Google is researching and experimenting with methods of encrypting files within its Google Drive cloud storage service, according to CNET. The move to encrypt files stored in Google Drive is likely an attempt to protect its customers’ privacy against attempts by the U.S. government to access the data.
Through the use of the PRISM program, various U.S. government agencies can gain access to huge amounts of collated data from around the internet. The use of encryption is critically important to protect data from snooping, as anyone who obtains the data at a later point cannot decrypt it without the key.
Many companies use SSL and HTTPS to securely transmit data from a user’s computer to the destination servers. This protects the data from anyone listening in on the transmission, a procedure called a “man-in-the-middle” attack.
Google uses HTTPS when transferring files to their Drive servers for storage, but once the files have been received, they are stored in an unencrypted state, according to a post made in April 2012 by a community manager on a Google product forum.
Encrypting the stored data raises a number of issues, including difficulty indexing and searching files, and increases in required computation resources. However, once the files are encrypted, even a person or entity with direct access to where they are stored, the NSA for instance, wouldn’t be able to read the files after obtaining them, unless they put serious effort into breaking the encryption or acquiring the encryption keys.
A recent report detailed the deep level of access the NSA had into Microsoft servers and services, including methods to circumvent encryption in the new Outlook.com portal. If compelled by the Foreign Intelligence Surveillance Court, it’s reasonable to think that Google may have to make, or has made, similar concessions.
Details on Google’s new encryption methods have not been disclosed, but it’s possible they are looking into “zero knowledge” methods that limit even Google’s access to the data stored on Drive servers. If only the end user has access to the encryption keys, only the end user can decrypt the data.