Steps Google Is Taking to Protect User Data From NSA, Cyber-Crime

 
 
By Don Reisinger  |  Posted 2014-06-05 Email Print this article Print
 
 
 
 
 
 
 
 

The National Security Agency's programs aimed at finding and using data from around the Web for intelligence gathering has been the top subject of debate for over a year now, thanks to Edward Snowden's leaks to major news media outlets. Those leaks cover everything from U.S. efforts at foreign spying to trolling corporate servers to gather data whenever intelligence analysts require it. To say that the level of data gathering is enormous would be an understatement. Although many Web IT companies besides Google have spoken out against the NSA's Web surveillance programs, one can argue that Google has been publicly the most active in defending data privacy and has done a number of things to make good on its promise to provide tools to help users protect their own data security. That became apparent again on June 3, when the company announced that it released the source code for a plug-in for its Chrome browser called End-to-End that will encrypt connections between networks. It's just the latest step that Google has taken—with varying degrees of success—to make it at least a little harder for the NSA and cyber-criminals to intercept and read user information. Here are some steps Google has taken.

 
 
 
  • Steps Google Is Taking to Protect User Data From NSA, Cyber-Crime

    by Don Reisinger
    1 - Steps Google Is Taking to Protect User Data From NSA, Cyber-Crime
  • Only Allowing Government Access When Legal

    Whether it's true or not, Google has said time and again that it's not simply allowing open and free access to its user information. The company has said that while it would like to lock down its servers altogether, when it is brought legal requests, such as warrants, it must comply. That Google doesn't allow for anytime access to its data should be commended.
    2 - Only Allowing Government Access When Legal
  • End-to-End Encryption in Chrome

    Google's End-to-End feature is a step in the right direction. Although it's only in its alpha stage right now and not available in the Chrome Store, the extension encrypts a user's data from its point of origin in the browser all the way to its intended destination, at which point it's decrypted. It's unlikely the feature will have widespread use, but for sensitive messages, it'll be a welcome addition to a privacy-seeker's repertoire.
    3 - End-to-End Encryption in Chrome
  • Keeping Pressure on NSA to Reveal More About Data Requests

    Google has been one of the most outspoken critics when it comes to revealing the kind of requests it receives from governments. The company is able to say how many warrants for data it has received and complied with, but in cases where national security is allegedly at risk, it can only provide broad ranges on the number of requests it receives. Its efforts just to get ranges were bolstered by support from Yahoo, Microsoft and others.
    4 - Keeping Pressure on NSA to Reveal More About Data Requests
  • Calling on Competitors to Bolster Email Encryption

    It might be more PR-stunt than anything else, but it's good to see Google call out competitors on encryption. Recently, the company took aim at firms like Microsoft for failing to adequately encrypt their email platforms. Comcast, one of the targets of that criticism, has said that encryption for its email services is coming, but more companies should be doing what Google is doing in the encryption space.
    5 - Calling on Competitors to Bolster Email Encryption
  • Moving Gmail to HTTPS

    Earlier this year, Google announced that its email service Gmail would operate solely over HTTPS connections. What that means is email is no longer sent or received over the standard HTTP protocol, and instead uses the added security of HTTPS. Is it enough to stop the NSA? Of course not, but it's another step in the right direction.
    6 - Moving Gmail to HTTPS
  • Investing in 2,048-Bit Encryption

    Google announced last year that it would upgrade its Secure Sockets Layer encryption to 2,048-bit keys, rather than the 1,024-bit keys it had previously been using. The news went largely unseen by the majority of Google's users, but represented an important change in the company's security protocols. The stronger encryption made it exceedingly difficult to intercept and access data transmitted over the Web. It was a big move that deserves far more attention.
    7 - Investing in 2,048-Bit Encryption
  • The Lawsuit That Brought Some Change

    Google, along with other major Web companies, launched a class-action lawsuit against the U.S. government late last year, attempting to get lawmakers to release more detailed reports on requests for data. Earlier this year, the lawsuit was dropped after the government said that it would release additional information in certain ranges, but not specific data. It was only a partial win, and something that Google hopefully takes up again in the future.
    8 - The Lawsuit That Brought Some Change
  • Embracing the Open-Source Movement

    Whether it's Chrome or Android or the latest End-to-End extension, Google has done a solid job at improving its open-source cred. By going open source with its many platforms, Google has improved its own transparency and enhanced chances of finding and closing gaps in security (more on that in a bit).
    9 - Embracing the Open-Source Movement
  • Taking the Lead on Web Security

    Google has been one of the more outspoken critics of Web security. The company has panned other browser makers for not enhancing security and privacy features quickly enough, and has taken the lead on Web encryption to limit chances of sensitive data being stolen. Is Google perfect? Of course not, but the company has focused heavily on Web security, and it deserves some credit for that.
    10 - Taking the Lead on Web Security
  • Relying On the Community

    One of Google's most important programs for maintaining data security is the open-source developer community. Google offers a Vulnerability Reward Program that lets the open-source community dig into its code and find holes and potential areas for exploitation. It then pays users when they discover those issues. It's a great move and something that has closed holes exploited by all kinds of hackers—presumably including some of those in the government.
    11 - Relying On the Community
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel