Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes

Soulskill posted about a year ago | from the or-at-least-get-the-public-relations-departments-some-more-work dept.

Google 216

CWmike writes "Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments — started last year, but accelerated in June following the NSA leaks — is as much about economics as data encryption, experts say. Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained. However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained. 'The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical,' Bruce Schneier, a renowned security technologist and cryptographer, wrote in The Guardian. 'They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.' The NSA's capabilities for cracking encryption are not known outside the agency. However, the most secure part of an encryption system remains the 'mathematics of cryptography,' Schneier said. The greater weaknesses, and the ones mostly likely to be exploited by governments in general, are the systems at the start and end of the data flow. 'I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks.' Is this about citizen's rights, or a business decision (some might say an existential issue) for Google? Does it matter, and will it make a difference?"

Sorry! There are no comments related to the filter you selected.

Arms race (5, Insightful)

udachny (2454394) | about a year ago | (#44815457)

Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

- yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

Re:Arms race (0, Offtopic)

Anonymous Coward | about a year ago | (#44815527)

There are approximately 7 billion guns from all around the world pointed right at the NSA and the US govt. right now. We also have shovels, pitchforks, guillotines and Molotov cocktails.

Don't worry, that side will soon be the pleasant side of the barrel.

I will believe ... (5, Insightful)

Taco Cowboy (5327) | about a year ago | (#44815621)

I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.

No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.

Re:I will believe ... (1)

Anonymous Coward | about a year ago | (#44815739)

Oceanic fiber isn't free. There's no way they could move them all outside.

Re:I will believe ... (0)

Zemran (3101) | about a year ago | (#44816353)

If that was really a consideration they would leave today as most of their users are already outside of the USA. Only and American would think that America is the world...

Re:I will believe ... (1, Flamebait)

Dishevel (1105119) | about a year ago | (#44816399)

I believe that Google already has craploads of servers local to their customers. That is how they work. They have servers in America for ... Americans. They have them in Europe and many other places as well.

Only a fucking third world shithead pretending to be second world thinks America has no place in the world. Fuck off and go live in North Korea.

Re:I will believe ... (0)

Anonymous Coward | about a year ago | (#44815787)

I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.

And I will believe that you are so fucking ignorant about international law and what other countries do with their citizens data that you'll probably make some kind of wild suggestion to move ALL their serv...oh. Sorry. Obviously your ignorance beat me to the punch here.

Not to mention the notion of the NSA simply cracking the servers regardless of where they sit, which is more what this article was about. Physical location is dependent on requests that are somewhat legal and politely knock on the front door, which is hardly the case we're speaking of.

When the comment is filled with shit ... (-1, Flamebait)

Anonymous Coward | about a year ago | (#44816059)

Slashdot has become such a pathetic shitty place that even comments do not need to make any sense any longer.

And I will believe that you are so fucking ignorant about international law and what other countries do with their citizens data ...

Raising RED HERRING such as "other countries do with their citizen data" does not, in any way, lessen the CRIME the fucking NSA is perpetrating on the American citizens !

Not to mention the notion of the NSA simply cracking the servers regardless of where they sit ...

NSA simply cracking servers regardless of where they sit ?

Holy motherfucking cucumber !!

I knew NSA has a lot of neat trick, but I never knew NSA is so super powerful that they can simply crack servers regardless of where they sit !!!

Re:When the comment is filled with shit ... (-1)

Anonymous Coward | about a year ago | (#44816097)

So you're saying you're starting from a strong position of ignorance ...

You're fucking retarded. Keep drinking the progressive coolade.

Re:I will believe ... (3, Interesting)

niftymitch (1625721) | about a year ago | (#44816577)

I will believe Google is genuinely against NSA's encryption breaking scheme only when Google moves ALL their servers OUTSIDE of the United States of America.

No point of talking about "upping the stakes" when the same old thing - a secret warrant demanding full disclosure - can happen anytime.

Google has seen so very many attacks on its infrastructure that all links are now or will soon be encrypted.

Rumors are that Google is also large enough to distribute secret keys to the end point devices and can even
manage building to building and room to room encrypted data links.

I am of the opinion that Google is under pressure from TLA organizations to protect its resources as a mater of national
security. i.e. penetration from China, Iran, Korea, Cuba needs to be stopped. The capability to stop industrial
and international agents has the side effect of stopping or slowing down US agencies.

Those agencies are well armed with paper and via legal process can get that which is needed.

There is a lesson here. Do not obstruct US national TLAs but protect fully from international and industrial
attacks and you will be in as good a legal situation as possible. Secret orders are a tangle. Validating
that a secret order is a valid order risks divulging the secret order to the degree that it pays to not act on
or acknowledge the order that cannot be verified as it may well be an elaborate phishing attack by a foreign
agency with deep pockets. OK that may not be practical but the point is that becoming the target of
international agents unfriendly to the US is very possible and astoundingly possible. Physical, technical
and social attacks are very possible...

Since I am not an attorney none of what I said can be construed as advice. Do get advice in
advance of the need for advice when adversarial stuff is flying hither and yon and clear thinking
and communication is impossible.

Re:Arms race (5, Interesting)

fuzzyfuzzyfungus (1223518) | about a year ago | (#44815721)

Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' The crux of the issue with Google making the NSA dragnet harder (knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained.

- yeah, it's an arms race alright. It's a kind of a race where if Google doesn't give the NSA what NSA wants, Google's employees and management will find itself on the wrong side of a gun.

You might be underestimating the influence of the 'lobby furiously' step in American politics:

Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress (Gen. Alexander's star trek paraphernalia and all) and slug it out with the representatives of all the major technology companies who are missing out on sweet foreign contracts because of (accurate) perceptions that they are the US government's little stooges. That isn't unwinnable; but it's a lot less comfortable than just slurping packets in the shadows, or basking in the warm glow of misplaced public confidence that you only go after 'bad people'.

