Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google plan to thwart government surveillance with encryption raises stakes

Antone Gonsalves | Sept. 11, 2013
Strategy would make probing data flow expensive and hard, likely forcing the NSA to obtain a court order for targeted data.

Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments is as much about economics as data encryption, experts say.

Google recently told The Washington Post that it has stepped up efforts to encrypt data flowing between its data centers around the world. The move follows revelations over the summer of massive Internet surveillance by the U.S. National Security Agency (NSA).

Google's encryption initiative started last year, but was accelerated in June following the release of classified documents on NSA data collection. Whistleblower Edward Snowden, an ex-NSA contractor, supplied the documents to news media, which led to extensive reporting by The New York Times, The Washington Post, The Guardian and ProPublica.

With each new NSA revelation, Google and other Internet companies have come under increasing pressure to demonstrate that they are doing as much as is legally possible to protect customer data. Customer trust has been shaken by reports that Google, Facebook, Yahoo and Apple are among the U.S. Internet companies that have worked with the NSA in its efforts to monitor communications between suspected terrorists in and outside the U.S.

The NSA's anti-terrorist activities have become controversial because the Snowden documents indicate the agency is capturing huge amounts of information on Internet activity, searching it as needed for data related to specific cases. Google's encryption strategy would make casting a net into its data flow expensive and hard work, making it more likely that the NSA would obtain a court order for information on specific targets instead.

"This is a business strategy," Kevin Bocek, vice president of product marketing for certificate management vendor Venafi, told CSOonline on Monday. "A large part of Google's business is about [customer] trust."

The U.S. is only one of many governments that Google is trying to fend off by raising the stakes for siphoning information flowing over the Internet. Other countries with sophisticated hacking technology include China, Russia, Britain and Israel.

"It's an arms race," Eric Grosse, vice president for security engineering at Google, told The Washington Post. "We see these government agencies as among the most skilled players in this game."

The NSA reportedly has several methods for getting the information it wants. The agency has the ability to read significant amounts of Internet traffic, it has worked with tech vendors to bypass their products' cryptographic capabilities, and it has designed its own exploits for compromising computer systems.

However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained.

"The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical," Bruce Schneier, a renowned security technologist and cryptographer, wrote in The Guardian. "They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible."


1  2  Next Page 

Sign up for CIO Asia eNewsletters.