Google to encrypt cloud storage

rysiek rysiek at hackerspace.pl
Tue Aug 20 15:40:09 PDT 2013 

Dnia środa, 21 sierpnia 2013 00:16:38 Moon Jones pisze:
> On 20.08.2013 14:52, rysiek wrote:
> >> Could you expand on «this is very, very bad for us»?
> > 
> > Well, if it's the developer-oriented GCS, not Google Drive, it's just a
> > bit
> > less bad for us.
> 
> I have to admit I haven't even noticed what Google service was involved.
> Still, what's «bad» about it?

Explained it already 2 times, if anybody else asks, I'll be happy to do it for 
the third time.

> > Thing is, this encryption scheme (in which, from what I read, Google has
> > access to "master keys" and has the technical ability to decrypt data once
> > it's subpoenad) brings no additional safety to users.
> 
> But do they have the legal right not to hold those keys? Or this matter
> is irrelevant to you?

This matter is very relevant to me. I believe if somebody is saying "we offer 
encryption", the encryption should be actually, you know, protecting the data. 
As it stands now, the GCS encryptions doesn't protect the data from government 
snooping, from a rogue admin that has access to the master key, and probably 
from several other scenarios.

And the Google's rep saying "we do not provide the keys to the government" 
reeks of PR-speak and deception. Of course they do not provide the keys, they 
can simply provide the cleartext, de-ciphered first via the master key.

> > It sounds great ("we
> > support encryption! and we're doing it with several keys! that has to be
> > safe, eh?"), but it does effectively nothing to actually protect users
> > and their data from PRISM and similar programmes.
> 
> But that's not what they are saying.

They are saying they use encryption, and with several keys/levels. They are 
saying that during the whole PRISM debate heating up, a debate mind you that 
has Google among the NSA cooperators. They are even claiming they are not 
providing the keys to the government, so as to suggest even more strongly that 
they have cleaned up their act:

"A Google spokeswoman said via email the company does not provide encryption
 keys to any government and provides user data only in accordance with the
 law."

When in fact -- as far as PRISM-related stuff is concerned -- they have done 
anything but.

> > And that means it will be this harder for us to explain why this is a bad
> > scheme ("wait, you're saying encryption is evil? now I am confused!") and
> > why people should use other methods of protecting their privacy and their
> > data.
>
> Isn't it ironic? So Google SHOULD make things easier for you to tell
> people to use other services?

No. Google SHOULD provide safe, privacy-aware services and encryption that 
actually truly protects the data, or at least not claim to do so if they have 
no intention to.

Or, using your "let's turn the tables and see where that goes" method:
So Google CAN lie and deceive the users by claiming or suggesting to provide a 
level of service they have no intention of providing?

> Sounds like the new anti–gay legislation in Russia: making it easier for
> priests to preach homofobia.

Nicely done. I see we have a Schopenhauer admirer. "The Art of Being Right" is 
a great little book indeed:
http://en.wikipedia.org/wiki/The_Art_of_Being_Right

I'm just not sure if that's #8, #12 or #32. I'd go for #32, I guess.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20130821/f8ddc908/attachment-0002.sig>

More information about the cypherpunks mailing list