It's not as though the civil libertarians can win this (either the legislative flavor, or the ones who think that their guns will save them); but the NSA has crossed the line into threatening shareholder value. That's serious business, probably Unamerican. We've installed brutal, CIA-backed, military juntas in countries we don't care about for pulling shit like that.

Re:Arms race (2)

Mitreya (579078) | about a year ago | (#44816031)

Team Google, or anybody else with nontrivial US presence(or who we feel like bag-n'-dragging, which we do sometimes), can't resist legal force; but if they can resist covert surveillance, they force the spooks to go to congress

That may be, but it is pretty obvious that Google has no interest in fighting that battle. They are making some noises now that it became apparent that they handed over the data -- but I have little reason to believe they are going to invest in a real fight (and maybe it isn't their responsibility).

Based on the previous post on slashdot, tech companies are fighting furiously to report the "total number of NSA requests" they complied with. Once they win, all will be well in the world.

Re:Arms race (1)

Zemran (3101) | about a year ago | (#44816387)

Yes, there will be so much less spying on individuals if they tell us what we already know.

Re:Arms race (0)

Anonymous Coward | about a year ago | (#44816063)

One thing your forgetting and I will continue to remind people of, what about the other agencies that are doing far more then the NSA and yet the media/press continues to its communist like reporting, by failing to report the other agencies and or anything else including companies heavily handed involvement with cooperating behind the public's back.

It is completely possible companies had there arms twisted and forced to obey the NSA's demands, I seriously doubt this... Your talking billion dollar companies not the a small business, very unlikely they are against the NSA. They have contracts with government branches, they knew what they were getting into by going along with this. Snowdens files are "said" to reveal this..

Again your trying to blame the big bad government, when the blame goes full circle.

Re:Arms race (1)

number11 (129686) | about a year ago | (#44816197)

One thing your forgetting and I will continue to remind people of, what about the other agencies that are doing far more then the NSA and yet the media/press continues to its communist like reporting, by failing to report the other agencies and or anything else including companies heavily handed involvement with cooperating behind the public's back.

Of course other agencies (e.g. the DEA) are doing this. So hustle up some whistleblowers to make that newsworthy. Hustle up stories about how normal citizens (not druggies or drooling pervs, not that either taking drugs or drooling should be a crime) can be hurt by this.

The "news" follows what's hot,

Re:Arms race (5, Interesting)

Zemran (3101) | about a year ago | (#44816337)

Criminals and terrorists do not have a problem getting around the NSA, it is only ordinary people that are being spied on. Anyone organisation that does anything suspect will set up their own DNS with their own TLDs (just like the .onion network) and work away unnoticed, even some companies are already doing this so that they have their own intranet on the internet, all requests for a .com address etc. are just passed on the normal DNS server. They can use their own mail system with as much good encryption as they like and the NSA do not even know it is there or have access if it is in another country. The normal people who are using Hotmail, Yahoo, Gmail etc. are the ones being spied on, even Snowden said this. They say that they are fighting terrorism but that is only to justify what they are doing, they are spying on you and I.

When has it not been a arms race? (0)

Anonymous Coward | about a year ago | (#44815473)

This has been going on FOREVER... There is always a better mouse trap .. or cheese ;-)

That's a relief (5, Insightful)

theweatherelectric (2007596) | about a year ago | (#44815487)

Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments

So.. the only organisation conducting invasive surveillance of my Internet activity will be Google? I'm most relieved.

Re:That's a relief (0, Troll)

Anonymous Coward | about a year ago | (#44815627)

Look at all the cute comments here who think that Google would magically shut their backdoors to the NSA anyway. Google probably even had to get permission from Baraq Hussein Sotero himself to feign this fake little righteous indignation, that they'd actually give a shit about Americans' privacy and freedom. Ye-heah, NSA, I'm finally standing up to you, don't you come around here no more...*Wink-wink*

Oh, and first War for Israel post. Putin and Assad may have put you in checkmate, but that's not gonna stop you from kicking the whole chessboard in a temper-tantrum and splattering the pieces everywhere.

-- Ethanol-fueled

Re:That's a relief (2)

bhagwad (1426855) | about a year ago | (#44815661)

At least you have a choice to not use Google's products. I would much rather Google had access to my data than the government.

Re:That's a relief (3, Insightful)

Architect_sasyr (938685) | about a year ago | (#44815751)

It's not much of a choice - over 65% of the 10,000 most visited websites use jQuery (for example). If you want a semi-decent web experience, giving up on Google is particularly difficult. I don't imagine that it is impossible (queue hater geeks who get away with it), but it's not going to be easy.

Re:That's a relief (1)

bhagwad (1426855) | about a year ago | (#44815777)

Well, one can only control one's own actions. Websites can choose to use non google hosted jquery scripts which is very possible. Either way, it's a net of personal choices. All that can be said is that Google did a good job of convincing others to use its resources. But it didn't force them to. With the government...all choice and personal freedom is removed.

Re:That's a relief (2)

Architect_sasyr (938685) | about a year ago | (#44816001)

Sure, and I agree totally, unfortunately we can not convince others how to host their sites. I use jQuery on my sites, for example, and host the files myself. However, and especially with the advent of "cloud" computing, I have found this to be less and less the case. Google Analytics are another good example - people don't use AWStats (or similar) as much because Google does it all for them.

Great business model, terrible for privacy advocates.

Re:That's a relief (5, Informative)

PRMan (959735) | about a year ago | (#44816053)

I use NoScript to block Google Analytics. It's amazing how much faster the web is when you do that.

Re:That's a relief (0)

Anonymous Coward | about a year ago | (#44815799)

Really? If not google, then what bing, your cell carrier, your local last mile, your credit card co, insurance carrier....? Do any of them guarantee any level of privacy. or do you just click accept all conditions and happily submit to the gathering and analysis of your every scrap of information so that they can figure out how to derive more profits out of you?

