
Google encrypts data amid backlash against NSA spying - esgoto
http://www.washingtonpost.com/business/technology/google-encrypts-data-amid-backlash-against-nsa-spying/2013/09/06/9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html?hpid=z1
======
sjbach
A salient bit:

    
    
      [Eric] Grosse echoed comments from other Google officials, saying that the company
      resists government surveillance and has never weakened its encryption systems to
      make snooping easier — as some companies reportedly have, according to the Snowden
      documents detailed by the Times and the Guardian on Thursday.
    
      “This is a just a point of personal honor,” Grosse said. “It will not happen here.”
    

Some folks are inclined to distrust Google, but there are people here who
really, really care about security.

~~~
anologwintermut
The revelations that NSA is running a HUMINT program should make it very clear
that you can't trust everyone at Google or any other major provider. Those
risks are mitigable, but it's expensive and I doubt most places take
sufficient steps to prevent it.

Even without that, trusting companies because their employees are honest is
hard.

There are some people at the NSA who really really care about privacy and not
spying on US Citizens and believed we didn't do so. In fact, most of the ones
I've met. However, with sufficient compartmentalization, they don't know what
they or others are truly doing. Same can be true for any company.

Are you working on Google's data liberation system to not trap users in your
system or are you working on NSA's data exfiltration system for Google's data.
I's not always clear.

~~~
jka
Google (and other organizations) collecting and securing such vast troves of
information -- and building the technology to analyze it quickly -- obviously
makes them hugely valuable to attackers and defenders alike, since the data
they are storing is the very information that attackers/defenders try to keep
from each other.

Encrypting it and securing it very well at a technology level means that the
human element (I'd argue) becomes the easiest way to get access to it - i.e.
someone with sysadmin access, DB access, or just working on a project where
the APIs and/or tools available can produce valuable information. This is true
even if the 'player' (with system access) has to be 'recruited' by the
attacking or defending team some time after taking up the job.

Couple this with the fact that even the security agencies themselves are prone
to corruption, malfeasance, human error, (no-one is perfect), and insiders,
and you could easily end up with a confusing mess. Bear in mind that everyone
wants their agents to operate and be able to communicate back without
detection, again regardless of which team.

Compartmentalization must also come into conflict with inter-agency sharing
rules -- at some level, people need to know what is going on and make
decisions -- and trust must be a big issue for many of these groups - they
probably spend a ton of time watching themselves and others, and watching for
information leaks / canaries / spread of misinformation.

I'm certain there'll be some fascinating stories eventually from all of this -
it all continues to make me believe that concentration of power and
information (which I think are continuing as a trend) only end up in creating
dangerous situations, and that decentralization is ultimately the preferable
way to go (in that it prevents a small number of people from having too much
power/influence/control, and equally protects those same people from being
targets themselves).

~~~
niels_olson
I'm not aware of much successful recruiting. Most moles turn on their own. The
game for the intel guys is like baseball: a lot of waiting and then serious
hustle to make sure a fresh mole gets trained, vetted, rendered effective
without getting caught.

~~~
jka
Depressingly makes it sound like an everyday thing which is just monitored for
- makes sense I suppose given how many information sinks there are nowadays.

------
zmmmmm
My main reaction to this was, ummm, wait - google isn't already encrypting its
data internally?!

\-- off topic rant --

Such a weird discontinuity in all this ... Google was prosecuted and paid a
fine, despite self-disclosing, falling on its own sword and issuing an abject
apology, for _accidentally_ sniffing some _unencrypted_ data as they drove
past. This was condemned at every level by government.

Now the _government_ is openly sniffing and capturing _everything_ , including
our _encrypted_ traffic and deliberately trying to crack the encryption, ...
and they don't think it is the slightest bit unreasonable?

How can there be moral outrage about Google's offense and not about what the
government is doing that is ten times worse?

~~~
MichaelGG
Because most of the people outraged that Google supplied "-s 0" instead of "-s
64" when running tcpdump weren't quite bright or were not thinking it through?
I've yet to hear of any intelligent reason to be upset about the WiFi
collection thing.

And more precisely, it's the NSA, who has the job to break encryption. There
was outrage when Carnivore was made public (late 90s?), then that AT&T room
the NSA tapped that was leaked in 2006. By now, it's just taken for granted
(by technical people anyways) that unencrypted communications are going to be
recorded. You don't even need a state-level adversary to achieve this on a
limited scale.

------
ariwilson
Just to clarify the discussion here, since the NSA is involved in snooping on
internet users along many different dimensions, I think what is being
discussed here is encrypting internal Google data being transmitted from
datacenter to datacenter via private fiber optic cables. Recent revelations
seem to indicate the NSA has set up fiber taps on various company's networks.
This encryption would frustrate those tapping efforts.

Legal requests to Google for user data are not affected by this change.
Neither is private data at rest, which is still presumably encrypted. Neither
are other extralegal avenues the NSA has to infiltrate Google (employee co-
operation or intimidation, exploiting zero days to get into corporate
networks, hijacking security protocol construction, etc).

------
Zigurd
> _Encrypting information flowing among data centers will not make it
> impossible for intelligence agencies to snoop on individual users of Google
> services, nor will it have any effect on legal requirements that the company
> comply with court orders or valid national security requests for data._

How does this do _anything_ about pervasive NSA spying? The NSA has broken SSL
and VPNs by corrupting the CAs and the VPN vendors.

What would really help is for Google to create a zero-knowledge tier of
service and to charge users for using it to replace their ad revenue.

