For a company that keeps millions of users' personal emails and data under lock and key, Google found itself in a bad place earlier this year -- on a list of "providers" that reportedly gave the NSA direct access to their central servers. The company immediately took steps to calm consumers, assuring its user base that it didn't create a federal "back door," and demanding more transparency from government agencies. Now, the Mountain View search giant has told The Washington Post that it's accelerating its encryption initiative, which will hopefully offer users another layer of comforting protection.
"It's an arms race," Google VP of security engineering Eric Grosse told the paper. "We see these government agencies as among the most skilled players in this game." That is to say, protecting user data isn't easy -- intelligence firms and skilled hackers can eventually find their way around even the most sophisticated encryption, but building these kinds of walls has become a necessity in a post-PRISM world. The move is designed to protect Google users against unauthorized snooping, but Mountain View will still have to comply with court orders and official requests. Still, who are we to argue with a more defensible inbox?
Currently, e-mail sent from one Gmail account to another is encrypted while in transit using Transport Layer Security (TLS). This Google initiative would also encrypt other forms of data sent between Google data centers such as Google Drive contents.
Google representatives would not provide much information on the details of the encryption efforts, including how much it is costing the company to pursue this level of encryption, how many data centers are involved, or what kind of encryption is being used. The company did tell the Post that it will be using "end to end" encryption for the project, which means that the servers storing the data and the data-in-transit will be protected by "very strong" encryption.
The revelation comes as Google and Microsoft are expected to jointly sue the government on Monday, the latest in a series of moves that indicate some tech companies are not quietly acquiescing to government demands for access to user data.