I find that more dangerous to me than the gub'mint getting all confuisified (harold and kumar style) and thinking that I'm a terrist

One part of a risk assessment is the probability that something is going to happen, it's one in a million for the government every giving a rats ass about what I do, and an absolute certainty that insurance companies, credit card companies, google, etc... are digging in and acting on my data

Re:That's a relief (1)

Anonymous Coward | about a year ago | (#44815741)

No, it's still NSA+Google+FBI and whatnot. It might hinder some forgein agencys in collection info but never the NSA.

Google is US based and has to provide access. It would be stupid to belive otherwise.

Re:That's a relief (0)

Anonymous Coward | about a year ago | (#44815987)

So if a government shows up as an ad agency, they can read your data in real time?

Re:That's a relief (0)

Anonymous Coward | about a year ago | (#44816113)

Re:That's a relief (2)

peppepz (1311345) | about a year ago | (#44816513)

That's the only reason they're making all this hand-waving: have their customers believe that their data is safe with them - even when obviously it isn't the case - in order to reduce the damage to their revenue. Google's core business model lies in harvesting, analysing and storing massive amounts of user data. This depends entirely on Google's ability to have access to that data unencrypted. NSA and the likes will always share that ability with Google - or be a piece of paper away from acquiring it - so talking about encrypting the "pipes" while retaining the key to the data is pure gimmick.

Rise the steaks ! (0)

Anonymous Coward | about a year ago | (#44815499)

So that the NSA dogs won't eat them so easily.

Certain content delivery networks already do this (2)

kriston (7886) | about a year ago | (#44815515)

Certain content delivery networks already do this. For decades.

I find it hard to believe that Google was really not encrypting its non-client ingress/egress traffic.

Re:Certain content delivery networks already do th (1)

AHuxley (892839) | about a year ago | (#44815633)

A lesson from the consumer OS side - Lower cost and usable by not adding expensive features like good encryption until a real issue makes the press.
Some regimes, monarchies and communist countries might have been swayed by that aspect too - trunk telco network has local rules and no encryption was allowed.
Rapid global uptake of the brand is protected..

Re:Certain content delivery networks already do th (0)

Anonymous Coward | about a year ago | (#44815839)

it has more to do with the type of encryption than anything

1024 bit keys are not all the same and some are vulnerable

There are serious questions about random key generators that are used and encryption schemas that only a few people in the world really understand well enough to know whether or not they are back doored

Most likely those encrypted content delivery networks became targets just like the tor sites. Fine if you are hiding your data from business competitors, not so much if you were hiding from nsa

Plain text is still the prize (2)

AHuxley (892839) | about a year ago | (#44815553)

The plain text is still not legally protected under a NSL/hidden self-signed "court" at the advertising keyword end.
The metadata is still not legally protected under a NSL/hidden self-signed "court" as sent.
The mathematics of cryptography is great PR along the tube but reality sets in at the end of the tube again.
http://www.slate.com/blogs/future_tense/2013/09/09/shifting_shadow_stormbrew_flying_pig_new_snowden_documents_show_nsa_deemed.html [slate.com]
STORMBREW and FLYING PIG show some insights into router and covert data redirection, the use of fake security certificates and the results been unencrypted.
Also note the bypassing (man-in-the-middle) ability via security certificates aspect.

Does it matter? (1)

elmer at web-axis (697307) | about a year ago | (#44815555)

So big corporate will start using SSL for everything.. so? All it'll take is 1 email from and the ssl keys to unlock all that data will be sent with no one allowed to talk about it. What we need is a method to encrypt sessions using 2048+ encryption that even with the private key of a server you wont be able to decrypt and we need to get rid of expensive 3rd party key signers so that everyone uses it. If people didn't have to pay $300US to have a certificate signed then maybe every computer on a network would get ssl keys, rather than a single SSL decrypter on the border of the network.

Re:Does it matter? (1)

james.mcarthur (154849) | about a year ago | (#44816019)

$300 to sign a certificate, where the NSA has probably back-doored it already. One certificate for you, a copy of it for them..

Re:Does it matter? (0)

Anonymous Coward | about a year ago | (#44816533)

You can use self-signed certificates and not pay any one of these CA companies, many of which probably are in the NSA's pocket and will readily sign a fake cert for use in a MITM attack at the NSA's request and cannot really be trusted.

Not a solution. (5, Insightful)

LWATCDR (28044) | about a year ago | (#44815563)

A technological solution will never work. The NSA had court orders and gag orders. While the NSA doing this does not shock or bother me the idea that you can stop them with technology is just silly. Human spies will get around that as they always have.

Re:Not a solution. (1)

AHuxley (892839) | about a year ago | (#44815575)

Now only the NSA and select advertisers can enjoy working on your data.

Re:Not a solution. (5, Insightful)

JanneM (7445) | about a year ago | (#44815605)

"Human spies will get around that as they always have."

Security has never been about _absolute_ security, but simply about making it too expensive, dangerous or time consuming for an adversary to bother. We don't all live in bank vaults, after all; we don't need that much security for the kind of possessions we keep at home.

Schneiers point is the same: we don't need so much security the NSA could never get to our data. We just need enough security - and need enough of us to use it - that the effort to routinely record what we all are up to exceeds their capability of doing so. They do not have an infinite budget, or infinite man-hours.

Make routine surveillance not impossible but too expensive, that's the name of the game.

Re:Not a solution. (2)

LWATCDR (28044) | about a year ago | (#44815679)

The solution is change administrations and tighten the law. People are more than a bit foolish in that they see spying as a bad thing. For instance spying kept the Cuban Missile Crisis from getting out of hand. Spying prevented the UBoats from starving the UK into surrender. We just don't want too much spying. As I said the tech will never be the solution in the US. You need a political solution.
Even if we had a perfectly balanced system it would never make the tinfoil hat crowd happy. BTW odds are if your internet traffic goes overseas at all and possibly even if it does not the Russians and Chinese are also looking at it.

