Steps Google Is Taking to Protect User Data From NSA, Cyber-Crime

by Don Reisinger

Whether it’s true or not, Google has said time and again that it’s not simply allowing open and free access to its user information. The company has said that while it would like to lock down its servers altogether, when it is brought legal requests, such as warrants, it must comply. That Google doesn’t allow for anytime access to its data should be commended.

Google’s End-to-End feature is a step in the right direction. Although it’s only in its alpha stage right now and not available in the Chrome Store, the extension encrypts a user’s data from its point of origin in the browser all the way to its intended destination, at which point it’s decrypted. It’s unlikely the feature will have widespread use, but for sensitive messages, it’ll be a welcome addition to a privacy-seeker’s repertoire.

Google has been one of the most outspoken critics when it comes to revealing the kind of requests it receives from governments. The company is able to say how many warrants for data it has received and complied with, but in cases where national security is allegedly at risk, it can only provide broad ranges on the number of requests it receives. Its efforts just to get ranges were bolstered by support from Yahoo, Microsoft and others.

It might be more PR-stunt than anything else, but it’s good to see Google call out competitors on encryption. Recently, the company took aim at firms like Microsoft for failing to adequately encrypt their email platforms. Comcast, one of the targets of that criticism, has said that encryption for its email services is coming, but more companies should be doing what Google is doing in the encryption space.

Earlier this year, Google announced that its email service Gmail would operate solely over HTTPS connections. What that means is email is no longer sent or received over the standard HTTP protocol, and instead uses the added security of HTTPS. Is it enough to stop the NSA? Of course not, but it’s another step in the right direction.

Google announced last year that it would upgrade its Secure Sockets Layer encryption to 2,048-bit keys, rather than the 1,024-bit keys it had previously been using. The news went largely unseen by the majority of Google’s users, but represented an important change in the company’s security protocols. The stronger encryption made it exceedingly difficult to intercept and access data transmitted over the Web. It was a big move that deserves far more attention.

Google, along with other major Web companies, launched a class-action lawsuit against the U.S. government late last year, attempting to get lawmakers to release more detailed reports on requests for data. Earlier this year, the lawsuit was dropped after the government said that it would release additional information in certain ranges, but not specific data. It was only a partial win, and something that Google hopefully takes up again in the future.

Whether it’s Chrome or Android or the latest End-to-End extension, Google has done a solid job at improving its open-source cred. By going open source with its many platforms, Google has improved its own transparency and enhanced chances of finding and closing gaps in security (more on that in a bit).

Google has been one of the more outspoken critics of Web security. The company has panned other browser makers for not enhancing security and privacy features quickly enough, and has taken the lead on Web encryption to limit chances of sensitive data being stolen. Is Google perfect? Of course not, but the company has focused heavily on Web security, and it deserves some credit for that.

One of Google’s most important programs for maintaining data security is the open-source developer community. Google offers a Vulnerability Reward Program that lets the open-source community dig into its code and find holes and potential areas for exploitation. It then pays users when they discover those issues. It’s a great move and something that has closed holes exploited by all kinds of hackers—presumably including some of those in the government.