Google has just done something that’s going to annoy the US and UK governments Business Insider Alastair Stevenson, Business Insider Jul. 29, 2015, 11:15 AM 2
UK Prime Minister David Cameron is not going to like this.
Google has rolled out a security service for its business customers that could put a serious downer on the UK government’s plans to increase law enforcement’s surveillance powers.
The service was revealed by Google product manager Leonard Law in a blog post and is currently in beta form.
It will let businesses running the company's Google Compute Engine create their own encryption keys.
Encryption is a security technology that scrambles digital information using specialist mathematics.
It makes it so only people in possession of a specific unlock key or password can read the encrypted information.
Google’s move may not sound like a big deal to people outside the technology community, but the implications for the move are pretty massive.
What the Google Compute Engine is
Google’s Compute Engine is the basis of the company's cloud computing platform.
Cloud computing is a special type of technology that uses a network of remote servers hosted on the internet to run computer processes traditionally done on a device’s internal hardware.
In theory, this means cloud computing customers can get high-powered computer performance, or run complex tasks beyond normal hardware’s capabilities without having to buy lots of equipment.
As well as Google, which uses the tech to power many of its own services, such as YouTube, numerous big-name companies including Coca Cola, Best Buy, Rovio, Avaya and Ocado also use the Compute Engine.
How it links to government surveillance
The widespread use of Google’s cloud tech means it handles vast amounts of user data. Data running through the platform can include things like customer records, account information and, at times, the user's geographic location.
PRISM documents leaked by Edward Snowden in 2013 revealed intelligence agencies, such as the NSA and GCHQ, have been siphoning vast amounts of web user information from Google's cloud platform – as well as many other cloud service providers.
The move makes sense, as the Compute Engine’s large customer base lets the agencies collect data from multiple companies and services from one central source.
A game of cat and mouse
Google already encrypts services running through its Compute Engine by default. This partially protects customers as it means agencies like the NSA or GCHQ cannot read the data without knowing which encryption key was used.
However, the tactic is not foolproof, as the NSA and GCHQ can use legal requests, such as letters sent under the US Foreign Intelligence Surveillance Act (FISA), to force Google to unlock or hand over unencrypted copies of the data.
This issue was set to get even worse in the UK and US as both governments have hinted at plans to make it easier for law enforcement and intelligence agencies.
Law enforcement agencies within the US have been lobbying for the US government to control business use of encryption since the PRISM leaks emerged. FBI director of counter-terrorism Michael Steinbach warned lawmakers that strong encryption technology allows terrorists "a free zone by which to recruit, radicalize, plot and plan," in June.
UK prime minister David Cameron has hinted at plans to hamper the use of encryption. Cameron told Parliament he wants to "ensure that terrorists do not have a safe space in which to communicate," on June 6.
How companies having their own keys will hamper surveillance
Experts within the security community have argued that Google’s move will cause problems for the UK government’s plans.
FireEye global technical lead Simon Mullis explained to Business Insider this is because it will make it so Google won’t be able to decrypt the data, even if ordered to.
“Essentially the access to, ownership and management of the keys used to encrypt all data within Google Cloud is now handled by the end-customer," he said.
"[This will] make it harder for any external agencies such as law enforcement or intelligence services to gain access to the decrypted data as there are fewer parties [people able to unlock the data] involved.”
As a result, if law enforcement wanted access to the encrypted Compute Engine data, they would have to mount individual requests to each customer, a practice that would slow their surveillance operations.
Business Insider has reached out to the UK Prime Minister's press team for comment on how custom encryption keys will impact Cameron's plans.
Google is one of many technology companies working to fight the UK and US government’s surveillance plans. A group of 140 companies, including Google, Microsoft, Apple and Facebook, sent an open letter to President Obama in May urging him to reject the encryption proposals, fearing they would damage the US economy. Apple CEO Tim Cook claimed law enforcement’s hostility towards encryption is dangerous in June.