~~~
brown9-2
How is ssl broken when many different ciphers can be used?

~~~
saalweachter
Bruce Schneier recently suggested that encryption-the-math wasn't broken so
much as encryption-the-implementation. The math is pure, abstract, and
pristine, but the implementation is not. Hacks, lies, and backdoors. He
strongly hinted not to trust anything you can't see the source for.

------
tlrobinson
Are they suggesting the NSA is tapping intra-data center communications? I
hadn't seen that suggested before.

That's interesting. I hadn't considered that could be how Prism works, but it
would make sense if these companies weren't encrypting those connections
previously. Somehow I assumed they were.

~~~
aaron42net
Most companies have historically considered dark fiber (where nobody else's
network gear is involved) to be secure enough. Passively decoding dumps of
hundreds of gigabits or terabits spread over many colors of light (DWDM) into
useful data was generally thought of as prohibitively expensive and therefore
not a viable threat.

The routers that can handle those speeds don't encrypt the link itself, so the
most common solution is to do per-connection encryption between hosts with SSL
or SSH or similar. Do you run SSL when talking to all of your internal APIs,
databases, etc?

What about between nodes in EC2, particularly between availability zones?
Those are potentially subject to the same sort of sniffing without Amazon's
involvement.

~~~
Create
Amazon does have certification by said agency.

------
bowlofpetunias
Google has full unencrypted access to all private data from their users
(because collating that data is the foundation of their core business) and the
NSA has the power to lean on Google to provide them full access.

Not to mention that at the very heart of the NSA spying story is the
allegation that Google e.a. provides access to said data willingly. And the
only denial from both parties has been a mixture of partial admission ("but
we're using proper procedure") and carefully crafted lawyer-speak (the
infamous "no direct access" boilerplate denials).

This is just internal security enhancements being abused as a PR exercise.
Google is trying use the latest revelations about the NSA to deflect attention
away from it's own complicity.

------
adrianlmm
Google has been cooperating with the NSA, I distrust Google, this looks more
like damage control to me.

~~~
myko
What US company doesn't cooperate with the NSA? Google responds to lawful
requests by the US government as appropriate. It's up to US citizens to change
the law if they don't like it.

~~~
adrianlmm
If Google really wants to help then it should stop tracking their users, stop
spying on me and stop trying to force me to sing up to G+, they cannot give
data to the NSA if they stop getting it as simple as that, but, all the NSA
has to do is buy the information from Google, after all, they sell it.

~~~
cloudwalking
If you don't want to be tracked and you don't want to use Google+, stop using
Google products.

Google does not sell data to anybody. They sell advertising slots.

~~~
fallingup
You're still tracked if you don't use Google products.

------
rayiner
I can't believe traffic between data centers wasn't already encrypted.

~~~
Zigurd
Eh. If you own the whole fiber from place to place, you might be lulled into
thinking the data never leaves your premises.

~~~
saalweachter
Yeah, there's always a dividing line.

Between two servers in the same rack? Between two racks in the same
datacenter? Between two datacenters in the same physical complex? Between two
complexes connected by fiber you installed yourself?

If the security state keeps on keeping on, I expect companies which care about
privacy to keep tightening it in. One day not long from now it might be
considered ludicrous to transfer data from one server to another server within
the same datacenter unencrypted. One day not long after that we may perfect
secure multi-party computation, and a server might perform meaningful
computation upon an encrypted dataset without any ability to decrypt it.

The goalposts are moving.

~~~
MichaelGG
If you own the entire datacenter (like I'm sure Google does in most scenarios)
and you're having _racks_ compromised, then you probably have much larger
issues that crypto won't solve.

~~~
saalweachter
Datacenters aren't poofed into existence. The networking hardware could be
compromised at the factory, which would compromise the datacenter's network
security without compromising its physical security or any of the servers.

~~~
MichaelGG
By that logic, the networking hardware on the NIC could be compromised as
well, giving an attacker DMA capabilities on a server, too.

