John Naughton asks 'can Google really keep spies out of our email?' -

John Naughton asks ‘can Google really keep spies out of our email?’

Stan Ward

Stan Ward

June 10, 2014

We wrote yesterday about the Internet giants developing new technologies to thwart the efforts of the spy agencies. Among other things, Google will introduce new encryption protocols including 2048-bit encryption to help accomplish its ends.

In The Observer post in the Guardian, John Naughton reacts and wonders if Google can really keep spies out of our emails. He also opines on why it may have taken so long and questions the company’s commercial ambitions for the delay. Put another way, encryption means less content being able to be read, ergo, less ad revenue. He doesn’t however shed much light on how much impact government snooping played a part in their decision.

Yesterday’s article in highlighted Google’s and other tech leader’s plans to seal cracks in their systems that Edward Snowden disclosed and the NSA exploited. Also highlighted was the end to a compliant posture with regard to handing over data to the spy agencies. Indeed, the era of quiet cooperation seems to be over in that companies are now denying requests to volunteer data not covered by existing law.

Google was already suspicious that its internal traffic could be read and started a program to encrypt the links among its internal data centers. This is something that Facebook and Yahoo had been doing, and along with Google and Microsoft they’ve been moving to more strongly encrypted consumer traffic. The so-called Perfect Forward Secrecy is specifically designed to make it more difficult for the NSA or anyone else to read stored encrypted communications.

In his column, Naughton points out that Google will use public key encryption which has been widely available since 1991 as PGP (Pretty Good Privacy). PGP is deemed to be great but not easy to use for the average person and thus it was loathe to be used. Google’s plan is to make PGP user-friendly by incorporating it with its Chrome browser so that encryption is just a click or two away. Naughton thinks this is a good idea in principle but the proof in the pudding will be to see it in action. Users will have private keys which will have to be remembered like passwords only more difficult.

The aim of the engineering community is to put enough cryptographic obstacles out there to stymy the likes of the NSA and GCHQ. The hope is that mass surveillance will become so difficult and expensive that the agencies can no longer fly beneath the radar, i.e. operate with impunity and without oversight. The writer is dubious about this, however. He underscores past efforts in the UK under the Regulation of Investigatory Powers Act of 2000 in which the home secretary demanded that you surrender your encryption keys or face jail time.

This weakened the advantage of PGP. He’s afraid that governments will just legislate around new technologies again this time around. We join with Naughton in campaigning for better laws- even as we welcome technological advances to curb governments from spying. Google’s motivation behind their efforts is not important. What is paramount is the privacy of individuals in their efforts to communicate freely.