SOURCE http://www.techinsider.io/google-has-offered-compute-engine-customers-advanced-encryption-powers-2015-7 --------------------- COMMENT
'Terrorists' is the big stick / leverage go-to for governments to demand access.
If I were a company, I would prefer complete control of my own data. Relying on cloud computing doesn't appeal, even though it may be cheaper. And why would you trust any company that can unencrypt your data? But I guess the advantage might be in passing the buck. As in, if data is compromised, you can maybe blame it on the third party cloud host & they get lumped with compensation payouts?
This is a good companion article regarding encryption offerings:
The Red Herring of Digital Backdoors and Key Escrow EncryptionBill Blunden EXTRACTS By concentrating on key escrow the CEOs of Silicon Valley are able to conjure up the perception of an adversarial relationship with federal agencies. This is absolutely crucial because tech companies need to face the public wearing a white hat. In the aftermath of the PRISM scandal, where C-suite types were caught colluding with the government on a first-name basis, American executives are frantically trying to convince people on behalf of quarterly revenue that they’re siding with consumers against spying. An interesting but fundamentally flawed narrative, given how much economic espionage the government conducts and how much spying corporate America does. Who do you think benefits from this sort of mass surveillance? I really like this guy's articles. |
TOKYO MASTER BANNER
MINISTRY OF TOKYO
|
Showing posts with label GCHQ. Show all posts
Showing posts with label GCHQ. Show all posts
July 31, 2015
Google Compute Engine - Cloud Computing & Customer Held Encryption Keys / Red Herrings
July 24, 2015
Britain - Illegal MI5, MI6 & GCHQ Spying on Parliamentarians
SOURCE Prison staff have recorded 3,150 prisoner calls to MPs and downloaded 280 for playback since 2006.
|
April 21, 2015
Australia Appoints Former GCHQ Director to Cybersecurity Review Panel
Former British radio spy joins cyber security review
Ø
update the Government’s
cyber security priorities;
Ø
provide a view on the
cyber threats and risks Australia faces;
Ø
clarify the Government’s
role in cyber security for Australia, including how this contributes to the
protection of critical infrastructure;
Ø
describe how Government
and industry can best team up to defend ourselves jointly from those who want
to harm us in cyber space;
Ø
outline an improved
approach on Australia’s engagement with international cyber security forums, to
further Australia’s interests and cement our leadership on cyber security; and
Ø recommend practical initiatives to improve Australia’s
cyber security, for Government consideration.
http://www.themandarin.com.au/30763-former-british-spy-appointed-cyber-security-review-panel/?pgnc=1 LOOK-UPS Australian Strategic Policy Institute PANEL
Cisco stated that it does not work with the US govt. https://www.certificationkits.com/cisco-asa-5500-series-compromised-by-nsa/
Getting a bit late for me. Might have to come back to this tomorrow to read the 'NSA ANT Division Catalogue of Exploits ...' article.
[ Rushed. No time to adjust formatting ]
|
April 07, 2015
UK - Privacy International - Surveillance Industry - Surveillance General
Meet the privacy activists who spy on the surveillance industry http://fusion.net/story/112390/unveiling-secrets-of-the-international-surveillance-trade-one-fake-company-at-a-time/ LONDON– On the second floor of a narrow brick building [...] Highlights are for me. Link to source article for an easier read. Prior advocacy work: More investigations coming:
Egypt, Tunisia & Bahrain - used European surveillance technology (crackdown protesters). Expansive surveillance set down by:
|
Labels:
Chicago PD,
Cybersecurity,
Edward Snowden,
European Commission,
Five Eyes,
GCHQ,
Intelligence,
NSA,
Privacy,
Privacy International,
Software,
Stingrays,
Surveillance
September 21, 2014
Al-Manar: WikiLeaks Founder Assange: Google Working for NSA
ASSANGE
WikiLeaks Founder Assange: Google Working for NSA Local Editor Julian Assange WikiLeaks founder Julian Assange made an alarming claim that internet search engine Google is working like an intelligence agency, collecting, storing and indexing the data of its users. |
For information on PRISM program, a link to the Wikipedia - here.
