Google's coasting on the wave of cyber anxiety following the NSA leaks with some new encryption features. From now on everything you put on Cloud Storage will be automatically encrypted on Google servers. Which raises the question: Why isn't everything encrypted on Google servers?
The benefits of encryption are undeniable, from the user's point of view. Again, in the wake of Edward Snowden's leaks, it's strikingly apparent how exposed our data is online. It's comforting that more and more websites are adopting Secure Sockets Layer (SSL) encryption, and some, like Google, are even going for the more secure Perfect Forward Secrecy (PFS) method. However, these only apply to data while it's being transferred.
The new Google Cloud Storage encryption is a step up, for sure. Google doesn't require any special set up or configuration; it just works. The company also says that the encryption won't affect performance or require you to store any encryption keys. "We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing," says product manager Dave Barth in an official Google blog post.
This all sounds great! But seriously, why can't we enjoy the same features for Gmail or Google Search or Google Calendar or any of the other 7,000 Google products that gobble up our data? One word: Ads.
Vint Cerf, one of the founding fathers of the internet and a Google employee, addressed the encryption issue a couple of years ago at a conference. Security expert Christopher Soghoian, who was sitting on the panel with Cerf, pointed out the tradeoff big companies like Google face between protecting users' privacy and profiting off of their data. Cerf conceded, "I think you're quite right, however that, we couldn't run our system if everything in it were encrypted because then we wouldn't know which ads to show you." He added, "So this is a system that was designed around a particular business model."
This mindset spreads beyond the realm of encrypting data. Google's long faced criticism for raking through the content of your Gmail messages so that it can serve up relevant ads, but as Cerf told us two years ago, the whole system was designed around these business practices.
The good news is that there is that there is something you can do about it. If you want to keep your email private and secure, the geeks over at Lifehacker recently published a very thorough how-to guide and also point us to this Chrome extension that encrypts Gmail messages with a single click. For your search needs, try DuckDuckGo for a terrific, free and secure search engine. And your cloud storage, well heck, just use Google. The new automatic encryption sounds great!