Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Encryption Google Security

Google To Encrypt Cloud Storage Data By Default 217

jfruh writes "Worries about snooping are now a permanent part of our computing landscape, but Google is attempting to ameliorate those fears by encrypting all data on its Google Cloud Storage service by default. Data is encrypted with 128-bit AES, and you can manage the keys yourself or have Google do it for you. A Google spokesperson said that the company "does not provide encryption keys to any government."" (Also at SlashCloud.)
This discussion has been archived. No new comments can be posted.

Google To Encrypt Cloud Storage Data By Default

Comments Filter:
  • Lies Lies Lies (Score:5, Insightful)

    by Anonymous Coward on Friday August 16, 2013 @09:09PM (#44590805)

    Just like how they already lied the first time. Lies Lies Lies. But I don't care. Go ahead and do that NSA thing.

  • by Mr. Freeman ( 933986 ) on Friday August 16, 2013 @09:09PM (#44590809)
    And we have what guarantee, exactly, that they're telling the truth?
    • by Anonymous Coward

      They still hand data over to the government.

      From the article:
      A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.

      "Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don't follow the correct process," she wrote. "When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to p

      • Yep, there's the catch. They don't pre-emptively give encryption keys or direct access to their servers. But when specifically requested, they will deliver anything requested in a pretty package.
    • by perpenso ( 1613749 ) on Friday August 16, 2013 @11:05PM (#44591395)
      Google complies with local laws and regulations. Remember their previous venture in China:
      "The new local Google site, expected to be launched Wednesday at Google.cn, will include notes at the bottom of results pages that disclose when content has been removed, said Andrew McLaughlin, senior policy counsel for Google. "Google.cn will comply with local Chinese laws and regulations," he said in a statement. "In deciding how best to approach the Chinese--or any--market, we must balance our commitments to satisfy the interest of users, expand access to information, and respond to local conditions.""
      http://news.cnet.com/Google-to-censor-China-Web-searches/2100-1028_3-6030784.html [cnet.com]

      When a legal order to turn over info is received they will do it. The only question is what constitutes a legal order.
    • And we have what guarantee, exactly, that they're telling the truth?

      Following up on your rhetorical question: None really; that's why the expression "Trust, but verify." exists. Without some type of enforceable checks and balances in place, our only hope is for the operators to be benevolent. Even then, we're not in the decision making process; they may think their decisions are in our best interests and we might be lucky enough once in awhile for it to be the right one. Usually though, without informed personal experiences to temper the outcome, it won't; especially if th

  • by Anonymous Coward

    Of course they don't provide encryption keys to any government, they just hand over the plaintext.

    • Of course they don't provide encryption keys to any government, they just hand over the plaintext.

      Now how are they going to do that if one encrypts the data before sending it to the cloud service? Don't give your cloud service the plain text.

  • Patriot act? (Score:5, Insightful)

    by hilather ( 1079603 ) on Friday August 16, 2013 @09:14PM (#44590833)

    A Google spokesperson said that the company "does not provide encryption keys to any government.""

    As Google is a U.S. based company, I'm pretty sure this is a bald faced lie due to the "Patriot Act".

    • They way this usually works is the precise statement is true, but they leave the encryption keys where the government can find them.

  • by Anonymous Coward on Friday August 16, 2013 @09:16PM (#44590845)

    Until they receive a National Security Letter and a gag order to boot.

    • by AmiMoJo ( 196126 ) *

      If you set up your system is such a way that you really absolutely cannot provide encryption keys what happens?

  • by Anonymous Coward

    What does it matter if they encrypt it all and then give the keys to the government?

    • It's not totally useless. If the NSA officially provided encrypted cloud storage for free or cheap, this might be interesting to US American companies and people who want to protect their data against others and have nothing against being snooped on by their own government. Heck, some people would probably give up their freedom and democratic principles for a glass of free beer.

