[Zigurd]

>Encrypting information flowing among data centers will not make it impossible for intelligence agencies to snoop on individual users of Google services, nor will it have any effect on legal requirements that the company comply with court orders or valid national security requests for data.

How does this do anything about pervasive NSA spying? The NSA has broken SSL and VPNs by corrupting the CAs and the VPN vendors.

What would really help is for Google to create a zero-knowledge tier of service and to charge users for using it to replace their ad revenue.

[nl]

How does this do anything about pervasive NSA spying?

Google clearly suspects the NSA is installing devices on the leased lines they use for inter-datacenter communications.

Properly implemented, this will stop that.

The NSA has broken SSL and VPNs by corrupting the CAs and the VPN vendors.

I suspect Google won't use a commercial VPN implementation. Corrupted CAs can be bypassed by using self-signed certificates, which will be fine for communication within the same company.

[hannibal5]

Google don't have suspect anymore. The first documents Snowden published show that they are doing this.

PRISM program is for collecting intelligence within and with companies that have joined the program (including Google). Upstream is program is for collecting data directly from fiber. Analysts are free to use both.

[zmmmmm]

I would assume Google is big enough and smart enough to competently vet and deploy trusted encryption techniques.

[chris_mahan]

Against the NSA? The same NSA we ask to intercept Russian, Chinese, Japanese, German, and Iranian encrypted Internet traffic? (To name a few. I'm sure the French are in there too.) Russia and China, I am sure, have enough smart people working on their cyber defenses that the NSA would have to be very, very, very good to penetrate those defenses. And if indeed they are, then do you think Google stands a chance?

[ilyanep]

Do we think that Google (which boasts among current and former employees: Joshua Bloch, Guido van Rossum, Sebastian Thrun, Luis von Ahn, and that's just off the top of my head) might have some superstar cryptologists in there with equal or greater talent than people working for the Russian government? Why would that be so unbelievable?

[packetslave]

I'd add folks like Adam Langley, Damien Miller, and Michal Zalewski to that list.

[saalweachter]

Don't forget Vint Cerf.

[thrownaway2424]

You think Google is just running all their datacenter traffic through a Sonicwall or something? Think about it.

[Zigurd]

Read up on the Crypto AG exploit. How many foreign governments still use Crypto AG gear for diplomatic communications?

Yes, they should be a lot more security conscious. But you might surprised how many trusted commercial vendors.

[brown9-2]

How is ssl broken when many different ciphers can be used?

[saalweachter]

Bruce Schneier recently suggested that encryption-the-math wasn't broken so much as encryption-the-implementation. The math is pure, abstract, and pristine, but the implementation is not. Hacks, lies, and backdoors. He strongly hinted not to trust anything you can't see the source for.

[jedbrown]

Do you suppose that a government team "responsible for identifying, recruiting and running covert agents in the global telecommunications industry" might be able to steal a private key from one of Google's many data centers? Without forward secrecy, the theft need not even go undetected for it to be useful for decrypting all the data that has been storing.

Or perhaps the Bullrun project had something to do with Bull Mountain, Intel's random number instruction (RDRAND), which was used by the Linux kernel for a while as a primary source of entropy (causing Matt Mackall to resign as maintainer of /dev/random, later reverted by Ted Ts'o). If RDRAND is indeed compromised, then keys generated on a machine that trusted RDRAND would have very low effective entropy for anyone knowing the secret. How confident are you that proprietary systems do not trust RDRAND or have other backdoors that could compromise their available entropy? (That could be an interesting reverse-engineering project.)

Whether or not there is any truth to either of these scenarios, I think they can no longer be considered conspiracy theory paranoia, and indeed have entered the realm of downright plausible.

https://www.eff.org/deeplinks/2013/08/one-key-rule-them-all-... https://news.ycombinator.com/item?id=6336505 http://thread.gmane.org/gmane.linux.kernel/1173350/focus=117...