Re:Not a solution. (2)

JanneM (7445) | about a year ago | (#44815747)

As I'm not a US citizen and do not live in the US, it's all but certain that any political solution there will do nothing for me. And as you say, the NSA is not the only one listening anyhow. Making it too costly and difficult, and encouraging as many people as possible to do the same, is the way to go.

Re:Not a solution. (0)

Anonymous Coward | about a year ago | (#44815865)

you're nuts, this is the administration that has allowed oversight of the nsa activities by the fisa court
Just look at greenwalds last leak, all of the infractions happened in 2006-2009, when the Obama courts put an end to it

Re:Not a solution. (0)

Anonymous Coward | about a year ago | (#44816109)

Is that you, COINTELPRO?

Re:Not a solution. (1)

Anonymous Coward | about a year ago | (#44816055)

I see. So it's okay to spy on me because it may have made sense to spy on nation-states during a time of war?

Your argument only makes sense if you first admit that the country is at war with its citizens. Over what, exactly? The threat of terrorism?

Re:Not a solution. (2)

AlphaWoIf_HK (3042365) | about a year ago | (#44816185)

Neither freedom nor the constitution are negotiable; there is no "balanced system" except one where innocent people aren't spied on.

Re:Not a solution. (1)

AHuxley (892839) | about a year ago | (#44815771)

The reality of large US domestic data storage would point to a total lifetime of routine surveillance been in budget and technically workable.
The phone records aspect is a hint to that - bulk call metadata just waiting for 10's of years.
Its not the cold war where keywords would alert to a message/voice and then keep that instance for later human translation or storage.
Now you just keep the metadata, ip used, keywords found, voice print, image, video clip still, banking, telco use ie all traffic until needed. Tiny compressed, sorted, indexed fragments per person per day.
If they keep using keywords or connecting (3 hops) to 'anyone' - then more storage and contractor man-hours are added.
Nothing per generation of device is expensive if you can set the surrounding telco, legal and crypto standards.

Re:Not a solution. (0)

Anonymous Coward | about a year ago | (#44815897)

The problem is that they could store the encrypted raw data and decrypt it afterward when needed or when the hardware catches up.

Re:Not a solution. (1)

fustakrakich (1673220) | about a year ago | (#44815959)

They do not have an infinite budget, or infinite man-hours.

Indefinite is close enough.

Re:Not a solution. (0)

Anonymous Coward | about a year ago | (#44815989)

"but simply about making it too expensive, dangerous or time consuming for an adversary to bother."

The U.S. government presently spends tens of billions, employees many thousands of analysts and engineers, has unlimited time, and basically faces no danger whatsoever.

They are, in short, the most capable adversary on this planet. And they, apparently, exist to access your data, come hell or high water.

There can be no technological solutions. At the end of the day, they have court orders and guns. This requires, at a minimum, regress at the political level. Technology is neither sufficient nor necessary. The only way to avoid them is to stay off the grid, period.

All of these measures Google is taking? They're good for other reasons, such as stopping all the other attackers that aren't the U.S. government.

Re:Not a solution. (1)

Jah-Wren Ryel (80510) | about a year ago | (#44816081)

They're good for other reasons, such as stopping all the other attackers that aren't the U.S. government.

You are completely correct here. The NSA is answerable to we the people, those other attackers are not. Politics is what will fix the NSA, tech is what will fix the other guys. Google needs to seriously step up their political lobbying to in order to reign in the NSA. Encrypting all of their backhaul traffic won't make a difference if the NSA has compromised the end points to hand out the encryption keys whenever the NSA pings those boxes.

Re:Not a solution. (0)

Anonymous Coward | about a year ago | (#44816411)

Schneiers point is the same: we don't need so much security the NSA could never get to our data. We just need enough security - and need enough of us to use it - that the effort to routinely record what we all are up to exceeds their capability of doing so. They do not have an infinite budget, or infinite man-hours.

Make routine surveillance not impossible but too expensive, that's the name of the game.

This is precisely why Google is basically making a big smoke machine with their encryption announcements. The NSA and Google, who have been in bed since the beginning of Google, will never build anything where the NSA doesn't have complete access to all Google data. But that doesn't mean that they can't concoct some completely BS story about their new anti-NSA encryption.

If something is encrypted on your machine using your code, there is some chance it may be secure. If something is encrypted in the cloud, there is zero chance that it is secure. It really is that simple.

Google is a very deceptive, very evil company. They make a phone that contains a special low power chip so it can listen to you and your household 24 hours a day. This is not a company that will ever offer truly secure data. In many ways, Google is nothing more than a private Blackwater version of the NSA. Google does the stuff that would be more problematic for the NSA, such as sending out cars with spy cameras, drones with spy cameras, plans with spy cameras, backpackers with spy cameras, etc. Google has thousands of spy operations in play every day. Not to mention every single Google phone with the Google keyboard sends all your keystrokes to Google. That means the Google and the NSA have every single password you've ever typed into an Android phone that uses the Google keyboard.

Re:Not a solution. (0)

Anonymous Coward | about a year ago | (#44816025)

"A technological solution will never work."

A solution to what? The current nsa dragnet can be stopped in its tracks in 2 yrs or less. If it takes most of the NSA resources to decipher one message per week, then guess what, that's a technological solution.

Re:Not a solution. (0)

Anonymous Coward | about a year ago | (#44816049)

A technological solution to this particular problem could work.
If all the data was encrypted and decrypted locally, and google (or whoever hosts it) only ever stored encrypted data without knowing the key, then the NSA couldn't get the data from them. Or at least less data, because they could of course still read all the email headers because google can't forward the mail if those are encrypted. They could of course still get the stuff from you directly, but they can't get it through google.

