technology used.
Officials did say that it will be what
experts call "end-to-end," meaning that
both the servers in the data centers and
the information on the fiber-optic lines
connecting them will be encrypted using
"very strong" technology. The project is
expected to be completed soon, months
ahead of the original schedule.
Grosse echoed comments from other
Google officials, saying that the company
resists government surveillance and has
never weakened its encryption systems
to make snooping easier — as some
companies reportedly have, according to
the Snowden documents detailed by the
Times and the Guardian on Thursday.
"This is a just a point of personal honor,"
Grosse said. "It will not happen here."
Security experts said news reports
detailing the extent of NSA efforts to
defeat encryption were startling. It was
widely presumed that the agency was
working to gain access to protected
information, but the efforts were far
more extensive than understood and
reportedly contributed to the creation of
vulnerabilities that other hackers,
including foreign governments, could
exploit.
Matthew Green, a Johns Hopkins
cryptography expert, applauded Google's
move to harden its defenses against
government surveillance, but said recent
revelations make clear the many
weaknesses of commonly used
encryption technology, much of which
dates back to the 1990s or earlier. He
called for renewed efforts among
companies and independent researchers
to update systems — the hardware, the
software and the algorithms.
"The idea that humans can communicate
safely is something we should fight for,"
Green said.
But he said he wasn't sure that would
happen: "A lot of people in the next week
are going to say, this is too hard. Let's
forget about the NSA."
Haylet Tsukayama contributed to this
report.
www.trueheart2love.diydating.com
of information that flow among its data
centers around the world in a bid to
thwart snooping by the NSA and the
intelligence agencies of foreign
governments, company officials said
Friday.
The move by Google is among the most
concrete signs yet that recent revelations
about the National Security Agency's
sweeping surveillance efforts have
provoked significant backlash within an
American technology industry that U.S.
government officials long courted as a
potential partner in spying programs.
Google's encryption initiative, initially
approved last year, was accelerated in
June as the tech giant struggled to guard
its reputation as a reliable steward of
user information amid controversy about
the NSA's PRISM program, first reported
in The Washington Post and the
Guardian that month. PRISM obtains
data from American technology
companies, including Google, under
various legal authorities.
Encrypting information flowing among
data centers will not make it impossible
for intelligence agencies to snoop on
individual users of Google services, nor
will it have any effect on legal
requirements that the company comply
with court orders or valid national
security requests for data. But company
officials and independent security
experts said that increasingly widespread
use of encryption technology makes mass
surveillance more difficult — whether
conducted by governments or other sophisticated hackers.
"It's an arms race," said Eric Grosse, vice
president for security engineering at
Google, based in Mountain View, Calif.
"We see these government agencies as
among the most skilled players in this
game."
Experts say that, aside from the U.S.
government, sophisticated government
hacking efforts emanate from China,
Russia, Britain and Israel.
The NSA seeks to defeat encryption
through a variety of means, including by
obtaining encryption "keys" to decode communications, by using super- computers to break codes, and by influencing encryption standards to
make them more vulnerable to outside
attack, according to reports Thursday by
the New York Times, the Guardian and
ProPublica, based on documents
provided by former NSA contractor Edward Snowden.
But those reports made clear that
encryption — essentially converting data
into what appears to be gibberish when
intercepted by outsiders — complicates
government surveillance efforts,
requiring that resources be devoted to
decoding or otherwise defeating the
systems. Among the most common
tactics, experts say, is to hack into individual computers or other devices
used by people targeted for surveillance,
making what amounts to an end run
around coded communications.
Security experts say the time and energy
required to defeat encryption forces surveillance efforts to be targeted more
narrowly on the highest-priority targets
— such as terrorism suspects — and limits the ability of governments to simply cast a net into the huge rivers of data flowing across the Internet.
"If the NSA wants to get into your system, they are going to get in . . . . Most of the people in my community are realistic about that," said Christopher Soghoian, a computer security expert at the American Civil Liberties Union. "This is all about making dragnet surveillance impossible.
Agency has worked with its British counterpart to break codes that protect data sent across Web.