------
wbhart
Fixing this problem may not stop suspicionless spying. But it will certainly
make it more expensive. The public revelation that the data wasn't encrypted
is surprising, though I had previously speculated on it. See
[https://news.ycombinator.com/item?id=6264415](https://news.ycombinator.com/item?id=6264415)

------
AceJohnny2
Meh. My most importance source of data in Google's control is my email. They
aren't doing much to help me protect myself there. My only wish is that they
provide a stable hook for tools like Firegpg [1] to encrypt the email's
plaintext.

Their constant tweaking of the textbox led FireGPG's developers to throw in
the towel.

I understand that Google wants to read your emails to power their ads. I doubt
the fraction of power-users that would enable FireGPG would put a fraction of
a dent in their systems.

[1] [http://getfiregpg.org/s/home](http://getfiregpg.org/s/home)

~~~
jmillikin
Instead of trying to reverse-engineer a proprietary compressed Javascript
codebase that changes daily, you should use Thunderbird and Enigmail.

[http://www.mozilla.org/en-US/thunderbird/](http://www.mozilla.org/en-
US/thunderbird/)

[https://www.enigmail.net/](https://www.enigmail.net/)

~~~
mpyne
Or just use KMail (which integrates with GnuPG by default) on your shiny open-
source Linux or BSD that you're _surely_ using already. :)

~~~
ewoodrich
drivebyacct2, you are hell-banned, and have been for quite awhile. Several of
your comments have been insightful with show-dead, and I feel you should be
aware.

------
grandalf
I think it's too late. Google has shown that it can't be trusted, especially
about privacy.

~~~
aniket_ray
What do you mean? Care to share more details?

AFAICT, Google has been completely transparent about giving users control
about how their data is shared. It's been ahead of the pack in protecting its
users rights even going to courts to protect users.

Disclaimer:I am an Engineer@Google.

~~~
reirob
Can you provide some insights why the connections between Google's data
centers was NOT encrypted until now?

~~~
aniket_ray
Unfortunately, I'm not sure I'm the right person to share more insight. I
don't work on the network team but data between data centers flow on our own
network. Data between a client's machine (machines on external networks) and
machines on our networks has been encrypted for a while. Data at rest on
servers has been encrypted.

Before these revelations, the tech community in general didn't expect that we
needed to encrypt all traffic flowing on our home/office LANs. Like the rest
of the world, these spying revelations have taught us that we need to be much
more paranoid than we were earlier and are now encrypting data on our own
networks.

As a user of a lot of web services that are deployed on the cloud, I'd
actually beseech my fellow tech community to do this too. All and any user
data passed between any two servers (even on a backend, internal, local
network) needs to encrypted.

~~~
reirob
Thank you for providing your insights, it is important to know that the data
on the disks is encrypted. I know about the encryption (https) between the
browsers and Google's services - Google was one of the first actually to
switch the services to https.

But I have to say that I am still quite surprised that there is no encryption
between data centres. Working from time to time for industrial customers, on
business critical software, most of the time it is required to encrypt data
between servers, even when the hardware is in the same building, because they
are afraid of leaks/attacks from inside.

I think Google has to do some explanation to the public about their security.
Though I do not know if it is not too late for some google users.

------
frank_boyd
That's ridiculous.

As everybody knows: It has been revealed that Google is one of the NSA partner
companies (which should have been obvious to begin with, given the fact that
Google is probably the biggest data hoover ever built).

This fact terminates even the last tiny little bit of "trust" we could have
had in Google.

And that's really _all_ there is to say.

------
zurn
This language is pretty problematic especially in context of these third party
hosted services. If Google have the keys and the encrypted data, what do we
know about the security properties.

------
ganeumann
But if they can encrypt the data so the NSA can't read it--that is, if the NSA
can't _force_ them to reveal the data--then why were they revealing it in the
first place?

