Many of the documents portray U.S. companies as pliant “Corporate Partners” or “Providers” of information. While telecommunications companies have generally declined to comment on their relationships with government surveillance, some technology companies have reacted with outrage at the depictions in the NSA documents released by Snowden. They have joined civil liberties groups in demanding more transparency and insisting that information is turned over to the government only when required by law, often in the form of a court order.
In June, Google and Microsoft asked the Foreign Intelligence Surveillance Court to allow them greater latitude in reporting how much information they must turn over to the government. On Friday, Yahoo issued its first “government transparency report,” saying it had received 12,444 requests for data from the U.S. government this year, covering the accounts of 40,322 users.
Google has long been more aggressive than its peers within the U.S. technology industry in deploying encryption technology. It turned on encryption in its popular Gmail service in 2010, and since then has added similar protections for Google searches for most users.
Yet even as it encrypted much of the data flowing between Google and its users, the information traveling between its data centers offered rare points of vulnerability to potential intruders, especially government surveillance agencies, security officials said. User information — including copies of e-mails, search queries, videos and Web browsing history — typically is stored in several data centers that transmit information to each other on high-speed fiber-optic lines.
Several other companies, including Microsoft, Apple and Facebook, increasingly have begun using encryption for some of their services, though the quality varies by company. Communications between services — when an e-mail, for example, is sent from a user of Gmail to a user of Microsoft’s Outlook mail — are not generally encrypted, appearing to surveillance systems as what experts call “clear text.”
Google officials declined to provide details on the cost of its new encryption efforts, the numbers of data centers involved, or the exact technology used. Officials did say that it will be what experts call “end-to-end,” meaning that both the servers in the data centers and the information on the fiber-optic lines connecting them will be encrypted using “very strong” technology. The project is expected to be completed soon, months ahead of the original schedule.
Grosse echoed comments from other Google officials, saying that the company resists government surveillance and has never weakened its encryption systems to make snooping easier — as some companies reportedly have, according to the Snowden documents detailed by the Times and the Guardian on Thursday.
“This is a just a point of personal honor,” Grosse said. “It will not happen here.”
Security experts said news reports detailing the extent of NSA efforts to defeat encryption were startling. It was widely presumed that the agency was working to gain access to protected information, but the efforts were far more extensive than understood and reportedly contributed to the creation of vulnerabilities that other hackers, including foreign governments, could exploit.
Matthew Green, a Johns Hopkins cryptography expert, applauded Google’s move to harden its defenses against government surveillance, but said recent revelations make clear the many weaknesses of commonly used encryption technology, much of which dates back to the 1990s or earlier. He called for renewed efforts among companies and independent researchers to update systems — the hardware, the software and the algorithms.
“The idea that humans can communicate safely is something we should fight for,” Green said.
But he said he wasn’t sure that would happen: “A lot of people in the next week are going to say, this is too hard. Let’s forget about the NSA.”
Haylet Tsukayama contributed to this report.