  • by synir ( 731266 ) <arkandelNO@SPAMgmail.com> on Friday August 16, 2013 @09:17PM (#44590857)
    "A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law."

    What does this mean, exactly? That they would provide encryption keys in accordance with the law? That they could?

    A robust system would mean the hosting company wouldn't be more able to decypher encrypted damage than anyone else. Are they offering that?
    • by Zynder ( 2773551 )
      You don't understand what they mean? "Ok Gov, here's the data for one Emmett Brown, PHD, all 1.21 GB of it. I hope you got the keys otherwise you're wasting HDD space...". I know you're just trying to be "skeptical" cause that's the in thing now but seriously it isn't that hard to comprehend.
    • by jeti ( 105266 ) on Saturday August 17, 2013 @02:39AM (#44592157)

      It means that they don't provide the encryption keys. And the unencrypted data is provided to government agencies in accordance with the law. Since there are secret laws, we don't know under what conditions the data is provided.

    • by icebike ( 68054 ) on Saturday August 17, 2013 @02:50AM (#44592191)

      "A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law."

      What does this mean, exactly? That they would provide encryption keys in accordance with the law?

      It means they will decrypt the data and then hand it over.

      Its server side encryption. The server has the keys.

    • by mpe ( 36238 )
      A robust system would mean the hosting company wouldn't be more able to decypher encrypted damage than anyone else. Are they offering that?

      About the only obvious way to do this in a secure way would be "client side". Such that all that is ever stored (and transmitted) would be cyphertext. (Without it being knowlable to Google or the "spooks" even what encryption algorithm was used.)
      • Does Google charge more for data that doesn't compress? (Encrypted data doesn't compress, so if you're going to encrypt your data yourself you should compress it yourself too first.)

  • A Google spokesperson said that the company "does not provide encryption keys to any government... yet.""

    fify

  • Call me paranoid (Score:5, Insightful)

    by TubeSteak ( 669689 ) on Friday August 16, 2013 @09:21PM (#44590887) Journal

    "If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," Barth wrote. "We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing."

    That sounds meaningless.
    All that it prevents is interception of data to/from your computer.
    It does nothing to stop the NSA from requesting your data from Google, who would control your encryption keys.

    A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.

    Which is exactly my point. If they control your key, they have access to your data.

    • Re: (Score:2, Interesting)

      by Chalnoth ( 1334923 )

      It will be difficult to avoid such requests entirely, but this technology, implemented well, prevents the NSA or others from intercepting the data en route and reading it without a court order.

      I'd also point out that Google has, in the past, pushed back against data requests.

      • I'd also point out that Google has, in the past, pushed back against data requests.

        and you know that, exactly, how?

        oh right, they said so. yeah. ok. we're done here.

    • by Mitreya ( 579078 )

      A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.

      And once US starts to publicize their laws, that would maybe mean something

      For now, "in accordance with the law" means nothing because of all the secret laws or secret law-interpretations that are out there.

      • by smhsmh ( 1139709 )

        Ummm, if you want to store your data in Google's cloud, or anyone else's, then all you need do is encrypt it before uploading. Then the responsibility for keeping the key secret is yours. If Google reencrypts your data, there is usually no significant gain or loss of security. You can even share documents with anyone else who has the key, perhaps delivered by carrier pigeon. (Surprisingly, multiple different encryptions can sometimes be weaker than any of the individual encryptions - read that somewhere

        • by Tr3vin ( 1220548 )
          The thin client can be a little bit fatter, though. Since Google provides a web browser, why not add support to it to use your key to decrypt the data on your end? That way, the data on the server is always encrypted. They could provide similar functionality for other browsers via a plugin.
          • Re: (Score:3, Interesting)

            by smhsmh ( 1139709 )

            Yes, but this prohibits use of Google's many server-side tools for editing documents, spreadsheets, calendar, etc. If confidentiality of your data is to be preserved, that data can never be transferred unencrypted out of machines you control. That prevents the server-side application from checking your spelling, evaluating your spreadsheet calculations, or anything else. The cloud becomes nothing but a distributed filesystem.

