The search giant steps up the pace on an encryption plan to protect information in transit between its data centers.
September 6, 2013 5:50 PM PDT
A newly revealed Google encryption project is apparently months ahead of schedule.
(Credit: Declan McCullagh)
Google has kicked into high gear a plan to encrypt data sent between its data centers, in the wake of the National Security Agency spying scandal.
The Washington Post reports that Google’s plan was devised last year, but was put on the front burner to help safeguard the company’s reputation in the wake of the surveillance documents leaked by former NSA tech worker Edward Snowden.
“It’s an arms race,” Eric Grosse, Google’s vice president for security engineering, told the Post. “We see these government agencies as among the most skilled players in this game.”
Yahoo fights NSA worries, issues first transparency report
NSA can see through encryption, including your private e-mail’s, says report
NRA joins ACLU in suit against NSA’s surveillance program
NSA spied on Al Jazeera internal communications, report says
Leaked documents detail broad reach of US cyberoperations
Microsoft, Google to sue over FISA gag order
Guess what happened when Backblaze tried using the NSA for data backup
The report follows another Google plan to encrypt data stored on its servers.
The difference between encrypting information on servers and in transit, and unencrypted information, is similar to the difference between locking your front door at night versus leaving it wide open. It won’t stop an aggressive thief from breaking in, but it will deter many and make it harder for all but the best thieves.
A report Thursday said that the government is seeking the cryptographic keys necessary to break encryption.
The government has “an incredible lock pick set,” privacy and security researcher Ashkan Soltani said in a conversation about government encryption access, but not specifically about Google’s initiative.
“But,” he cautioned, “the government does not have access to all encryption. It’s not a backdoor to all communication.”
Google’s plan will not change its legal requirements to comply with National Security Letters and other legal mechanisms that require the company to turn over data at the government’s request, but it has apparently accelerated its plan so that it will be completed “soon,” “months ahead of schedule.”
Currently, e-mail sent from one Gmail account to another is encrypted while in transit using Transport Layer Security (TLS).
This Google initiative would also encrypt other forms of data sent between Google data centers such as Google Drive contents.
Google representatives would not provide much information on the details of the encryption efforts, including how much it is costing the company to pursue this level of encryption, how many data centers are involved, or what kind of encryption is being used.
The company did tell the Post that it will be using “end to end” encryption for the project, which means that the servers storing the data and the data-in-transit will be protected by “very strong” encryption.
The revelation comes as Google and Microsoft are expected to jointly sue the government on Monday, the latest in a series of moves that indicate some tech companies are not quietly acquiescing to government demands for access to user data.
Also on Friday, Yahoo issued its first transparency report on government requests for access to user data.