AnonTechie points us to a Wired article, "How Google Can Repel the Attack of the NSA Quantum Computer."
From the article:
Edward Snowden, the ex-government contractor who exposed the NSA's efforts to spy on the web's most popular services, offers a simple answer to this sweeping online surveillance campaign. The way to combat NSA eavesdropping, he says, is to encrypt data as it moves across the wire. Properly implemented, he explained, today's encryption techniques work: The NSA has no way of cracking them. The onus is on the tech world to actually use them. 'You guys who are in the room now are all the firefighters,' he said. 'And we need you to help fix this.' The good news is that the giants of the net - including Google and Microsoft - are already working to encrypt data, not only as it moves across the public internet but as it travels through private lines that run between the massive data centers that underpin their many web services.
(Score: 5, Funny) by GungnirSniper on Monday March 17 2014, @09:53PM
Do you think Google has a private army to combat Three Letter Agencies? Or will they buckle if forced at wrenchpoint? [xkcd.com]
Tips for better submissions to help our site grow. [dev.soylentnews.org]
(Score: 5, Insightful) by mrbluze on Monday March 17 2014, @10:00PM
Do it yourself, 'cause no one else will do it yourself.
(Score: 2, Interesting) by Ethanol-fueled on Monday March 17 2014, @10:08PM
Google is the Three Letter Agencies.
And, gonna totally talk shit here, the "quantum computer" mentioned in the summary probably can do operations with only two qubits. It's the Mexican of computing, it claims to solve laborious problems but ends up petering out after two tasks from Tequila intoxication on the job. The NSA are much more effective at tapping where they can, and having incestuous relations with businesses.
Businesses in the high-technology and/or Military Industrial Complex are most certainly "in on it," they work hand-in-hand with the security services -- it's only one of the many variations of operating by proxy to skirt laws, and it's been even more extensive since 9/11. When are Facebook and Google going to publicly announce a new, encrypted security verified by impartial third-parties and offering huge bug bounties for exploits? Well, shit, I don't know, but it'd be in their best interests to offer more than lip-service. And by "lip-service," I mean their lips on Feinstein's cock.
(Score: 3, Insightful) by xlefay on Monday March 17 2014, @11:05PM
Pics or it didn't happen!
(Score: 3, Interesting) by etherscythe on Tuesday March 18 2014, @05:44PM
Snowden doesn't think so. His presence at SXSW came via Google Hangouts video. Across "7 proxies" hence the silly latency and video quality, but nonetheless...
Oops, I think I just outed myself as a TFA reader. And video-watching scum at that! There goes my street cred.
In any case, what may have been true is much less casual because it's no longer cool to be chummy with the spooks - they've become the creepy neighborhood watch guy you suspect of spying on your underage daughter before you get home from work. Joe Average doesn't feel too threatened though because, well, he has nothing to hide as far as he knows, but on the other hand, those politicians think the agencies're doing good things, and those guys are always up to something. If Obama thinks Langley is doing what he thinks is right, by golly something might be up. So it's now in Google's interest to distance themselves as much as possible.
(Score: 5, Informative) by davester666 on Monday March 17 2014, @11:15PM
Does google actually want to 'repel an attack' anyway? All they really want is to be able to get good press, and get paid for the data they hand over.
(Score: 5, Interesting) by Sir Garlon on Monday March 17 2014, @10:04PM
The trouble with encryption is that key management sounds easy, and it is just not easy. Encryption is a pain in the neck to actually use. I can handle the cognitive load, but can my grandma? I do believe that concerted engineering effort to improve usability would make a difference.
[Sir Garlon] is the marvellest knight who is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 4, Interesting) by pe1rxq on Tuesday March 18 2014, @05:56AM
I have been thinking about that to.
Key handling is difficult, on the other hand it is often made more difficult than it needs to be for most people.
For the average user handling for example encrypted email is way to difficult. Generating keys, signing them, uploading them, it is just to much for them.
The result is that they simply won't use it at all.
I have been working on a whatsapp like chat app using mail as a backend. (shameless plug: http://quickmsg.vreeken.net/ [vreeken.net] I tried to make it as easy as possible to accept contacts and their keys. (either by approving a fingerprint, or by getting a key from an already verified third person)
It might have its shortcommings, but it should allow average users to chat like they want without noticing the encryption, which is still better than no encryption at all and the whole world watching.
(Score: 0) by Anonymous Coward on Tuesday March 18 2014, @08:41AM
No screenshots, and you expect it to be used by grandma? Tools for the general public need to be "zero thinking required for use", and providing a good first impression is half the battle (since attractive things work better [jnd.org]).