Briefly from Wikipedia:
PRISM is a clandestine mass electronic surveillance data mining program launched in 2007 by the National Security Agency (NSA), with participation from an unknown date by the British equivalent agency, GCHQ.... The Prism program collects stored Internet communications based on demands made to Internet companies such as Google Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms.
Agencies:Systems:
PRISM
ECHELON
Carnivore
DISHFIRE
STONEGHOST
Frenchelon
ASD (Australian Signals Directorate)
BND (German)
CSIS (Canadian) (Security Intelligence Service)
CSEC (Canadian) (Communications Security Establishment)
DGSE (French)
(Direction Generale de la Securite Exterieure/
GCHQ (British)General Directorate for External Security)
GCSB (NZ) (Government Communications Security Bureau)
NGIA (US) (National Geospatial-Intelligence Agency)
NSA (US) (National Security Agency)
NRO (US) National Reconnaissance Office
[Agencies listed are matched with subsequent look-ups.]
September 20, 2014
UK - Attack on free speech & democracy (Lobbying Act - aka 'Gagging Act') || And GCHQ's John Sawers Interview
UK
GCHQ - Sawers
LOBBYING ACT - aka 'Gagging Act'
>anti-lobbying bill passed Fri. UK govt set 2 silence & criminalise dissent 12 mth prior 2 any major election!! -
COMMENT The way legislation is pushed through -- and the nature of the legislation -- is understandably a concern.
|
September 13, 2014
Privacy International Lodges Legal Challenge To Official Secrecy Surrounding GCHQ Spying
Privacy International Lodges Legal Challenge To Official Secrecy Surrounding GCHQ Spying Although the scale of the surveillance being carried out by the NSA and GCHQ is daunting, digital rights groups are starting to fight back using the various legal options available to them. That's particularly the case for the UK, where activists are trying to penetrate the obsessive secrecy that surrounds GCHQ's spying activities. Back in December, we wrote about three groups bringing an action against GCHQ in the European Court of Human Rights (ECHR), and how Amnesty International is using the UK's Investigatory Powers Tribunal (IPT) to challenge the spying. |
Thought this was interesting.
But it looks like the outcome isn't much to look forward to, if the decision of the court can be ignored.
September 07, 2014
US & GCHQ spy on everyone
|
Only an extract. Link to article for full.
Found this interesting because I didn't know the US spied on Mexico or that the G20 delegates got spied on by GCHQ.
September 05, 2014
Holes in NATO’s Cyber Defense Pledge
The Holes in NATO’s Cyber Defense Pledge by William A. Blunden / September 4th, 2014 [ ...] Folks, it’s anarchy. Until we mobilize and get our political leaders to outlaw covert ops the government and corporate spies show no sign of letting up. In all probability, as things progress the whole clandestine scene is just going to get worse. This past April Obama openly bragged to China’s leadership that the U.S would be devoting $26 billion to the Pentagon’s cyber trough and expanding the U.S. force to 6,000 so-called “cyberwarriors”.15 Guess where all of that funding goes to? The moral of the story is this: when high-level Pentagon types and think tank pundits start yammering about cyberattacks from Russia or China keep in mind that our security services are neck deep in deception ops directed against their alleged allies. History shows that the American Deep State is constantly in search of new enemies, even if it has to fabricate them,16 and our corporate rulers have no scruples about launching attacks that kill untold thousands of innocent people so that they can boost quarterly profits. [... EXTRACT - FULL @ SOURCE ]
|
This article is a wealth of information. Everyone gets a mention:
Tor, Ntrepid, WikiLeaks, TAO, GCHQ
Check it out.
Subscribe to:
Posts (Atom)