Google testing encryption methods to foil government snooping

Jesse

Jesse

Posts: 358   +42

Google is researching and experimenting with methods of encrypting files within its Google Drive cloud storage service, according to CNET. The move to encrypt files stored in Google Drive is likely an attempt to protect its customers’ privacy against attempts by the U.S. government to access the data.

Through the use of the PRISM program, various U.S. government agencies can gain access to huge amounts of collated data from around the internet. The use of encryption is critically important to protect data from snooping, as anyone who obtains the data at a later point cannot decrypt it without the key.

Many companies use SSL and HTTPS to securely transmit data from a user’s computer to the destination servers. This protects the data from anyone listening in on the transmission, a procedure called a “man-in-the-middle” attack.

Google uses HTTPS when transferring files to their Drive servers for storage, but once the files have been received, they are stored in an unencrypted state, according to a post made in April 2012 by a community manager on a Google product forum.

Encrypting the stored data raises a number of issues, including difficulty indexing and searching files, and increases in required computation resources. However, once the files are encrypted, even a person or entity with direct access to where they are stored, the NSA for instance, wouldn’t be able to read the files after obtaining them, unless they put serious effort into breaking the encryption or acquiring the encryption keys.

A recent report detailed the deep level of access the NSA had into Microsoft servers and services, including methods to circumvent encryption in the new Outlook.com portal. If compelled by the Foreign Intelligence Surveillance Court, it’s reasonable to think that Google may have to make, or has made, similar concessions.

Details on Google’s new encryption methods have not been disclosed, but it’s possible they are looking into “zero knowledge” methods that limit even Google’s access to the data stored on Drive servers. If only the end user has access to the encryption keys, only the end user can decrypt the data.

Permalink to story.

https://www.techspot.com/news/53270-google-testing-encryption-methods-to-foil-government-snooping.html

 
I already encrypt my Google Drive files with the Syncdocs app. It works great and uses AES encryption.
 
I hope this trend continues.

As a consumer when you use an online service you sorta expect a level of privacy. You can argue that you shouldn't expect any privacy if you'd like but in the current climate where every company of any value has "cloud based" data storing apps it looks to become necessary for companies to encrypt user data. If it's not the government snooping on us it's a 14 year old hacker releasing millions of user names and passwords on the torrent sites.

I hope to see this as the new security trend for "public" type services. Mega upload did it recently, I hope everyone else follows suit. It's incredibly stupid that we HAVE to encrypt our data to keep the government from seeing it.
 
JC713 said:
There is a catch I bet.
Click to expand...
There is always a catch. The whole concept of this article is unbelievable. Google wants your information just as badly as the government, only for different reasons. This is a cover up, PR plain and simple, in the attempt to draw peoples attention away from Google on surveillance issues.
 
  • Like
Reactions: Jad Chaar and misor
I use SkyDrive. All documents are encrypted with TrueCrypt. I don't believe them.
 
JC713 said:
There is a catch I bet.
Click to expand...
Here's the catch...
" “zero knowledge” methods that limit even Google’s access to the data stored on Drive servers. If only the end user has access to the encryption keys, only the end user can decrypt the data."

In the UK if you are being investigated you can be forced to decrypt any thing the government want to look at, or face between 2 - 5 years inside depending on the charges. Even if you no longer have the keys to decryption. I'm sure the US can make a few changes to do similar if they want, all in the name of terrorism of course.
 
Does anyone actually believe this cr*p? This article is just the same old rhetoric and tactics they use to attempt to convince the masses that they are actually doing something about privacy issues which became public knowledge thanks to the Edward Snowden. The very fact that the government are hunting Snowden down like a serial killer just says it all about these insidious criminal organizations who incidentally are using our "taxpayers" money to do it! Snowden should be hailed a hero and treated as such!

Google are not the solution, they are part of the problem. Their head attended Bilderberg in the UK this year along with Bill Gates and co. Trust anything this company says and does or anything the "controlled" media want to report and your about as lost as they are. Even the picture associated with this article is geometrically a pyramid inside a pyramid which can be subdivided into multiple pyramids or equilateral triangles!! I live in hope that we will all wake up to this sooner rather than later.
 