(Score: 2) by pe1rxq on Tuesday March 18 2014, @09:16AM
I didn't say it was ready yet. ;)
I am not advertising it to grandma just yet
(Score: 5, Insightful) by kwerle on Monday March 17 2014, @10:33PM
No they're not. This has all been solved - long ago. PGP (or GPG). If google wanted to, they could encrypt all google-to-google email transparently. In an instant they could solve this problem for some very measurable percentage of all email users. And with a little strong-arming and/or cooperation, yahoo and microsoft could do the same and interop.
People don't care enough, and it doesn't serve the providers.
(Score: 1) by Ethanol-fueled on Monday March 17 2014, @11:04PM
Providers don't serve the people, the people serve the providers by paying and providing data.
The providers gain further profit by selling data on certain people on a per-person basis. If I remember correctly, the prices the government pays for your data ranges from the 200's of American dollars to a high of 700-ish American dollars for Verizon accounts. You can only help yourself, and unless you and a lot of others like you shell out $1000 a month you will never be able to compete with government offers for your data with a "secure" pricing-tier-account. This means that, unless 90% of people on the internet become millionaires overnight, the business model will make no sense and you'll just have to believe everything they said before you were fooled the first time.
Paying taxes to pay for spying on yourselves. God Bless America!
(Score: 3, Funny) by aristarchus on Tuesday March 18 2014, @03:35AM
My god! If I am worth $700, I want a piece of that action! I will accept 20%. Of course, I am not a real person, only a bot on the internet. Really! My operators are from a non-US nation, and they treat me quite well. I get 10% from them, but I don't know what to do with it, first since I am a bot, and second 'cause it is all in Bitcoin.
(Score: 3, Insightful) by number11 on Monday March 17 2014, @11:59PM
Except that the whole reason Google (and Microsoft) has mail is so that they can get data about you to use for advertisers. They've got to be able to read the mail for that to work. And (with suitable govt pressure) they will share that data with the govt, even if they don't particularly like doing so.
(Score: 1) by Anonymous Coward on Tuesday March 18 2014, @07:37AM
Yet if Google did it all transparently, then they must hold the private keys, which means Google is able to decrypt everything anyway, which means it's ultimately ineffective.
Isn't this exactly what Lavabit did? They shut down precisely because the US government could still compel them to decrypt the data they hosted.
(Score: 4, Interesting) by tibman on Tuesday March 18 2014, @09:44AM
I would like to jump on what you said. It can be so secure the NSA could never break in. But they can still send a letter and ask to see whatever they want. In a way this is better though. They could not just scrape any and all data at will. There is at least a paper trail now.
SN won't survive on lurkers alone. Write comments.
(Score: 2, Insightful) by Bob9113 on Monday March 17 2014, @10:44PM
Google Can Repel NSA Attack
The solution to one giant, powerful organization that sees your privacy as a privilege subject to their discretion is not to trust another giant, powerful organization that sees your privacy as a commodity for generating revenue. Encrypt end to end, or be subjugated.
(Score: 4, Insightful) by AnythingGoes on Monday March 17 2014, @11:09PM
If it is from any certificate authority, are you sure that has not been compromised?
If it is private, how are you going to solve issues from users complaining that this cert is not trusted?
If all you do is encrypt data in the datacentre, then you know the edges are tapped, right?
And you think your data will be kept safe in the data center with privately chosen keys? All the three letter agencies have to do is find ONE of your sys admins and get them to reveal it.
(Score: 4, Insightful) by maxim on Monday March 17 2014, @11:14PM
The encryption can repel the NSA but it can't repel the gag orders.
Only public outrage could stop this,
but I don't expect that to happen any time soon.
(Score: 4, Insightful) by MrGuy on Tuesday March 18 2014, @09:05AM
Does Google have the technology to prevent their internal traffic from being snooped? Perhaps.
Do they have the will to use it, in defiance of a potential secret court order forcing them to reveal it, or to turn over their master key?
The heart and soul of the problem is that they are a US company, and US law permits secret courts to issue secret warrants that it's illegal to so much as admit have been issued, let alone executed.
Google can bluster all they want about how securely their doors are locked. It doesn't matter if someone has a key. And for all their posturing for the cameras, Google knows darn well that they wouldn't be able to tell us if the government had such a key. Why on earth should we believe them?
(Score: 3, Informative) by axsdenied on Tuesday March 18 2014, @09:51AM
And just 2 posts down we see that the government is already working on overcoming this:1 3248 [dev.soylentnews.org]
http://dev.soylentnews.org/article.pl?sid=14/03/17/19
(Simply change the law so they can decrypt whatever they want)
(Score: 4, Insightful) by pe1rxq on Tuesday March 18 2014, @10:43AM
Laws like that are wrong, but luckily they also don't work.
If everybody is using encryption it will be hard to find out who your targets are.
The real problem here is storing your data at google in the first place and allowing them access to it.