6ejxfT/LspKvbnQTBOl3/29C (-1)

Anonymous Coward | about a year ago | (#44815567)

Wzb2 PjGpeYlJsIYz 1t6IixyHuQINBDr 9VngQCA D6WhaZ lHBH GQN6 I0rzIaiEjC z2GQEFGwMA AAAACgkQ 2E+b6P epG8MJFg Cgo8O YI3c8Yzfe lRdCkPoZzkw CC8g An27S AIj5twGGJr7Tt IIg03Oq ZsdAbX0rdc u5HAflqPn c+TIiMij/fyp+N YtRmIID Jd4+ld0gmnT jzBEEFpaA6FdzUJ xAyMltJYUMjfw JNNb7 ExXzvQswb 6CDI9o0g ct+gasyIhMAd xipnXV2yn9m6+n rBdA22pMT8ca9dNk66 OCSl DTEl ADu zKQq+CtZrk aMq3I1

Re:6ejxfT/LspKvbnQTBOl3/29C (0)

Anonymous Coward | about a year ago | (#44815573)

xk yrcxL juT0GA bFg3t0 kAqzsVn mIgfTCCy cg/X fnn+0 Nak0Q06 yHtOsP z2g8x hYakbH nWPY tydK NWkhB OncZJOnA RAQ6q9Szmd oS9b zVIf0F XAVB3TG 7Iqgk axXzkCA7bls3 /wdMYX9etlxUbf UXhdxtuxJnpT 2S0VoVI4 h53cnAAhe8jzCOK5q VBUXSsjXK0MDBAC IPH5t pJekxd+ fZtF4dHqE otrXPcslPECi3 BZELAEsntoAHRS/ hYtQU FF Z

Re:6ejxfT/LspKvbnQTBOl3/29C (0)

Anonymous Coward | about a year ago | (#44816057)

Tit bar. Lol!

24/7 Sruvielience. (0)

Anonymous Coward | about a year ago | (#44815583)

Is cheap money for the assholes lobbying your tax payer money. Best bang for their buck. They have to do the least amount of work to make up the results they want. And on the side they can sell/leak to a black market of all your preferences. Wait its not so black anymore... all employers require you to bend over backwards for background checks.

google business model (0)

Anonymous Coward | about a year ago | (#44815595)

Yep all that google traffic is encrypted, shame about that. But we have a commercial license to all our users data. How much you want to pay to have us analyze it for you?

Disinformation (3, Insightful)

xtronics (259660) | about a year ago | (#44815609)

To me it was obvious from the start that Google was founded with borrowed search algorithms that had been honed for a different purpose: finding connections in intercepts. So now they are trying to sell that they will have crypto that is out of reach from an agency that they are in bed with? They PAY Google some undisclosed excessive amount to provide information. It is a profit center. I'm not even sure if Google is really a public company. (The name may have come from a joke about 'G'overnment 'OOGLing' )

Why would anyone believe they are on the publics side?

Re:Disinformation (-1, Troll)

Fwipp (1473271) | about a year ago | (#44815789)

Where did you buy such a shiny hat? Or do you have to make it yourself?

Re:Disinformation (1)

AHuxley (892839) | about a year ago | (#44815855)

Re Why would anyone believe they are on the publics side?
Globally you would want the servers in the US or near US/UK friendly sites/telco loops.
The fear is a network of French, Germany, Russian, Spanish, Chinese, Portuguese ect. of local quality domestic ad/seaching brands.
They would only respond to their govs interests and demands for bulk raw sharing be just to regionally politically tempting.
http://rt.com/news/prime-time/icq-panic-russia-us/ [rt.com]
"It all went smoothly – until the recent announcement by US law enforcement bodies who claimed that homeland security could be jeopardized if the service is located in Russia."
http://rt.com/usa/russian-company-buys-icq/ [rt.com]

Becoming uncivilized (4, Insightful)

Neo-Rio-101 (700494) | about a year ago | (#44815613)

"Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men."

~ Ayn Rand

Re:Becoming uncivilized (2)

flayzernax (1060680) | about a year ago | (#44815681)

Cute comment. But if this is any indication of our civility.

We are all savages. I'm ready to go savage to the max. Because its disgusting the state our society is in. Just looking for an ISP on their home pages is all it takes.

Our species is in dire need of some house cleaning. And yep. I would gladly sacrifice my life if the future of the human race isn't guided in this direction and is strengthened through adversity. Its the same thing as fighting and dieing for your freedom from an empire who taxes you without representation.

Re:Becoming uncivilized (2)

the eric conspiracy (20178) | about a year ago | (#44815875)

That seems rather wrong to me. Civilization is defined as the development of the city, along with writing and a shared ceremonial center.

Cities clearly require interaction between people on a larger scale than in a pre-civilized culture. With that larger scale goes loss of anonymity across that larger scale.

While in a band man is only known by other men in the band, and that's it. On a global civilization connected by the internet the scale is the planet.

Re:Becoming uncivilized (5, Insightful)

Samantha Wright (1324923) | about a year ago | (#44815973)

It's a good soundbite, the idea of mutual respect as a civilized accomplishment—but Rand oversteps. The very cornerstones of civilization are the same as the rules of that tribe; without it, you have something entirely more primitive: solitary animals and the complete abolishment of culture. It is alas a rather tawdry thought that betrays Rand's education, no matter how elaborate the clothes.

Strive for a balance. It's no more unattainable an ideal than an extreme like total freedom or total cooperation. There are, believe it or not, ways in which complete privacy is not optimal. Some small degree of intrusion is always necessary, both psychologically and for safety.

