Google’s encryption initiative, initially approved last year, was accelerated in June as the tech giant struggled to guard its reputation as a reliable steward of user information amid controversy about the NSA’s PRISM program, first reported in The Washington Post and the Guardian that month. PRISM obtains data from American technology companies, including Google, under various legal authorities.
Encrypting information flowing among data centers will not make it impossible for intelligence agencies to snoop on individual users of Google services, nor will it have any effect on legal requirements that the company comply with court orders or valid national security requests for data. But company officials and independent security experts said that increasingly widespread use of encryption technology makes mass surveillance more difficult — whether conducted by governments or other sophisticated hackers.
“It’s an arms race,” said Eric Grosse, vice president for security engineering at Google, based in Mountain View, Calif. “We see these government agencies as among the most skilled players in this game.”
Experts say that, aside from the U.S. government, sophisticated government hacking efforts emanate from China, Russia, Britain and Israel.
The NSA seeks to defeat encryption through a variety of means, including by obtaining encryption “keys” to decode communications, by using super-computers to break codes, and by influencing encryption standards to make them more vulnerable to outside attack, according to reports Thursday by the New York Times, the Guardian and ProPublica, based on documents provided by former NSA contractor Edward Snowden.
But those reports made clear that encryption — essentially converting data into what appears to be gibberish when intercepted by outsiders — complicates government surveillance efforts, requiring that resources be devoted to decoding or otherwise defeating the systems. Among the most common tactics, experts say, is to hack into individual computers or other devices used by people targeted for surveillance, making what amounts to an end run around coded communications.
Security experts say the time and energy required to defeat encryption forces surveillance efforts to be targeted more narrowly on the highest-priority targets — such as terrorism suspects — and limits the ability of governments to simply cast a net into the huge rivers of data flowing across the Internet.
“If the NSA wants to get into your system, they are going to get in . . . . Most of the people in my community are realistic about that,” said Christopher Soghoian, a computer security expert at the American Civil Liberties Union. “This is all about making dragnet surveillance impossible.”