If NSA breaks encryption, is Tor secure?
Brian Fung Executives from the Tor Project say its DoD funding is more like a research grant than anything else.
High-profile conservatives back ACLU's NSA lawsuit Brian Fung
The civil liberties group is gaining steam in its challenge to government surveillance.
The NSA declined to comment for this
article. The Office of the Director of
National Intelligence issued a statement
Thursday saying: "Throughout history,
nations have used encryption to protect
their secrets, and today terrorists,
cybercriminals, human traffickers and
others also use code to hide their
activities. Our intelligence community
would not be doing its job if we did not
try to counter that."
The U.S. intelligence community has
been reeling since news reports based on
Snowden's documents began revealing
remarkable new detail about how the
government collects, analyzes and
disseminates information — including, in
some circumstances, the e-mails, video
chats and phone communications of
American citizens.
Many of the documents portray U.S.
companies as pliant "Corporate Partners"
or "Providers" of information. While
telecommunications companies have
generally declined to comment on their
relationships with government
surveillance, some technology companies
have reacted with outrage at the
depictions in the NSA documents
released by Snowden. They have joined
civil liberties groups in demanding more
transparency and insisting that
information is turned over to the
government only when required by law,
often in the form of a court order.
In June, Google and Microsoft asked the
Foreign Intelligence Surveillance Court
to allow them greater latitude in
reporting how much information they
must turn over to the government. On
Friday, Yahoo issued its first
"government transparency report,"
saying it had received 12,444 requests for
data from the U.S. government this year,
covering the accounts of 40,322 users.
Google has long been more aggressive
than its peers within the U.S. technology
industry in deploying encryption
technology. It turned on encryption in its
popular Gmail service in 2010, and since
then has added similar protections for
Google searches for most users.
Yet even as it encrypted much of the data
flowing between Google and its users, the
information traveling between its data
centers offered rare points of
vulnerability to potential intruders,
especially government surveillance
agencies, security officials said. User
information — including copies of e-
mails, search queries, videos and Web
browsing history — typically is stored in
several data centers that transmit
information to each other on high-speed
fiber-optic lines.
Several other companies, including
Microsoft, Apple and Facebook,
increasingly have begun using
encryption for some of their services,
though the quality varies by company.
Communications between services —
when an e-mail, for example, is sent from
a user of Gmail to a user of Microsoft's
Outlook mail — are not generally
encrypted, appearing to surveillance
systems as what experts call "clear text."
Google officials declined to provide
details on the cost of its new encryption
efforts, the numbers of data centers
involved, or the exact technology used.
Officials did say that it will be what
experts call "end-to-end," meaning that
both the servers in the data centers and
the information on the fiber-optic lines
connecting them will be encrypted using
"very strong" technology. The project is
expected to be completed soon, months
ahead of the original schedule.
Grosse echoed comments from other
Google officials, saying that the company
resists government surveillance and has
never weakened its encryption systems
to make snooping easier — as some
companies reportedly have, according to
the Snowden documents detailed by the
Times and the Guardian on Thursday.
"This is a just a point of personal honor,"
Grosse said. "It will not happen here."
Security experts said news reports
detailing the extent of NSA efforts to
defeat encryption were startling. It was
widely presumed that the agency was
working to gain access to protected
information, but the efforts were far
more extensive than understood and
reportedly contributed to the creation of
vulnerabilities that other hackers,
including foreign governments, could
exploit.
Matthew Green, a Johns Hopkins
cryptography expert, applauded Google's
move to harden its defenses against
government surveillance, but said recent
revelations make clear the many
weaknesses of commonly used
encryption technology, much of which
dates back to the 1990s or earlier. He
called for renewed efforts among
companies and independent researchers
to update systems — the hardware, the
software and the algorithms.
"The idea that humans can communicate
safely is something we should fight for,"
Green said.
But he said he wasn't sure that would
happen: "A lot of people in the next week
are going to say, this is too hard. Let's
forget about the NSA."
Haylet Tsukayama contributed to this
report.
www.trueheart2love.diydating.com
Comments