            But Google wants to read your data in order to advertise to you. That's why the

        • by mpe ( 36238 )
          You can even share documents with anyone else who has the key, perhaps delivered by carrier pigeon.

          PGP/GPG have always had the ability to generate a cyphertext which can be decrypted by multiple keys. Which might be another option if the number of people who need to share is small.
  • TFA (Score:5, Interesting)

    by PPH ( 736903 ) on Friday August 16, 2013 @09:21PM (#44590893)

    Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.

    Which is how it should all be done. Relying on Google's honesty, or some Google employee who doesn't want his fingers broken one by one, is just false security.

    • Re:TFA (Score:4, Insightful)

      by martin-boundary ( 547041 ) on Saturday August 17, 2013 @01:20AM (#44591961)

      Which is how it should all be done. Relying on Google's honesty, or some Google employee who doesn't want his fingers broken one by one, is just false security.

      No.

      That is not how it should be done.

      It should be done as follows:

      You DO NOT give Google your data IN THE FIRST PLACE.

      They have no business keeping your data for you. The sooner you learn this, the sooner you can start on the path to become a free man.

  • Fool me once.... (Score:5, Informative)

    by larry bagina ( 561269 ) on Friday August 16, 2013 @09:22PM (#44590899) Journal

    Given what we know about the NSA, NSLs, and Lavabits, " [we do] not provide encryption keys to any government" is a worthless statement. With an NSL, Google will turn over everything and won't be able to say anything about it. With an NSL, Google will be required to lie (like claiming data is encrypted when it's not). Lavabits received an NSL and chose to shut down rather than honor it and sell out their customers. Google compiles with their NSLs.

    You cannot trust Google or the cloud with your data.

    • by tftp ( 111690 ) on Friday August 16, 2013 @09:36PM (#44590995) Homepage

      You cannot trust Google or the cloud with your data.

      If you store your data in the cloud, it means that:

      • The 3rd party knows that you have some data stored, and they know its size, and they know how often you modify it or add to it. The observer does not need to have access to your private key to see that.
      • You can never be sure that the data that you deleted was in fact deleted. In most cases, due to existence of tiered backups, it will take a long time to purge your data from an honestly operated system. If the system is ran by a Google-like entity, nothing ever gets deleted.
      • If the observer wishes to decrypt your data, they can always use the $5 wrench, or (if they want to stay undetected) they can send people to duplicate your HDD or to install a keylogger.

      The best way to store your data is on your own HDD, encrypted. The observer still can break into your house, but they would have to do it without any information leading to that. (Such as they wouldn't know that you even have a computer, let alone how often you modify certain files.) Modern terabyte drives (USB 3.0 or eSATA) remove every reason to bother with cloud storage - unless you want an additional bottleneck in form of the Internet link and a bunch of additional vulnerabilities, often for a small extra fee. Most people would be perfectly happy with an encrypted USB Flash disk (IronKey etc.) that they can always carry with them.

      • http://www.foreignpolicy.com/articles/2013/07/16/the_cias_new_black_bag_is_digital_nsa_cooperation [foreignpolicy.com]

        During a coffee break at an intelligence conference held in The Netherlands a few years back, a senior Scandinavian counterterrorism official regaled me with a story. One of his service's surveillance teams was conducting routine monitoring of a senior militant leader when they suddenly noticed through their high-powered surveillance cameras two men breaking into the militant's apartment. The target was at Friday evening prayers at the local mosque. But rather than ransack the apartment and steal the computer equipment and other valuables while he was away -- as any right-minded burglar would normally have done -- one of the men pulled out a disk and loaded some programs onto the resident's laptop computer while the other man kept watch at the window. The whole operation took less than two minutes, then the two trespassers fled the way they came, leaving no trace that they had ever been there.

