August 16, 2013
Google To Auto-Encrypt Users’ Cloud Data For Free
Michael Harper for redOrbit.com - Your Universe Online
Google has improved their cloud storage security by automatically encrypting all data stored there by customers for free. Now, any new data pushed to Cloud Storage will be encrypted as it’s being uploaded and before it’s written to a physical drive. Google will hold the cryptographic keys by default and notes all files can be encrypted before they’re sent to the cloud, thereby giving users access to their own keys.
Any existing data already in the cloud will be encrypted in the same way in the coming months, according to Dave Barth, Google product manager. He also promises regular users won’t notice any difference when using the service. The tech world is still abuzz over the unfolding story of the NSA and its surveillance programs. Tech companies like Google, Apple, Facebook and Microsoft are all taking part in the programs, although the extent to which they’re aiding the NSA remains unknown.
“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” explains Barth in a Cloud Platform Blog.
“We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”
When a user wants to access this data, their login and password will act as keys and decrypt the files before viewing. When the user logs out of their account, the files are locked again.
Discussing the specifics, Barth says each file and its associated metadata in Cloud Storage is encrypted with its own unique key under the 128-bit Advanced Encryption Standard, or AES-128. Another key is used to access each file; this key is also encrypted and protected with the owner’s password. Going further, each of these keys are themselves encrypted by a set of master keys which are regularly rotated to avoid being cracked by hackers.
Users wanting even more protection in Google’s cloud can encrypt the files themselves before uploading. This means even if a hacker manages to crack each of Google’s keys, they will still have to crack the key used to encrypt the files before they were uploaded.
This may be an attractive option to those spooked by Google and others’ participation in the NSAs surveillance programs. Programs such as Prism and Xkeyscore allow the government to work with tech companies to obtain information about their users. Though the NSA claims this information is only used in the name of national security and only accessed when they perceive a threat, these parameters have yet to be concretely defined.
For their part, the companies are allowed to give their users only a vague idea of how many times the government has asked for this information. But even this didn’t come without a fight.
When CNet asked how Google will handle all this newly encrypted data when the feds comes asking for it, the search company simply replied "in accordance with the law.".
"We don't provide our encryption keys to any government. We believe we're an industry leader in providing strong encryption, along with other security safeguards and tools."