Keep in mind that not all law enforcement (or the broader class of potential adversaries) will have access to NSA/FBI-type capabilities or even NSLs and such, not to mention that it provides additional protection in case a Google server is breached. Having spent time chatting with some of their security people, including members of their incident response team, I'm not so cynical that they view anything like this as a reason not to secure their stuff. I find it far more likely that they see this as adding an additional hurdle for adversaries to clear. On Mon, Aug 19, 2013 at 7:30 AM, rysiek <rysiek@hackerspace.pl> wrote:
On Mon 19 Aug 2013 07:35:10 AM EDT, rysiek wrote:
Dnia poniedziałek, 19 sierpnia 2013 13:12:35 Lodewijk andré de la porte
Dnia poniedziałek, 19 sierpnia 2013 08:02:38 Dan Staples pisze: pisze:
AES-128 is obviously not secure enough against NSA-type attacks. It works against the random raid of the servers, the exploitative sysadmin and perhaps even the remote exploit in the software. It also allows Google to run storage nodes at a lower security level, which might help them smooth operations.
Nothing there to help against the agencies.
But the algo is really completely irrelevant here. They could have used OMGWTF-8096 and it would still be irrelevant. If the keys are being held by Google -- and as far as I understand, they have to -- the whole encryption is moot.
They don't have to give the government the keys. They can just hand over the cleartext...
The point about running nodes at a lower security level is interesting,
though. Maybe that's the whole point: - Hey Joe, if we encrypt user data (and hold the keys), we could care less
about these nodes' security.
- Hey, yeah, Jack, this seems to be a good idea; and we could sell it to
people as a "security enhancement", esp. after PRISM.
- Oooh, I like this. I'll be talking to PR dept right away!
Not so sure we need to be quite so cynical. Obviously this encryption is useless against state-level agencies, since data is encrypted server-side and Google manages the keys ( although the fact that they think they won't be obligated to hand the keys over to the gov't is bullshit). However, what I think is important to see in this story, is that Google is responding to pressure from the public to take privacy and encryption more seriously. This is an opportunity for security and privacy activists to push for real security solutions for user data storage, that involve strong *client-side encryption* of data.
I see it purely as a PR stunt, a pre-emptive strike against services that are bound to spring-up, offering *real encryption* and *real security*. Now Google can say "we're already offering that" and good luck with explaining to John Doe why this is not quite the same...
-- Pozdr rysiek
-- @kylemaxwell