        It did not take long for the official to determine that the two men were, in fact, Central Intelligence Agency (CIA) operatives conducting what is known in the U.S. intelligence community as either a "black bag job" or a "surreptitious entry" operation. Back in the Cold War, such a mission might have involved cracking safes, stealing code books, or photographing the settings on cipher machines. Today, this kind of break-in is known inside the CIA and National Security Agency as an "off-net operation," a clandestine human intelligence mission whose specific purpose is to surreptitiously gain access to the computer systems and email accounts of targets of high interest to America's spies.

        Stealing passwords with a key logger or phishing e-mail undoubtedly involves less paperwork than using the rubber hose.

      • by mlts ( 1038732 ) *

        What might be a good use for cloud is backups. Not live storage like box.net or Dropbox, but an encrypted blob of data [1] that is tossed onto a remote site and read from it as one large object.

        With this in mind, managing remote data becomes an issue of key management. If each remote file is stored with a different key, just erasing that key (could be a password, or an actual keyfile as in the case of TrueCrypt) would ensure that the remote data isn't usable by anyone short of a complete AES break.

        The adv

        • by icebike ( 68054 )

          Backup is all i use cloud storage for.

          Some of it mildly proprietary. For that I use SpiderOak.com. Its client side encryption and They. Don't. Have. The. KEY.

          • Doesn't matter at all. It's a US company and they have full access to your machine. Or is the endpoint software open source and has been compiled and security audited by yourself?

          • Some of it mildly proprietary. For that I use SpiderOak.com. Its client side encryption and They. Don't. Have. The. KEY.

            Can you be fully sure you are protected? It seems they use their own proprietary client to transfer the data. At that point, well, they can do pretty much anything. Maybe there is another "NSAKEY" which works as an alternative universal key to decrypt any backup. Or maybe a three-letter-organization forces them to deliver a secret patch which contains an exception for your user account and suddenly makes it send everything unencrypted.

          • by chihowa ( 366380 )

            SpiderOak derives your key from (only) the password that you log into the website with. That password is also stored as a hash on their webserver. Make sure you choose a good password, because that few bits of entropy are all that are protecting your data, and it's very probable that the NSA have ever-growing rainbow tables to bypass the hash.

            But really, like all third parties, you have to take SpiderOak's claims at face value and decide whether you really want to trust a third party with sensitive data. Yo

            • by icebike ( 68054 )

              Your website log in key is not your spideroak encryption keep. You can't deduce one from the other unless you were stupid enough to use the same key for both.

              • by chihowa ( 366380 )

                That's an odd thing to say, since it's demonstrably not true. I just set up a new account with them, picked a password of "1" (which didn't didn't set off any warnings, even though that is the sole secret protecting all of the data), then logged into the website with that password.

                Furthermore, you can't change one password separately from the other. As listed on their site:

                NOTE - PASSWORD CHANGE: Due to our security measures, you may only change your password within the SpiderOak application. This ensures our zero-knowledge privacy environment. You may change your password within the application by opening the 'Account' section in the upper right corner.

                • by icebike ( 68054 )

                  When you first set up the account they may be the same, but from then on out, you need never access the website again. But if you do they don't write it to disk. So if you dont trust SSL, just don't visit the website. Do everything through the client.

                  You can't change the password on the website. (Why? Because they recognize that is insecure). You can only change it in the client application (a locally installed piece of software), and as soon as you do that your machine gets busy re-encoding all of you

                  • by chihowa ( 366380 )

                    Even if you don't access their site again, they still have your password in plaintext long enough to make a hash for the webserver to use. If you do ever use their site again (which many people might do: for instance, their site is the only way to buy more space), the login page on their site is a simple POST for the submission of the password so it's easy enough to snatch it there if they were compelled to. That's not even getting into their use of a closed source server and client and unverified crypto im

                • by icebike ( 68054 )

                  Oh, forgot, go carry on your argument with SpiderOak. Start here: https://spideroak.com/engineering_matters [spideroak.com] where they explain exactly how it works.

