Google Testing File Encryption to Protect Drive Users

Unnamed sources told CNET that Google is currently experimenting with encrypting Google Drive, and has already encrypted a small percentage of files.

The move arrives in the wake of revealed classified slides owned by the NSA which show that the government uses PRISM, a program that collates data provided by companies as required under the Foreign Intelligence Surveillance Act. PRISM does not collect encrypted data unless the government possesses a key.

Typically files are transmitted to Google Drive in encrypted form, but the data is stored in Google's data centers in an unencrypted manner. However if Google encrypts those files, then the company will not be able to divulge the stored content even if police obtain a search warrant for domestic law enforcement purposes, or if the NSA filed a legal order under the Foreign Intelligence Surveillance Act.

Currently the details surrounding Google's encryption experiments were not available to the sources, but there's speculation that the company may be performing the encoding and decoding on its own servers. If that's true, then a government agency wouldn't be able to obtain unencrypted text from customer files even with a search warrant or subpoena. Instead, they would need a wiretap order forcing Google to intercept and provide the user's login information the next time its typed in and submitted.

"Mechanisms like this could give people more confidence and allow them to start backing up potentially their whole device," said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation in San Francisco.

It's typically not standard practice to encrypt files while they're stored in the cloud, but to provide a secure, encrypted connection when uploading and downloading those files. That's due to the complexity and the difficulties in indexing and searching encrypted data. The additional computing also comes with an added expense. That said, will Google charge an extra fee to provide on-site encryption, or will this added expense come straight out of Google's pocket?

Even more, will Google eventually be forced to break its own encryption to supply data to the government like Microsoft? That's what documents supposedly claimed last week, that the Windows company worked with the NSA to "circumvent the company's own encryption" as part of PRISM. In regards to Outlook.com., Microsoft General Counsel Brad Smith said that legal obligations force the company to pull specified content "from our servers where it sits in an unencrypted state, and then we provide it to the government agency."

There's that term again: unencrypted state. It's hard to imagine that our data resides on the cloud without encryption. The data is protected to and from the destination, but they're wide open for the taking otherwise. Of course, our files typically reside on our hard drives unencrypted, but that's a given: it's our hardware, and it should be a completely different story when data is stored alongside a stranger's own files on the Internet. Suddenly cloud storage has become an unattractive solution.

Still, Google, it seems, is trying to protect user privacy on the server side. CNET noted that Google is also fighting the Justice Department over secret national security letter requests in two separate federal courts. The company was also the first major company to adopt "perfect forward secrecy" for Web encryption. This technology protects the confidentiality of user communications even if a government is eavesdropping on the network.

  • COLGeek
    Yet another risk of storing documents in "the cloud". No, thanks.
    Reply
  • fimbulvinter
    Except you know they will be putting a backdoor in for the NSA anyways.
    Reply
  • ddpruitt
    It's hard to imagine that our data resides on the cloud without encryption.

    You obviously have a limited imagination. Encryption isn't done for the very reasons mentioned, it's difficult, expensive, and makes indexing more difficult. Encrypted data also tends to take more space and slows things down. I can see why it's not encrypted, that's why I only store information I don't mind getting out to the public on the cloud or I encrypt it myself before storing it. The only people surprised by all of this are the people who don't know anything to begin with.

    If you really want secure storage you secure it on YOUR end not after it's been transmitted and stored who knows how many times. Simple enough.
    Reply
  • rantoc
    So indexing is good when you want to protect the data? *LOL*
    So its hard to set up encryption using pw hashes as key? *LOL*
    So it takes more space to have data encrypted? *LOL*

    All it does is taking some more cpu cycles or better yet use dedicated encryption hw and it will even be transparent.

    But sure spread disinformation trying to fool peeps its "bad" to encrypt their personal data so its easier to monitor.

    Who is having the truly limited imagination? The one being a gov drone id'd say!
    Reply
  • nevilence
    in my opinion you would be a fool to store anything online that you werent prepared to have someone look at. Nothing is untouchable these days
    Reply
  • cats_Paw
    If you want to have safe data just have a PC you dont conect to the internet at all. Use some old PC FFS. People always complain about everything instead of actually doing something about it.
    Reply
  • thebeastie
    I remember a while back people swore that their files were encrypted on Dropbox.
    This makes me angry that people believe such things. "Basic Retard Elimination Test" -> if you can log into to a web site with a basic web browser and view your files or share them with other people then its NOT ENCRYPTED.. no matter how its "stored"

    http://www.wired.com/threatlevel/2011/05/dropbox-ftc/
    ^^ READ THIS, everyone seemed to believe their stuff is some how "MAGICALLY" encrypted until this came out for dropbox.
    Reply
  • Mark Elhum
    the cloud services are supposed to be alread encypted and tested, why they adoing it now, anyways using vpn tools (http://www.bestvpnservice.com) to engage hackers and sneakers with good business.. ty
    Reply
  • randomizer
    11184662 said:
    in my opinion you would be a fool to store anything online that you werent prepared to have someone look at. Nothing is untouchable these days

    Encrypt it yourself first and then it's fine to store it in a datacentre. If they want to encrypt it a second time that's their business, but without the original key (and assuming your key isn't weak) there is no practical way to access the original file(s).
    Reply
  • nevilence
    11198868 said:
    11184662 said:
    in my opinion you would be a fool to store anything online that you werent prepared to have someone look at. Nothing is untouchable these days

    Encrypt it yourself first and then it's fine to store it in a datacentre. If they want to encrypt it a second time that's their business, but without the original key (and assuming your key isn't weak) there is no practical way to access the original file(s).

    surely if NSA or PRISM was interested in you, encryption would not count for much (maybe a little naive there)
    Reply