Google to automatically encrypt Cloud Storage data, but this shouldn't ease NSA fears
0. phoneArena 16 Aug 2013, 11:53 posted on
Ever since the news first broke about the U.S. National Security Agency (NSA) using the PRISM program to monitor metadata on communication, and subpoena further data from various companies there has been widespread fear of (and jokes about) the NSA tracking everything we do online. In an effort to help quell those fears, Google has announced that it will automatically encrypt Google Cloud Storage data, but we're not sure that will actually fix the problem...
This is a discussion for a news. To read the whole news, click here
1. PK1983 (Posts: 215; Member since: 08 Aug 2012)
What the NSA does might be legal under the letter of the law, it is certainly not under the spirit of the law. The people who supervise this intrusion are the ones writing the laws, the people who are under them truly have very little to no say. When a govt. is more concerned with say someone selling unpasteurized milk on their farm then the illegal immigrants and drug cartels that pass freely across our borders daily, that govt. needs to go asap.
2. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)
As long as any product (including Apple's iCloud mail) does the encryption at the server level, it will not be secure. The exploit is called man-in-the-middle. NSA (through its national security letters) tells the server owner (Google, Apple, MS, etc.) to give it the data it wants, and the server owner complies.
There is no more 4th amendment to the U.S. Constitution! The legislative (Congress) branch has passed a law (USA Patriot Act), the executive (POTUS) branch actively uses and abuses the law, while the judiciary (FISA court, whose judges are all appointed by John Roberts the Chief Judge of the Supreme Court) rubber stamps the abuses. All 3 branches of the U.S. 'democracy' have been perverted.
At least Snowden decided to expose the perversion. As a contractor, he has NONE of the protections that would be afforded a whistleblower (to claim whistleblower protection, you have to be an employee of the U.S. govt.).
3. Napalm_3nema (Posts: 1482; Member since: 14 Jun 2013)
True, even iCloud mail is compromised, but at least the messaging systems are not. FaceTime and iMessage encryption is a good thing. All of the mobile OSes should strive for as much protection from prying eyes as possible.
4. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)
iMessage is only encrypted for iMessage to iMessage sessions. SMS to iMessage is not encrypted. Not making an issue; just clarifying.
5. CipherCloud (Posts: 1; Member since: 18 Aug 2013)
Everyone knows that that server side encryption cannot protect your date from any threats i.e. an account hijacker can still download all your info, a disgruntled sysadmin at Google can still access your keys and your data etc. Also, in the case of a business their compliance for HIPAA, PCI, etc. remain unsolved as Google is not taking any legal liability, in the event of a data breach. As a result the business will end up paying for all legal liability including breach notifications. The ever important Data residency issue is also not solved with Google’s approach as your data and keys to encrypt/decrypt are both in the Google cloud. And last but definitely least – especially in the spotlight of government disclosures i.e. NSA Prism is also not addressed by Google’s approach.
6. MyJobSux (Posts: 86; Member since: 01 Apr 2012)
Rule of thumb is this, if its accessible to the internet its not secure. You could run your own mail, storage, etc server on your own personal network and even then your still vulnerable if not more so depending on your knowledge of networking, security and administraion. The best way to protect your personal info and data is to simply not put it out there anywhere. Maybe you can get a computer stripped of network abilities and store data there. Of course you would want to lock it up in a safe, then inside a secured room, which is alarmed, under camera surveilance but would that be enough? You would want to watch it and make sure no one tried to access the room so your life would be watching a sealed door wondering if someone is tunneling under the floor and into the safe to get your data. Paranoia is a virtue, because the enormous growth in vulnerability reports really does show that attackers are out to get you!