                  • by chihowa ( 366380 )

                    Basically, your whole argument boils down to "they say...", "they say...", "they say...", but you're given no means to verify any of it. That's not how you do security.

                    Do you know the people running SpiderOak? Then why do you trust them so implicitly?

                    Even a layered approach, like TrueCrypt on Google's "encrypted" Cloud dilutes the trust you need to put in any one party. You're putting all of your eggs in one basket, which has exploitable holes, and trusting that basket entirely because of the basketmaker's

    • You cannot trust Google or the cloud with your data.

      Doesn't this really boils down to, you can't trust your government? Nothing is safe.

    • by TheGratefulNet ( 143330 ) on Friday August 16, 2013 @10:12PM (#44591201)

      Google compiles with their NSLs.

      interesting. the rest of us use gcc. does nsl optimize better?

    • I trust them with my unimportant data as its not important if its seen like a book i purchased or a movie ( its still wrong of course ). I also trust them to house my pre-encrypted data, where i hold the key.

  • Red riding hood (Score:5, Insightful)

    by TheP4st ( 1164315 ) on Friday August 16, 2013 @09:23PM (#44590903)
    When I was 8 years old Red Riding Hood seemed convincing enough to be true.

    Fool me once..

  • Server side encryption is only potentially beneficial for limited data breaches where the attacker gains access to the data but not the keys. In the case of government requests, they have the same rights to ask for the keys as for the data. Perhaps if there is a seizure of entire disks then having encryption may oblige them to ask for specific keys and therefore protect your data from snooping when you are not the target. It is also unclear exactly how unique/granular the keys are.

    • by fa2k ( 881632 )

      It also protects against theft of the physical servers and residual data on discarded drives. Not as big of an issue for Google, but server side encryption is good for small operations.

  • by Nimey ( 114278 ) on Friday August 16, 2013 @09:30PM (#44590947) Homepage Journal
    This is not Google Drive that's getting automatic encryption, it's their Cloud Storage, which is only available to developers.
  • If your data is worth encrypting, do you really want it in the cloud at all? The internet never forgets. Given the rapid advances in both raw compute power and cryptography, something that takes unimaginably long to brute force today, might be trivial to crack in just a few years.
  • Convenient (Score:5, Informative)

    by elysiuan ( 762931 ) on Friday August 16, 2013 @09:35PM (#44590977) Homepage

    In other news leaked internal NSA documents show that they only begin to have trouble cracking AES at 256-bit key sizes and higher.

  • by Anonymous Coward on Friday August 16, 2013 @09:38PM (#44591009)

    The summary leaves out a critical bit of the company spokesperson's quote from the article: they won't give anyone your encryption keys directly, but they'll happily USE the encryption keys they're managing for you to decrypt your data and give the decrypted data to anyone who makes a legal request.

    All this buys you is a tiny bit of defense in depth in case someone tracks down the Google server(s) that are storing your data, breaks into the data center, and physically yanks the hard drive out of the machine. Doesn't do anything to prevent a government from getting access by asking politely, and doesn't do anything to address the wide-open front door of someone guessing your account password.

    If you care at all, you should be using client-side encryption. If you don't, this is just adding extra latency.

    • by TCM ( 130219 )

      "In accordance with the law" is a hollow phrase when the laws itself are unjust or secret to begin with.

      Everyone following your "laws" and not openly disobeying them is in good company with people "just following orders" in 1933's Germany.

  • "does not provide encryption keys to any government."

    Means, "we provide encryption keys to the whim of any government." Guessing this is true.
  • by aviators99 ( 895782 ) on Friday August 16, 2013 @10:02PM (#44591141) Homepage

    When I first read the summary I thought Google was going to provide me a way to manage my own keys in a practical sense. I would like for my browser to automatically decrypt when I download from Google Drive using private keys stored on my local store (with a pass phrase, of course).

  • by mbone ( 558574 ) on Friday August 16, 2013 @10:07PM (#44591175)

    "does not provide encryption keys to any government."