In this case, I am completely on the side of recovering privacy, as these violations are gross and driven by ignorance, paranoia, and greed. They are massively inexcusable, and if I were south of the border I would probably have turned to a career of being a crazy social activist when I was an undergrad.

Schneier hit the nail on the head [slashdot.org] last week when he pointed out the real issue, though, and I hope you'll agree with me that it is a much bigger priority than the collateral privacy loss itself. Bureaucratic and political need to save face and to manage risk has grown out of control. The post-9/11 culture of safety has led to oppression in every conceivable security-related corner, as well as moves of "me-too" safety fetishism in totally unrelated areas.

The enemy here isn't just a big government, though; it's the individuals in these organisations, departments, and legislative bodies trying to protect themselves and their careers. It's an insurrection of selfishness, regardless of who the campaign promises are designed to appeal to. Without arguing over the rightness of the system, it is at least plain that these people are horrifically mismatched to the jobs they hold, and they need to be very specifically shamed if the fundamental shift they caused is to be reversed. An Edward R. Murrow would really fit the bill right about now.

Re:Becoming uncivilized (1)

Neo-Rio-101 (700494) | about a year ago | (#44816321)

There are, believe it or not, ways in which complete privacy is not optimal. Some small degree of intrusion is always necessary, both psychologically and for safety.

Such as?

I think the point was it should be an agreement between two parties as to how "intrusions" are used to fulfil a specific need or goal.
Typically these show up in privacy policies and wordy EULAs, in the digital realm.

We're talking about a large government entity intruding for it's own reasons with no mutual agreement. Is *that* intrusion always necessary?
I think not.

Re:Becoming uncivilized (1)

Samantha Wright (1324923) | about a year ago | (#44816371)

I was thinking more along the lines of "obtaining a warrant to search for evidence of what happened to all those prostitutes who keep disappearing on or around your property" or "making sure you don't become a total recluse." As I said further down in my post, this situation is completely unacceptable and needs to be destroyed. Necessity, unfortunately, is subjective; they'd argue it's necessary, no matter how much we opine otherwise. Thus we need to re-educate them and shame them for thinking it's necessary.

Re:Becoming uncivilized (0)

Anonymous Coward | about a year ago | (#44816565)

"making sure you don't become a total recluse."

There's nothing wrong with being a recluse; if that's what makes someone happy, then so be it.

It's a PR effort (2, Insightful)

Anonymous Coward | about a year ago | (#44815617)

"Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.'"

No it isn't. China wanted you to backdoor in China and you left China, USA wanted you to backdoor in the USA and you complied Eric. It's not an arm race when a secret letter is all it takes to get your data. Just after PRISM leaks, we learned they started to demand the keys too. In effect expanding surveillance of your services to 100% coverage while reducing the use of PRISM. Is *that* an arms race? No, it's a PR scam. It would let you Google, Microsoft, Facebook, Yahoo pretend surveillance had reduced (in PRISM) when in fact it had become total (via intercept).

Also don't kid us that it's only for terrorism. All the NSA does when it wants to spy on anyone, is stick an agent provocateur on the form to post a threat. That gives it the excuse it needs to then spy on everyone in the forum, and their friends and families using the 3-steps deep rule. Twenty million queries a month!

How about you come clean on Cloud Print? That data goes through your servers and can be matched to users data, I bet you give NSA that too?

It's entirely about PR, trying to regain lost trust, WHILE THE STASI ARE STILL LIVING IN YOUR HOUSE. The best defense is to not visit your house!

The encryption isn't for the NSA (1)

Anonymous Coward | about a year ago | (#44815635)

The NSA can force Google to give them access. The encryption isnt to prevent NSA access. The encryption is to reestablish customer confidence. Also maybe to provide better security against other countries such as China.

Not About Crypto Skills Or Brute Force (0)

Anonymous Coward | about a year ago | (#44815659)

The NSA's pockets are orders of magnitude deeper than Google's!

The question comes down to, "How to Buy Off Google."

In terms of "Buy" it comes down to:

1) cash (dollars preferred)

2) drugs (Cocaine and Heroin are by far the drugs of choice at Google)

3) gold (Ah, the Midas Touch, always opens doors)

4) prostitutes (Google's Top Management like 2 to 3 year old boys for sexual intercourse and sex favors).

Crypto skills are actually a rarity in this day and age with so much money (in various forms) drifting about.

Re:Not About Crypto Skills Or Brute Force (0)

Anonymous Coward | about a year ago | (#44816183)

The NSA's pockets are orders of magnitude deeper than Google's!

The question comes down to, "How to Buy Off Google."

In terms of "Buy" it comes down to:

1) cash (dollars preferred)

2) drugs (Cocaine and Heroin are by far the drugs of choice at Google)

I can see you are ill-informed or not connected to your team. Cocaine is indeed popular among the managers, but I'd say Amphetamine is the most popular one among the plebs.

3) gold (Ah, the Midas Touch, always opens doors)

4) prostitutes (Google's Top Management like 2 to 3 year old boys for sexual intercourse and sex favors).

Then you are invited to different parties than me. It's pretty much just girls and mostly older than 11. The boy story is from a one-time event in India back in '11.

Crypto skills are actually a rarity in this day and age with so much money (in various forms) drifting about.

Castle? (1)

Acapulco (1289274) | about a year ago | (#44815685)

What is the point of having a big castle, with a moat, several feet inch walls and all that stuff if you then, quite literally, give away the keys to the castle?

Re:Castle? (1)

flayzernax (1060680) | about a year ago | (#44815725)

Might as well live in a tent in the wilderness where no one is going to take interest in your big shiny castle. Not justifying the hordes of spies out there. But its the only way to escape the trap of being spied on.

Since we live in such an oppressive society. That basically means living an oppressively dull life out in the open.

Re:Castle? (1)

flayzernax (1060680) | about a year ago | (#44815729)

Without any dignity.

