November 19, 2013
Yahoo Will Encrypt Data Between Data Centers
Peter Suciu for redOrbit.com - Your Universe Online
Yahoo! Inc. on Monday announced that it will encrypt all information that flows between its data centers by Q1 of 2014 as part of an effort to beef up security following recent revelations that the National Security Agency (NSA) had tapped into the data centers. The media company announced that it will roll out heavy, 2048-bit key encryption across all of its products, including Yahoo’s data center communications between servers.
Yahoo’s rival Google had already increased encryption following revelations that the NSA had been gathering data. Google had begun encrypting the flow of data between its data centers following the exposure of the joint NSA-GCHQ program known as MUSCULAR, a program that targeted both search businesses.
This program was exposed by The Washington Post via documents obtained by Edward Snowden.
As a result a 2048-bit key SSL encryption will be in place on Yahoo Mail by January 8, 2014, while the rest of the company’s data will be encrypted by the end of Q1.
“As you know, there have been a number of reports over the last six months about the U.S. government secretly accessing user data without the knowledge of tech companies, including Yahoo,” said Yahoo CEO Marissa Mayer to TechCrunch. “I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever.”
The revelations of MUSCULAR followed the PRISM scandal in June, which revealed that the NSA had worked directly with Google and Yahoo, as well as other companies including Microsoft to collect user data. Both Yahoo and Google have maintained that they have not otherwise given NSA direct access to their respective servers, but according to reports its seems that the NSA had in essence gained near-direct access.
This likely isn’t the last of it either.
“I don’t think so, not unless we saw Congress take some steps to reign in the agency,” Fred H. Cate, director of the Center for Applied Cybersecurity Research at Indiana University told redOrbit. “There is no private mode of communication and we’re not going to have a secure mode either.”
However he added, “This is less of a privacy issue and more of a government authority issue, as we’re seeing agencies that are acting without regard to the law.”
One Google engineer apparently agreed.
“I’ve spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces,” Brandon Downey, Google engineer, posted on his personal Google+ page. “I’ve seen armies of machines DOS-ing Google. I’ve seen worms DOS’ing Google to find vulnerabilities in other people’s software. I’ve seen criminal gangs figure out malware. I’ve seen spyware masquerading as toolbars so thick it breaks computers because it interferes with the other spyware.”
“I’ve even seen oppressive governments use state sponsored hacking to target dissidents,” Downey added. “But even though we suspected this was happening, it still makes me terribly sad. It makes me sad because I believe in America.”