Eric Schmidt: NSA Revelations Made Google More Secure Than Ever

By Lucian Armasu
published

A little more than a year ago, we found out from the Snowden documents that Google's internal network has been hacked by the National Security Agency, which meant that everything that went through the company's servers was up for grabs by the NSA.

At the time, Google's executives and engineers became infuriated, and they set out to drastically improve the company's security. Only a few months later, the company announced that data would now be encrypted at rest, so even if some malicious attackers tap into their networks, they can only get encrypted data.

At a recent conference, Eric Schmidt, Google's Chairman, said that the NSA hacking news shocked him as well, and that because of that hack and all the other revelations, foreigners now trust U.S. tech companies less with their data. He also said that after Google's security fixes and improvements, the company's cloud is now the safest place to keep your data.

Going by Google's past track record with adopting modern security policies, that's likely to be true. However, even if it is "the safest place" to keep your data, that still doesn't necessarily make Google "NSA-proof." Google believed its data was safe before, too, and then we found out from an NSA whistleblower that in fact the NSA had full access to Google and its users' information.

Granted, at the time Google was expecting attackers such as random individual hackers or at worst, the Chinese government (which also hacked some of its servers in 2010). The company did not expect that its own government, which could have local physical access to its network cables, would try to hack it.

Schmidt tried to emphasize that Google's priorities, in terms of security, are aligned with those of its users:

"Google's job is [to] build stuff that delights customers. When governments illegally invade their privacy, that's like a negative. It's easy to understand why we'd make these systems stronger."

Government backdoors are also a bad idea, according to Schmidt:

"It'd be great, if you're the government, to have a trap door, but how do we at Google know that the other governments are not taking over the trap door from you?" said Schmidt.

Here, Schmidt was repeating what many security experts have been saying for a long time -- building a backdoor for anyone, even for the US government, means building a backdoor for everyone, because anyone could eventually learn about it and exploit it (potentially in secret and for many years before discovered).

Google backed Eric Schmidt's words earlier this year when it implemented default encryption for all devices that would come with Android 5.0 installed by default.

The task of securing its services is far from over, though. Earlier this year, Google promised an End-to-End encryption extension for Gmail, but so far there haven't been any other updates on that project. Also, while highly popular chat app competitors are adopting end-to-end encryption left and right, Google's Hangouts has yet to do the same.

Google has services that are used by hundreds of millions of people. That puts the company in a position where it could drastically improve the security of their conversations without users having to do a thing. Google just needs to start taking that responsibility even more seriously than it has so far.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
14 Comments Comment from the forums
  • DalaiLamar
    Only in your dreams will Google be safer. As Google develops new apps, NSA will have more access to you.
    Reply
  • Elchi
    Eric Schmidt's statement is in contradiction with Google's own business model.
    By example Google's search engine does (anonymously?) scan your Gmail repository in order to identify center of interests etc etc. For that the information cant be encrypted.

    The only way to ensure data security stored in the cloud is to encrypt at device or PC level with your own key and store encrypted data afterwards. This is the only and safest way assuming the encryption drivers on your device have no back-door or do not secretly store the key.

    Till now Apple has been the only equivalent company which enabled such a possibility (since IOS 8 introduction). I was quite astonished but later realized that Apple business model does not rely on the valuation of its customer data so there is no bold move here.


    Reply
  • firefoxx04
    "Revelations" lol .
    Reply
  • vaughn2k
    Softwares keeps getting better every year (or everytime), but because people gets better every time. Securities may get better, but it is still built by people, that gets better, and better...
    Reply
  • ZolaIII
    I think that only fully open sourced OS can be really secure. Android is not totally opened. Encrypting device won't help you with NSA. Google won't after all under pressure do end to end encryption as they are & will stay NSA service. Google analytics can be striped down in open source software actual funny side is that they also must be striped down as they are property. So we really need Ubuntu as the first of many to come & liberate us (funny thing is Apple propagated this with first Macintosh but instead slaved you & you're valet). Their always whose safe & open sourced solution (Firefox, K9 mail with encryption) but you funny guys decide not to use them, they where not enough colorful and full of stupid options for you.
    Reply
  • surphninja
    Safe from the government tapping into it illegally? Maybe (though I would be so confident). But what about secret courts that coerce Google into handing over data? What about Google scanning & mining every single bit of your data?

    Schmidt has a very warped definition of "safe." And he's not even pretending that your data is 'private.'
    Reply
  • a1r
    How nice of Schmidt to pick our facts for us. Google updated it's infrastructure against casual intrusion and transport inspection. That's nice and dandy. And yet... That information trove Google is sitting on for all its users and their connections is completely wide open to the 3 letter agencies via national security letters and other 'requests for information' that FISA routinely rubber stamps. If you want privacy, don't put it on the internet and for sure don't use cloud backups. If it's privacy critical, use a typewriter and burn the ribbon after.
    Reply
  • Sheperd
    Poor guy, he tries to make us believe he did not know this f.......ng NSA was intercepting our data. Google is working together with them since a long time.
    Reply
  • palladin9479
    Anything that's saved on the internet must be assumed to be compromised. The only way to store data with confidence is to use a private key and keep that key, along with any backups, stored in a physical location that you control. As long as the key is kept safe then the data itself is useless.

    On a note about government agencies. They are not inherently evil, instead they are incredibly myopic and narrowly focused. They each desire to do their job and make their job as easy as possible to do, this translates into doing more with less. From their point of view, the average citizen having zero rights would be a good thing as it would make their jobs significantly easier to do. The impact of that on the citizens isn't their concern, from their point of view it's "somebody else's problem". This is why it's paramount that each of us take our own privacy seriously and protect our own data and information, government agencies will not take your best interests into account and will gladly stomp all over you if it makes their job easier.
    Reply
  • sdmitch16
    By example Google's search engine does (anonymously?) scan your Gmail repository in order to identify center of interests etc etc. For that the information cant be encrypted.

    I see no reason Google's search servers wouldn't be able to decrypt data when their Gmail servers are. The Gmail data has to be decrypted by Google at some point merely to show it to us so they obviously have the capability.
    Reply