Ever since the news first broke about the U.S. National Security Agency (NSA) using the PRISM program to monitor metadata on communication, and subpoena further data from various companies there has been widespread fear of (and jokes about) the NSA tracking everything we do online. In an effort to help quell those fears, Google has announced that it will automatically encrypt Google Cloud Storage data, but we're not sure that will actually fix the problem.
To be clear: encryption is definitely a good thing, and it can help guard against information getting out if a server is hacked or otherwise compromised. But, it's unclear how Google's new system would guard against the NSA's legal (albeit disturbingly Orwellian) tactics for obtaining data. And, most importantly, this new method only applies to Google Cloud Storage data
, which is designed more for developers and enterprise. This new policy doesn't change how consumer data is handled in Gmail, Drive, or Google+.
Encryption and keys
Google's new automatic encryption would use the 128-bit Advanced Encryption Standard (AES); and, data would be encrypted on Google's end "before it's written to disk." The encryption takes on three phases: first, user data and metadata would be encrypted using a unique key, that key is then encrypted using a second key associated with the data owner, that is finally encrypted using a "regularly rotated" master key.
This means that data would be sent to Google, encrypted, then saved, which means Google won't save copies of the unencrypted data. But, that data will still be processed as usual for keywords, and relevant data that is used in various Google services.
The trouble with this method is that Google still holds the keys to the data, which means that when the NSA comes calling for data with legal authority, Google can still hand over the data after removing the encryption from it. Google says that the master encryption keys will be changed “regularly” and that they will be stored in the same way that Google stores encryption keys for its own data.
Why Google can't go all the way
The problem is that Google is caught in a bit of a bind when it comes to delivering a similar system for user data in Gmail or Drive. As a comparison, the safest way to handle user data is how Apple does with FaceTime and iMessage. Apple encrypts FaceTime and iMessage data on the device before sending
it through Apple servers, so Apple can't even access the data. But, this method has it's drawbacks.
It is much easier for Apple to build a system like that for specific products when the software only runs on Apple hardware and the ecosystem is tightly controlled. For example, FaceTime and iMessage data is the only Apple data included in this extra-safe encryption, and doesn't extend to mail, SMS, or anything else on your device. Google can't do that because it is platform agnostic. Google software always starts in the browser, and moves out to native apps on various platforms. But, the data essentially always lives on Google servers and rarely even originates from local storage.
Plus, if Google were to do that, all of the products that are so useful from Google like Google Now, personal search, etc. would all cease to exist, because Google wouldn't be able to access your data. If Google has no way to decrypt data, then it can't scan your Gmail for flight info and package tracking info, or your Calendar for appointments. As we have talked about before, there is value in being more open, and the corollary to that is that there is a cost to being more private.
And, of course, while there is a cost/benefit comparison to be made for what would happen to you if Google adopted a stricter encryption policy, there is also cost/benefit for Google itself. If Google were to somehow start encrypting data before it gets to its servers, Google it would not only lose out on offering the products that make it stand out from the competition, but it would lose big because it wouldn't be able to learn about you, or find keywords to serve up better (and more profitable) ads.
Ultimately, this is a good step forward for Google and definitely a much needed addition to its Cloud Storage platform. The addition of extra encryption will help to beef up security, but it is dangerous if anyone takes this as proof that Google is adding protection against the NSA. Unfortunately, the only protection Google could add in that regard would also lead to a huge hit in both Google's profits, and Google's ability to offer innovative new products that attract users.