X

Google accelerates encryption project

The search giant steps up the pace on an encryption plan to protect information in transit between its data centers.

SETH_ROSENBLATT-1396.jpg
SETH_ROSENBLATT-1396.jpg
Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
See full bio
Seth Rosenblatt
2 min read

Google has kicked into high gear a plan to encrypt data sent between its data centers, in the wake of the National Security Agency spying scandal.

The "http:="" www.washingtonpost.com="" business="" technology="" google-encrypts-data-amid-backlash-against-nsa-spying="" 09="" 06="" 9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html"="">Washington Post reports that Google's plan was devised last year, but was put on the front burner to help safeguard the company's reputation in the wake of the surveillance documents leaked by former NSA tech worker Edward Snowden.

"It's an arms race," Eric Grosse, Google's vice president for security engineering, told the Post. "We see these government agencies as among the most skilled players in this game."

The report follows another Google plan to .

The difference between encrypting information on servers and in transit, and unencrypted information, is similar to the difference between locking your front door at night versus leaving it wide open. It won't stop an aggressive thief from breaking in, but it will deter many and make it harder for all but the best thieves.

A report Thursday said that the government is seeking the .

The government has "an incredible lock pick set," privacy and security researcher Ashkan Soltani said in a conversation about government encryption access, but not specifically about Google's initiative.

"But," he cautioned, "the government does not have access to all encryption. It's not a backdoor to all communication."

Google's plan will not change its legal requirements to comply with National Security Letters and other legal mechanisms that require the company to turn over data at the government's request, but it has apparently accelerated its plan so that it will be completed "soon," "months ahead of schedule."

Currently, e-mail sent from one Gmail account to another is encrypted while in transit using Transport Layer Security (TLS). This Google initiative would also encrypt other forms of data sent between Google data centers such as Google Drive contents.

Google representatives would not provide much information on the details of the encryption efforts, including how much it is costing the company to pursue this level of encryption, how many data centers are involved, or what kind of encryption is being used. The company did tell the Post that it will be using "end to end" encryption for the project, which means that the servers storing the data and the data-in-transit will be protected by "very strong" encryption.

The revelation comes as on Monday, the latest in a series of moves that indicate some tech companies are for access to user data.

Also on Friday, Yahoo issued its first on government requests for access to user data.