On 21.08.2013 00:40, rysiek wrote:
Explained it already 2 times, if anybody else asks, I'll be happy to do it for the third time.
Ok. I think I get the point.
But do they have the legal right not to hold those keys? Or this matter is irrelevant to you?
This matter is very relevant to me. I believe if somebody is saying "we offer encryption", the encryption should be actually, you know, protecting the data.
My question was if they can, given the US law, do such a thing. You have repeated the previous statements. I offer encryption means precisely «I offer encryption». If there is a full stop after that, than the rest is fantasy. Take for example the fact that I do full disk encryption. I have the key somewhere. Now. Someone who has the key and the hard drive has access just like without full disk encryption. Including files that I have deleted through the regular delete and not some secure method. This does not make my hard drive any less encrypted than it is. Now take another example: food containing dead pig meat sold in an islamic country as chicken or just «meat». In the first case it's a lie, it might as well write «no meat at all». In the second is a lie by omission. Do not confuse the two cases. Google never ever stated the rest. It's just your imagination.
As it stands now, the GCS encryptions doesn't protect the data from government snooping, from a rogue admin that has access to the master key, and probably from several other scenarios.
Have they said «we protect your data from the government»? I am sure to have missed that one. Same goes for the other scenarios mentioned.
And the Google's rep saying "we do not provide the keys to the government" reeks of PR-speak and deception. Of course they do not provide the keys, they can simply provide the cleartext, de-ciphered first via the master key.
What? You are strange. They do not have to. Most important providers are bugged BEFORE the data reaches their servers. So it's first the Men in Black. Than is the server. Than is my computer. On the other hand you have the power of law. Once there is a data storage one can ask a judge to write a special kind of legal letter to which the storage manager HAS to comply. So the whole chain starting with the investigator and ending with the judge couldn't care less about key, algorithm, hard drive size, CPU type, how many GHz the memory bandwidth. They ask for the data and they are going to receive it or a very convincing explanation. That was established way before computers were invented. And if you care about this aspect you are free to campaign against it. It's ONLY between you and the law. Google, the investigator, the judge, the postal service and all the others just comply.
But that's not what they are saying.
They are saying they use encryption, and with several keys/levels. They are saying that during the whole PRISM debate heating up, a debate mind you that has Google among the NSA cooperators. They are even claiming they are not providing the keys to the government, so as to suggest even more strongly that they have cleaned up their act:
"A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law."
Right. This is precisely what I have read.
When in fact -- as far as PRISM-related stuff is concerned -- they have done anything but.
Pardon my thickness. How?
Isn't it ironic? So Google SHOULD make things easier for you to tell people to use other services?
No. Google SHOULD provide safe, privacy-aware services and encryption that actually truly protects the data, or at least not claim to do so if they have no intention to.
Sure. Also the pope should stay away from gay people since the year 300. Rich people should help as many poor as they can. One should rise in the bus and give the seat to an old gentleman or lady. But we live in a far from ideal world. That to play your game. Otherwise Google does that already. It's safe. Because then can send you an SMS to recover your free account at their expense. They ask the security question each time you log in from a different location. And so on. They are privacy aware as they don't share your emails with your inquisitive mother. Something you can't say of the postal service or a chatty general practitioner. And given the evil janitor or the evil admin steal the hard drive with your mail they won't be able to read it. Sure, you can idealise it to the extreme. But in real life and real world that is already enough for a free / cheap service. You too should be more concerned with the employer, school, relatives or neighbours than with NSA. Please do notice than I am not saying it's a good thing what NSA does. Only that it is a distant threat. One as concerned as you are already does have a personal mail server somewhere. One should give thanks to someone like RMS for the ability to have that at the cost of the hardware components plus the power bill.
Or, using your "let's turn the tables and see where that goes" method: So Google CAN lie and deceive the users by claiming or suggesting to provide a level of service they have no intention of providing?
They don't lie. They don't deceive. Not in this case. The problem is elsewhere. Think about it a couple of minutes.
Sounds like the new anti–gay legislation in Russia: making it easier for priests to preach homofobia.
Nicely done. I see we have a Schopenhauer admirer. "The Art of Being Right" is a great little book indeed: http://en.wikipedia.org/wiki/The_Art_of_Being_Right
I'm just not sure if that's #8, #12 or #32. I'd go for #32, I guess.
Guess that spells «time to give it up» for me.