July 19, 2013 weblog
Google reportedly working on encrypting user files on Google Drive
CNET, the online tech magazine has apparently found two sources inside of Google who are claiming that the company is embarking on a plan to encrypt user data on Google Drive. Doing so would mean that the U.S. government (read the NSA) could not legally force Google to give up the files if requested.
According to the sources, Google is taking this tact in response to information provided to the public by the now famous Edward Snowden (who is still hiding in Russia). Specifically, it was revealed that the NSA has a program called PRISM that uses software to collect data off corporate servers that hold client data as required by the Foreign Intelligence Surveillance Act. Noting a loophole in that act which says such data need only be provided if it's not encrypted, Google is apparently considering encrypting every user file on Google Drive in a way that prevents it from being opened by anyone other than the client—which includes Google too. Thus, if the NSA or other government agency (local, state or federal) submits a legal request for data on Google Drive, not only will Google not be legally bound to provide access to the files, but they wouldn't be able to open them themselves anyway—only the user will hold the key.
Currently, files saved onto Google Drive are encrypted while being transferred. While residing on the servers, they are not encrypted and easily read by anyone who gains access to them. Encrypting files on servers would cost Google more, but in this case, it appears the company is willing to eat that cost in hopes of gaining the confidence of users.
Users do have other options—they can encrypt files themselves if they wish before storing on a cloud server. Microsoft Word has a facility for doing just that. But history has shown that users are either unwilling or uneducated on how to encrypt files. Generally it means buying or downloading free software, configuring it, and then using it when desired. Another option is to avoid Google Drive and other big name cloud servers altogether and go with one of the smaller companies that already offer encryption as one of their services.
For its part, Google has remained mum on the whole topic, which means customers won't know for sure if the company is serious about offering encryption until it actually happens.
© 2013 Phys.org