If you don't trust Google with your sensitive documents, why not just store them on the NSA's servers. They'd never think of looking there for them.
 
Google want all data for themselves. It is amazing that, after so many years and proven spying activities, people still use G for anything.
 
Google is doing GREAT PR so that you can trust them again, they don't give a ****!!
 
Ummm, is Google trying to give the impression that they were not aware of the NSA PRISM blanket surveillance program. Why does this strike me as odd? Just from a purely logical standpoint.

Or maybe their thinking is, along the lines of, "Well, yeah we knew about PRISM but now that WE know that YOU know were going to do the right thing?" LOL. Better than science fiction.

Edit: Just another thought. Wouldn't it be treasonous or some such crime to actively thwart government efforts to SPY on all US citizens? If the US government can charge Edward Snowden for simply revealing the PRISM program what would they do to somebody who actively tries to circumvent the program or make it less effective as Google "appears" to be attempting to do? Another reason I find this story very hard to swallow. Anybody got a few grains of salt?
 
  • Like
Reactions: cliffordcooley
Even AES encryption can be cracked given time and compute power
given that the length of the keys has been artificially limited.

Given the tools at hand, the only way to do this is double encryption;
eg: the user encrypts the file personally on the source computer before it is loaded into a filesystem with enycrption like Google Drive.

To learn more on secure access, read-up on how to generate SSH Public and Private Keys - - it's time well spent.
 
If you believe this, then I have a bridge in Brooklyn I would like to sell to you.
 
is likely an attempt to protect its customers’ privacy against attempts by the U.S. government to access the data.
Click to expand...
So Google didnt explicitly say they were trying to lock out the US Govt?
In other words, this is all mere speculation.
 
TheBigFatClown said:
Wouldn't it be treasonous or some such crime to actively thwart government efforts to SPY on all US citizens? If the US government can charge Edward Snowden for simply revealing the PRISM program what would they do to somebody who actively tries to circumvent the program or make it less effective as Google "appears" to be attempting to do?
Click to expand...

Nope. There is a huge difference between releasing classified government information to the public without it first going through all the proper channels to be de-classified, and preventing snoops from gaining access to information without a warrant. If the govt. had a warrant and Google failed to comply with sharing information, THEN they would be in trouble. Otherwise, they are doing nothing wrong legally by encrypting information on their servers.

If we went along with your mindset, anyone who has ever encrypted anything would be considered as doing treasonous acts, lol.
 
The question was rhetorical to give an example of why I don't believe Google is doing this to protect consumer privacy. Google was already involved in the PRISM surveillance program. They already knew that the government was spying on all it's citizens. And now they wanna come out and try to act like their concerned for their users privacy? It's a day a late and dollar short for that.

Even though the question I posed was rhetorical I think you missed my point. Saying that anyone who encrypts data could be accused of treason(which is not what I am suggesting) isn't quite the same thing as Google knowingly, keyword = knowingly cooperating with the US Government in the PRISM program and, at the same time, implementing encryption to thwart this PRISM surveillance program, might very well be viewed in the eyes of government as treasonous. The two objectives are at odds with each other. They can't both be in effect at the same time. Otherwise, what would be the point of the PRISM surveillance program.

And you also talked about warrants being required. LOL. Since when did the current Department of Justice administration care about following the laws.

Obviously, Google is not stupid enough to engage in any treasonous activities(Im assuming)

I can't see Google saying, "Ummm, yeah well Implement and comply with this PRISM surveillance program but you don't mind if we offer our users encryption at the same time, do you?". NSA - "Sure, thats fine".

Google is only doing this now because THEY know that WE know.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Unpatchable Apple Silicon vulnerability could leak encryption keys
Replies
15
Views
249
Dreadcthulhu
D
D
Microsoft BitLocker encryption cracked in just 43 seconds with a $4 Raspberry Pi Pico
Replies
18
Views
455
bviktor
B
Bubbajim
Real-time, AI monitoring at work: Major brands are snooping on employee conversations
Replies
18
Views
385
Kam7r
K

Latest posts

Back