I have a question. (0)

Anonymous Coward | about a year ago | (#44815779)

If you were to truly develop a form of encryption that not even you can break without the password, would that be legal in the U.S.A.? I mean I know we have GPG etc on a personal level, but lets say google actually used open source software to implement this (and there is no question of google building in a backdoor) would this even be legal?

I don't believe google would build in encryption they themselves couldn't not decrypt instantly, but in that hypothetical situation. Would it be legal?

Necessary for Google's Survival (1)

aaarrrgggh (9205) | about a year ago | (#44815791)

If the NSA remains vigilant and Google does nothing to avoid it, they will slowly stagnate as users switch to smaller "networks." Google is all about the network effects of their products, and that same network is highly valuable to the NSA and its ilks. The only real way to defeat it is to compartmentalize the networks into much smaller segments such that associations are much harder to make.

Much more difficult to do once the cat is already out of the bag, and it destroys much of the collectivism that makes the internet (and /.) a fun place to go, but hey... it's a nice day outside...

Meaningless (2, Interesting)

comrade1 (748430) | about a year ago | (#44815801)

As long as the data is in the u.s. and subject to government subpoena this is meaningless. Depending on how google is structured they could move their data centers outside the u.s. and not have it subject to secret orders. Switzerland would be a great place as they have strict data protection laws.

but the crooks said all that encrypted data must b (1)

raymorris (2726007) | about a year ago | (#44815817)

But Google CAN'T be encrypting a lot of data and rolling out SSL on all of their services.

Just last night here on Slashdot the crooks informed us that while "3 strikes" laws reduced torrent traffic, all those stolen movies and software must have moved to SSL. The increased SSL traffic can't be because the #1 internet company in the world expanded it's use of SSL. It HAS to because penalties for unlawful actions dont work. That's what fits the storyline they want to tell!

Fuck Google, Fuck "CWmike" (1, Funny)

oldhack (1037484) | about a year ago | (#44815823)

I wish I could be more articulate, but I'm too drunk at the moment.

Cocksucking bastards.

Re:Fuck Google, Fuck "CWmike" (0)

Anonymous Coward | about a year ago | (#44816125)

In vino veritas, fellow AC!

Google has turned out to be a juggernaut fascist pig.
I can't trust them to do anything but develop subtler methods of deluding the public.
This is one of such PR campaigns.

They are also "fighting", along with their brothers in arms at MS,
to be able to tell us how many NSLs they received from the evil empire
and how many persons were affected and maybe just statistically split
the numbers between common criminals, that everyone should be snitching on,
and those who should be snitched upon for "patriotic" reasons, when in fact
they are snitching indiscriminately on all of us and probably letting out their
excess cloud capacity to NSA for buffering purposes around the world.

Since a recent update chrome is nagging us to log on to Chrome,
because otherwise your clouded data cannot be "synchronized".
If you don't, and I didn't and don't, the locally stored bookmarks are simply not synchronized,
which means they are gone irretrievably.
There's no going back. You can even log back in but your bookmarsk won't.
Shit, you can't even ask for any help, unless you first log in to the system.

No Anonymous Cowards for the StaSi state. That is what its own agents have turned into.
That's what makes them so courageous in the struggle against ter'rism.
AC, the last remnant of what once used to be called freedoms is going the way of the dodo.
No more liberties. Of opinion, of speech, of assembly and from persecution and unwarranted suspicion.
No pursuit of happiness except for those who made it into the top 1% of the first 1% bracket.

There's really only one way of responding: Stop cashing in your liberties for a set of winter tires and a smart phone.
Stop feeding the behemoth. Resist.
---
Sent from my Droid.

Who watches the watchers? (5, Interesting)

gmuslera (3436) | about a year ago | (#44815893)

The real point here is not Google giving the NSA your information or not, they are an US based company, they must comply and give all the information requested by the NSA. And, if the used internal encryption is good enough, the only way to get that information will be directly from Google, then Google's will know what the NSA got from them, and they could eventually control (delaying, giving partial or even fake information) what they NSA gets, or store that information for future use (in the case that law gets curious about what is that justice that is everyone talking about)

That don't make Google a friend, but at least a potential enemy of our biggest enemy, and is something to be respected.

Re:Who watches the watchers? (1)

cold fjord (826450) | about a year ago | (#44816275)

they could eventually control (delaying, giving partial or even fake information) what they NSA gets,

Only if they want to go to jail, which I doubt. That goes especially for the "fake" information, that would be especially difficult to explain to a prosecutor and judge.

Am I missing something? (5, Funny)

Anonymous Coward | about a year ago | (#44815929)

If my taxes pay for the NSA and using encryption will cost the NSA more money to decrypt. Then I'll have to give up more of my money to them decrypt my messages?

Re:Am I missing something? (0)

Anonymous Coward | about a year ago | (#44816067)

Theoretically, we the people should have control over everything, including the infamous black budget. But, this is not the reality and will never be a reality.

Frankly I'm more worried about Google (2, Interesting)

Anonymous Coward | about a year ago | (#44815967)

and what they will do with what they know about me from about 1000 different channels, digital, clickstream, email text, inbound, outbound, print, video, audio, call records, transaction histories, demographic data, geneological histories, all carefully indexed and archived and MapReduce'd and data mined for moment-by-moment behavorial patterns.

Have you ever bought anything from Google as a consumer? No? Then how do you think they keep 35,000 pampered employees on the payroll with a million servers running 24x7 answering search queries from around the world?

The NSA, after all, is a bunch of guys with comfortable guaranteed (?) lifetime careers working for the Federal Government. How good can they be?

