A little more than a year ago, we found out from the Snowden documents that Google's internal network has been hacked by the National Security Agency, which meant that everything that went through the company's servers was up for grabs by the NSA.
At the time, Google's executives and engineers became infuriated, and they set out to drastically improve the company's security. Only a few months later, the company announced that data would now be encrypted at rest, so even if some malicious attackers tap into their networks, they can only get encrypted data.
At a recent conference, Eric Schmidt, Google's Chairman, said that the NSA hacking news shocked him as well, and that because of that hack and all the other revelations, foreigners now trust U.S. tech companies less with their data. He also said that after Google's security fixes and improvements, the company's cloud is now the safest place to keep your data.
Going by Google's past track record with adopting modern security policies, that's likely to be true. However, even if it is "the safest place" to keep your data, that still doesn't necessarily make Google "NSA-proof." Google believed its data was safe before, too, and then we found out from an NSA whistleblower that in fact the NSA had full access to Google and its users' information.
Granted, at the time Google was expecting attackers such as random individual hackers or at worst, the Chinese government (which also hacked some of its servers in 2010). The company did not expect that its own government, which could have local physical access to its network cables, would try to hack it.
Schmidt tried to emphasize that Google's priorities, in terms of security, are aligned with those of its users:
"Google's job is [to] build stuff that delights customers. When governments illegally invade their privacy, that's like a negative. It's easy to understand why we'd make these systems stronger."
Government backdoors are also a bad idea, according to Schmidt:
"It'd be great, if you're the government, to have a trap door, but how do we at Google know that the other governments are not taking over the trap door from you?" said Schmidt.
Here, Schmidt was repeating what many security experts have been saying for a long time -- building a backdoor for anyone, even for the US government, means building a backdoor for everyone, because anyone could eventually learn about it and exploit it (potentially in secret and for many years before discovered).
Google backed Eric Schmidt's words earlier this year when it implemented default encryption for all devices that would come with Android 5.0 installed by default.
The task of securing its services is far from over, though. Earlier this year, Google promised an End-to-End encryption extension for Gmail, but so far there haven't been any other updates on that project. Also, while highly popular chat app competitors are adopting end-to-end encryption left and right, Google's Hangouts has yet to do the same.
Google has services that are used by hundreds of millions of people. That puts the company in a position where it could drastically improve the security of their conversations without users having to do a thing. Google just needs to start taking that responsibility even more seriously than it has so far.