Google CEO Says User Data Safe From NSA

Brandon Dimmel's picture

Google's chief executive officer is promising Google users that their data is safe from the prying eyes of National Security Agency (NSA) officials. Eric Schmidt made that claim before a large audience at the South by Southwest Interactive conference, which is being held in Austin, Texas.

When asked how he felt after it was revealed that the NSA had worked with Britain's top surveillance agency, the GCHQ (Government Communications Headquarters) to infiltrate Google's data centers, Schmidt admitted that he was shocked.

"The very fact that they did this was very suspicious to us," Schmidt said.

Google: 2,048-bit Encryption Key to Protecting Data

When asked what other companies should do to protect their data from the government, Schmidt said the key was "to encrypt data more."

Schmidt went on to say that his company has made significant strides towards protecting its users' data from the National Security Agency. "The solution to this is to encrypt data at multiple points of source," Schmidt said. (Source: techhive.com)

"We now use 2048-bit encryption. We switch the [encryption] keys at every session. We're pretty sure that any information that's inside of Google is safe from the government's prying eyes, including the U.S. government's."

Cracking Google's 2,048-bit Key Highly Unlikely

Until recently, Google used 1,024-bit encryption.

Many security experts consider 2,048-bit encryption an important step forward, especially for companies like Google. It represents twice the level of protection offered in the past, though the time to 'crack' such a key would take considerably longer (it would not simply scale on a factor of '2').

Mathematically speaking, a 2,048-bit encryption key is equivalent to a 617-digit number, though the key itself would consist of a series of upper and lower case letters and numbers, all sequenced together. According to digitcert.com, "2048-bit keys are 2^32 (2 to the power of 32) times harder to break ... than 1024-bit keys." Cracking a 2048-bit certificate would take an estimated 2.2 GHz standard desktop computer "4,294,967,296 x 1.5 million years ... Or, in other words, a little over 6.4 quadrillion years [to compute]." (Source: digicert.com)

Of course, it's still possible to speed up processing time using a 50,000 core super computer, such as those offered by Amazon's Elastic Compute Cloud ("EC2"). That said, the computing time required would still be astronomical (not to mention extremely costly), and that's besides the fact that Google changes their encryption keys every session.

So in other words, it's not likely going to happen any time soon.

Government, Corporate Leaks a Concern

Although he's clearly leery of government surveillance and admits that Google is generally supportive of an open and free Internet, Schmidt says he also has his concerns about those people, like Edward Snowden, who leak sensitive corporate and government information to the public.

"I don't think we want random people leaking large amounts of data," Schmidt said. "I don't think that serves society." (Source: techhive.com)

What's Your Opinion?

Do you feel comfortable knowing your information is protected by Google's powerful 2,048-bit encryption? Or do you think there are other ways that the NSA could easily pry through and circumvent such defenses? What's your position on those who leak corporate or government information (such as Edward Snowden)? Do you agree with Google CEO Eric Schmidt that people like Snowden are a threat to society?

Rate this article: 
Average: 4.3 (4 votes)

Comments

DavidFB's picture

Sorry - but that explanation is lame. 2048 is not twice the protection of 1024. You go on to explain that but it's not exactly transparent. Further, Google is describing internal encryption. You didn't cover the connection to Google services (often the weakest point) nor mention the security of the PC itself. Security is only effective as a whole.

His comment about "random people" is ironic given that this leaking is what caused them to address security in the first place. I can also note that its companies like this retaining large amounts of personal data that are part of the problem and why they get targeted in the first place.

If they don't fix those disrespectful habits, there will just evolve a new form of the problem.

petershaw's picture

I'm afraid I can only read DavidFB's comments as those of someone who feels the need to criticise Google regardless.

It is made clear in the article that the efforts Google are making for encryption are to secure the data in their possession. To criticise them for not mentioning the security of the PC or connection to their services is pointless. The security of your PC is your responsibility. I would imagine you to be the first to criticise Google if they insisted you install a piece of software to encrypt your data to and from them.

If as you insist "security is only effective as a whole" then we all might as well stop any efforts to secure our data and hardware because the that goal is not attainable. You don't encase your house entirely in concrete to secure it against burglars, you take reasonable and sensible precautions to minimise break-ins.

In a similar vein you are suggesting that Google holding personal data is the cause of the problem. This is like suggesting that it is not the burglar's fault that he broke in to your house, it your fault for having possessions.

Google has no personal data of mine that I did not place into the public domain voluntarily. If you don't want them, or anyone else, to have the data, don't give it.

I respect Google's efforts to assure me that they are holding and protecting their data as best they can. Your point that 2048 is not twice the protection of 1024 is slightly childish. It is a hell of a lot more protection - that is the indisputable point.

Even if they do fix the habits you seem to find disrespectable I can assure you a level of risk will still remain. That is the nature of crime. Despite all best efforts bank robberies still occur.

It is time to stop whinging at a company's good efforts to help you and nit-picking for the sake of it. Google has never received any money from me yet I enjoy some amazing facilities provided by them for free. This extra step they have taken can only serve to increase my respect for them.

tmcd's picture

It is hardly Google's, or anyone but your own, responsibility for the security of your own computer or network.

Commenter's picture

Google works hard to collect and store the information that it gathers. If the US government wants information about you, it will have to buy the information from Google just like everybody else.