    Based on recent evidence these words mean absolutely nothing* and you would be a fool to trust them.

    * That doesn't mean they are technically a lie. Maybe 128 bit AES has a hidden weakness. Maybe there is NSA sponsored back door to their code. Who knows?
    Who, except for the forensic types, cares?

  • This is the same Google that insists in court: of COURSE we read your email... why would you expect anything else, right?

  • Sing the song (Score:5, Insightful)

    by gmuslera ( 3436 ) on Friday August 16, 2013 @10:13PM (#44591207) Homepage Journal
    Obama killed the cloud star. Google must comply with legislation, they could deny (at least till NSA summons another secret law that essentially says all your data are belong to us), but at least for citizens of other countries, or americans that contacts them they must give the data anyway. Once they put in the tables laws that force you to do something and not speak about it you can't trust in anything they say, you just can't decide if its true or is a lie that is forced to say (even assuming their best good will in this topic).
  • The encryption master keys are subpoenaed under a NSL by our good friends looking out for us, so nothing bad happens.
  • The only really secure data are the ones written to your own HDD in your safe in your basement, encrypted with opensource program, with part of encryption key entrusted to some friend who is instructed to return it to you when he is satisfactorily ensured that you are not under coercion.

  • by FuzzNugget ( 2840687 ) on Friday August 16, 2013 @11:01PM (#44591381)

    OK, so you have the option to manage your own keys, but we're trusting that Google doesn't copy your keys when you create them and that they don't have a backdoor. Based on recent revelations, I wouldn't put either past them.

    Once Google unequivocally tells the feds to fuck off the next time they come sniffing around for user data, I'll put some stock into such supposed privacy measures.

    • Once Google unequivocally tells the feds to fuck off the next time they come sniffing around for user data, I'll put some stock into such supposed privacy measures.

      Google refuses ~30% of government requests for user data.

      Keep in mind that most requests are subpoenas (which can only get extremely limited data; name and IP address, basically), court orders (which can get a bit more, but not e-mail contents) and search warrants, and I think it's quite likely that if you were in a position to look at the requests and their rationale, you'd agree that most of them are legitimate and not only legally must be respected, but should be respected, because it's the right thing

  • It might have been. But too late now.

  • What they will do is snoop your connection for when you input the password. Https connection? They will have the cert keys already.

    You might as well be using open to send the password.

    Unless you are uploading locally encrypted files to the cloud (for convenience I suppose) and never sharing keys except in person you should be fine.

    Until they kick your door in that is.
  • I don't understand all the cynical comments about the government forcing Google to decrypt everyone's data.

    Would 128-bit AES encryption really bother the NSA that much? Would it even bother a committed hacker that much? If anything, this will just provide Google with a little ass coverage in case they every get hacked by someone other than the NSA.

    But seriously, if this is something that you're really worried about, you should be encrypting your online storage yourself. Or better yet, don't store anythin

  • I don't see how anybody could trust them at this point.

  • Google doesn't need to give the keys to anyone if the algorithm is insecure.
  • "A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law.".

    First of all NSA lied to congress so how do we know that the Google spokeswomen is not lying also? Secondly if the laws are secret then how does the public know what is in accordance?

  • Why listen to a known liar?
  • If you strain to look at things in the best possible light, you will figure out there are some scenarios where this helps. And if you take a pessimistic view, I think the conclusion is that this is completely harmless. Unfortunately, it's also very dishonest, so Google earns a demerit anyway, but that's another topic that plenty of people are already going on about. ;-)

    Obviously this doesn't protect the data if Google is coerced into giving up the key, or if Marketing decides there might be profiling adva

  • Google has the keys to encrypt and decrypt. So I agree, they can still send the my information to NSA without sends the keys. Corporates thinks we are stupid. At least we are not SO stupid....

BASIC is to computer programming as QWERTY is to typing. -- Seymour Papert

Working...