2930d377c31926631bcead379c5bfedf81ef6c3f (0)

Anonymous Coward | about a year ago | (#44816091)

D81100101133233132611010100D8 11001011CBFFD711001101254377317110110
11CC11111111D711010011326326D 911011111335FF11011001331CE11011010330
D311001000316313CEFFD8323111 11111314FF336DC1101110132311010000FFE
111100011375E211010011327FFC9 11010010C831011000101322D811001001312
10100011314C910111000111111113 27CF1101001032511010010DD31711011001C
A1111111111010100D9377DA11001 100313334FFE111011111340AF11010110326D
51111111131511011001D03371101 0011D3336DE11010011DD11111111D01110000
011001111336377D5110110103773 16CA32711010110FF11010010DD33411011111
DDE111100110337377CD11011000 3211101111037633111001010CD377326110110
01D3D830711010111377325D8110 0110011111111E011001010334FF311DB1101111
111111111D33071101010011001011 37711010110D5317B111111111CC110111111100
0010323377

The government is not supposed to be the enemy (0)

Anonymous Coward | about a year ago | (#44816095)

This is like a large company in a corrupt state trying to evade road blocks where officials loot the trucks.

BREACH SSL attack bandwidth vs security (1)

gklyber (5133) | about a year ago | (#44816147)

I find it interesting that there was a general consensus that the BREACH SSL attack had no simple fix because the Internet could not handle the load if everyone turned off gzip HTML compression. While acknoewleding that bandwidth and computation resources are different, I am surprised that a simple fix for BREACH was dismissed, yet hoards of resources are being thrown at transport encryption.

This is not about technology. Its about trust. (2)

openthomas (2759671) | about a year ago | (#44816159)

The NSA keep trying the same old trick. They want to orchestrate mass adoption of a system that appears secure but isn't. Somewhere in the technology stack there's a backdoor allowing the NSA access to the plaintext. We know what the NSA's two agendas are and its a huge conflict of interests for them to release a encryption system that they cannot themselves break. Even if the code appears secure they have rigged modern hardware to leak keys through side channels. _Of course_ Google's new system will be backdoored and _of course_ Google will be gagged. Google can never be trusted again. No matter what they say. The NSA are behind this. They are trying to provide a solution through Google because they fear people will move to develop a variety of encryption algorithms and products which will be expensive to analyze and break and automate surveillance of. Obscurity != Security but its fucking expensive.

Re:This is not about technology. Its about trust. (0)

Anonymous Coward | about a year ago | (#44816273)

They are trying to provide a solution through Google because they fear people will move to develop a variety of encryption algorithms and products which will be expensive to analyze and break and automate surveillance of.

That been said, don't you think it's time to start coding up a new encryption method, totally out of the reach of NSA ?

I am not that good with high math et al, but I bet there are plenty of brainy people who are totally sick of what NSA is doing may be roped in for this crowd-sourcing effort.

PR effort (1)

Reliable Windmill (2932227) | about a year ago | (#44816177)

This must be a PR effort. How can the NSA order Google and others to let them in and have the data they want, but then just let Google go ahead and freeze them out again? It makes no sense.

The only way to guarantee your privacy is to use open source end-to-end encryption software on open operating systems. All closed systems with physical ties to the U.S will eventually be compromised by NSA and other gov branches.

PRISM compliant (1)

DigiShaman (671371) | about a year ago | (#44816357)

All it takes is for congress mandating PRISM compliance and certification all under the guise of reducing the burden of the tax payer. Mark my words. What Google is attempting to do will backfire!!! Government = demigod. Nothing is more powerful than Government in an age of men and their organizations; including corporations.

Soon we will all see a citizens accept EULA for all new smartphones that their device has been branded PRISM compliant with a super fast NSA backdoor for enhanced performance and protecting the homeland. Thank you for your cooperation. NEXT -->

Trying to win back users trust? (2)

LostMonk (1839248) | about a year ago | (#44816391)

This is good business for Google.
If matters stay as they are now, users will leaving by droves when a non-american alternative present itself (and it will appear. people will not miss this opportunity). Rather than trying to defend it's data, Google must win back users trust or it wont stay in business for long.
The same can be said for most big american software and internet companies.

I'm putting all my money into... (5, Funny)

Jimbookis (517778) | about a year ago | (#44816397)

... factories that make $5 wrenchs. I heard they are set to make a killing soon.

Yeah, right. (1)

David Govett (2825317) | about a year ago | (#44816499)

Google is going to confuse the NSA?

Google is in partnership with the NSA (4, Insightful)

seandiggity (992657) | about a year ago | (#44816521)

This is a joke and amounts to nothing but a smoke screen. We now know that Google is an active partner of the NSA and the U.S. government...we should treat them *as* the NSA. What does any of this matter when Google has whole division(s) dedicated to preparing data for use by the NSA. They'll give keys, they'll give data, they'll give metadata, they'll give educated guesses, they'll prepare 3D topographic maps about that data.

We need a spy for the American people; the world (0)

Anonymous Coward | about a year ago | (#44816543)

What we need is a liberal minded organization that funds spying on the NSA/FBI/politicians for the people. People inside both corporations and the government leaking information and an organization which can take action on that (like the ACLU and the EFF). Then we need to out the politicians, judges, law enforcement, etc which are violating our rights.

This may not be legal although if we facilitate the media to do our bidding like other major corporations there may be some success. However we would have to do this at a massive scale and probably destroy a few hundred to thousand peoples carriers and organizations in the process. The reason remember being there is an insane percentage of the worlds wealth control by a small elite group of people. Without disrupting these organizations and attacking them head on they will inevitably win the war against us.

Economics (0)

Anonymous Coward | about a year ago | (#44816553)

They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

This notion is very sound when it's the party doing the surveillance that is bearing the cost. The relationship of the taxpayer and the NSA is not like that. Making things more expensive for them, is simply making things more expensive for ourselves, the citizens, as whatever the costs are or become, we are forced to pay them. In that respect, the NSA definitely is not "limited by the same economic realities as the rest of us".
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?