WASHINGTON – Google is racing to encrypt the torrents of information that flow among its data centers around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments, company officials said Friday.
The move by Google is among the most concrete signs yet that recent revelations about the National Security Agency’s sweeping surveillance efforts have provoked significant backlash in an American technology industry that U.S. government officials long courted as a potential partner in spying programs.
Google’s encryption initiative, initially approved last year, was accelerated in June as the tech giant struggled to guard its reputation as a reliable steward of user information amid controversy about the NSA’s PRISM program, first reported in The Washington Post and the Guardian that month. PRISM obtains data from American technology companies, including Google, under various legal authorities.
Encrypting information flowing among data centers will not make it impossible for intelligence agencies to snoop on individual users of Google services, nor will it have any effect on legal requirements that the company comply with court orders or valid national security requests for data. But company officials and independent security experts said that increasingly widespread use of encryption technology makes mass surveillance more difficult – whether conducted by governments or other sophisticated hackers.
“It’s an arms race,” said Eric Grosse, vice president for security engineering at Google, based in Mountain View, Calif. “We see these government agencies as among the most skilled players in this game.”
Experts say that, aside from the U.S. government, sophisticated government hacking efforts emanate from China, Russia, Britain and Israel.
The NSA seeks to defeat encryption through a variety of means, including by obtaining encryption “keys” to decode communications, by using supercomputers to break codes and by influencing encryption standards to make them more vulnerable to outside attack, according to reports Thursday by The New York Times, the Guardian and ProPublica, based on documents provided by former NSA contractor Edward Snowden.
But those reports made clear that encryption – converting data into what appears to be gibberish when intercepted by outsiders – complicates government surveillance efforts, requiring that resources be devoted to decoding or otherwise defeating the systems. Among the most common tactics, experts say, is to hack into individual computers or other devices used by people targeted for surveillance, making what amounts to an end run around coded communications.
Security experts say the time and energy required to defeat encryption forces surveillance efforts to be targeted more narrowly on the highest-priority targets, such as terrorism suspects, and limits the ability of governments to simply cast a net into the huge rivers of data flowing across the Internet.
The U.S. intelligence community has been reeling since news reports based on Snowden’s documents began revealing remarkable new details about how the government collects, analyzes and disseminates information, including, in some circumstances, the emails, video chats and phone communications of American citizens.
Many of the documents portray U.S. companies as pliant “Corporate Partners” or “Providers” of information. While telecommunications companies have generally declined to comment on their relationships with government surveillance, some have reacted with outrage at the depictions in the NSA documents released by Snowden. They have joined civil liberties groups in demanding more transparency and insisting that information is turned over to the government only when required by law, often in the form of a court order.
In June, Google and Microsoft asked the Foreign Intelligence Surveillance Court to allow them greater latitude in reporting how much information they turn over to the government. On Friday, Yahoo issued its first “government transparency report,” saying it had received 12,444 requests for data from the U.S. government this year, covering the accounts of 40,322 users.
Google has long been more aggressive than its peers in deploying encryption technology. It turned on encryption in its popular Gmail service in 2010, and since then has added similar protections for Google searches for most users.