~~~
anxiousest
I assume you mean encrypting data at rest since this development takes care of
all in transit encryption, well, because of ads, analytics, other predictive
data intensive services like "Google Now" etc.

~~~
packetslave
You can still encrypt data at rest (on spinning or flash memory) and use it
for jobs like these. It's just decrypted while in RAM for use.

------
Sagat
I think it's still rational to distrust Google. Until there is more proof I
will act as if I am watched at all times when using Google services.

------
devx
I upvoted this because I want it to kickstart a movement among companies, so
everyone increases their security, end to end.

But at least on my part, this doesn't begin to "impress me". So far they're
only talking about encrypting data between servers and they've also recently
talked about encrypting Drive storage data (why wasn't it encrypted in the
first place?!)

They need to implement OTR or some form of end to end encryption with PFS for
Hangouts, and it would be nice if they at least gave the _option_ to have
encrypted calls and voice calls with ZRTP in Hangouts. The button should be
right there and obvious for everyone who wants to use it. But I'm saying it's
optional only because I'm not sure how it could impact what they're trying to
do with Hangouts, and if ZRTP works with multiple people at once. But if they
can do that, then it should be by default for everyone.

I'm also not sure exactly what kind of forward secrecy they are using for
Google search - is it really a new key being generated per session - or is it
like a few weeks? Because I think I read something about "a few weeks".

I think all SSL/TLS encryption is almost _useless_ without PFS so everyone
should use it, when we're talking about the government. A single order from
them and they could get your key for everything. That's just _completely
unacceptable_! So every service should be using PFS.

If I were them I'd also seriously evaluate whether RSA 2048 bits is enough,
and if there's any doubt that it is, then they should move to more bits, or if
the whole RSA algorithm is in danger, then they should be looking for
alternatives quickly.

When Google and others start doing that, _then_ I will _begin_ to have some
trust in them again. All of these press releases so far, and the lawsuit to
fight to only _disclose_ (not stop) the mass requests aren't fooling me, and I
hope they aren't fooling many others either.

Until then I'll be on the lookout for any new great service that promises that
type of security, and I'll switch to them as soon as they're available, and
recommend others to do it, too, both offline and online.

I hope Google and Microsoft and others aren't thinking that because I haven't
"ragequit" their services _yet_ , it means the whole NSA thing doesn't bother
me. It just means I'm anxiously waiting for the alternatives to appear - which
_will_ appear. There is a _crypto war_ (again), and I do believe the security
community will win _again_ , so it's only a matter of time.

~~~
remosi
</dev/null openssl s_client -showcerts -connect www.google.com:443

Includes in the output: Server public key is 2048 bit ... Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256 (ie: not RC4, as long as your client
supports non RC4 ciphers, uses ECDHE for PFS) and: TLS session ticket lifetime
hint: 100800 (seconds) (session keys are discarded by the client every 1d4h,
so presumably the server rotates them every 24 hours or so (4hrs to allow for
clock skew, I assume, or to allow for the fact that people might be slightly
late on something they check every 24 hours (eg when the wake up each
morning)))

Nobody is going to make the change from 1024 bit keys to something else
without first verifying that the new bit length is "secure enough" for a
reasonable enough time (if nothing else, you don't want to have to go through
the expense of the process of getting everything upgraded more often than you
have to). Although you're right, it would be nice if they published their
reasoning.

I don't know how to verify the security of hangouts. Looking at the webrtc
standard, it doesn't appear to support encryption. There is also a lot of
opposition to standardising encryption for webRTC because of "DRM" concerns.
So I guess it's probably not encrypted, but don't quote me on that.

Disclaimer: I'm a Google employee.

------
g3orge
Can someone enlighten me, what is going on with NSA these last days (besides
Snowden of course) ? I hear about new leads that they can break mainstream
internet encryption methods. Is this true, and if so in what level? What about
open source encryption?

------
lawnchair_larry
Do you trust Google to be able to secure _your_ data more than you trust the
NSA to be able to secure _their own_ data from a single twentysomething?

If so, what you are saying is equivalent to Google being more secure than the
NSA.

------
ck2
Google still "only" uses RC4 128bit to talk to virtually every browser.

Makes me wonder. Is RC4 strong enough? Is it their professional conclusion? Or
something else?

------
Justsignedup
the problem with google is simple: the government demands data, google
provides because it must. encryption means the government at least has to
demand.

------
eyeareque
That is great and all, but if the government wants some data from google..
they will get it one way or another.

------
randartie
Regarding people making comments about not seeing why google wasn't already
doing this, it's common for datacenters to do DB replication over unencrypted
channels, which is what was going on here.

------
contextual
I already moved everything away from Google. There's no way I'm ever going
back. Trust is gone.

~~~
ams6110
Who are you trusting now?

~~~
contextual
I'm using Riseup.net and an offshore email account. I won't recommend the
offshore service by name until they upgrade their servers (it's been slow
lately).

------
chris_mahan
It's theoretically impossible for the NSA to decrypt the data. In practice,
however, it seems they can. So what's the point of encrypting then?

Is Google thinking they are smarter than the NSA at cryptography?

~~~
orblivion
I know what you're trying to say, but your wording is off. Something cannot be
theoretically impossible but practically possible.

~~~
inerte
Don't worry, your wording is also off, something can be theoretically
impossible but practically possible. Things can not be impossible but also
practically possible, but for every theory disproved, there was a contrarian
thing possible :)

~~~
orblivion
I suppose it depends on the context. The only way this could happen is if
you're talking about a bad theory. Whereas something theoretically possible
can be practically impossible, even for a good theory, if real life situations
can't match the conditions of the theory.

In this case the NSA didn't even do anything theoretically impossible. They
did a workaround. They added backdoors, which violates the conditions of the
theory. It's like saying I got through your unbreakable door by coming in
through the window.

