Google, Facebook, and Yahoo Developing More Secure Code To Shield Against The NSA
When the NSA forced several major tech companies including Facebook, Google, and Yahoo to cough up data on their users, one got the sense that it was a situation of an unstoppable force meeting an immovable object.
The first round of that battle went to the NSA because it had (some shadily-acquired) court documents that forced compliance, but these are companies with leaders that are not accustomed to being told what to do. (If anyone is going to spy on Facebook users, by god it’s going to be Facebook itself.) Further, the companies are concerned that the NSA is also hacking their network transmissions, including tapping fiber optic cables and breaking encryption.
Unsurprisingly, the companies are fighting back with the best weapon they have--coding. According to Bloomberg, at least three companies (Google, Facebook, and Yahoo) are developing code that is much harder to break by employing more complex encryption and longer 2048-bit digital keys.
Google is developing a way to detect fraudulent certificates that verify website authenticity, and Facebook is making use of “perfect forward secrecy” that keeps users’ communications encrypted even if an entity such as the NSA gets a security code.
The heightened security is designed to keep emails, social media posts, video calls, and Internet searches away from the NSA’s spying eyes.
“It’s very important that the users of our services understand that we are stewards of their data, we hold it responsibly, we treat it with respect,” Google director of law enforcement and information Richard Salgado told a Senate subcommittee. “We’ve already seen impacts on the businesses.”
Of course, none of this stops the NSA from acquiring data through “legal” means such as FISA court orders, but at least these new developments could prevent some of the obviously illegal spying that’s been going on. In a previous article we quoted Eric Grosse, vice president for security engineering at Google, as saying that this is basically an arms race. That still sounds about right, and it’s a damn shame.
The first round of that battle went to the NSA because it had (some shadily-acquired) court documents that forced compliance, but these are companies with leaders that are not accustomed to being told what to do. (If anyone is going to spy on Facebook users, by god it’s going to be Facebook itself.) Further, the companies are concerned that the NSA is also hacking their network transmissions, including tapping fiber optic cables and breaking encryption.
Unsurprisingly, the companies are fighting back with the best weapon they have--coding. According to Bloomberg, at least three companies (Google, Facebook, and Yahoo) are developing code that is much harder to break by employing more complex encryption and longer 2048-bit digital keys.
Google is developing a way to detect fraudulent certificates that verify website authenticity, and Facebook is making use of “perfect forward secrecy” that keeps users’ communications encrypted even if an entity such as the NSA gets a security code.
The heightened security is designed to keep emails, social media posts, video calls, and Internet searches away from the NSA’s spying eyes.
“It’s very important that the users of our services understand that we are stewards of their data, we hold it responsibly, we treat it with respect,” Google director of law enforcement and information Richard Salgado told a Senate subcommittee. “We’ve already seen impacts on the businesses.”
Of course, none of this stops the NSA from acquiring data through “legal” means such as FISA court orders, but at least these new developments could prevent some of the obviously illegal spying that’s been going on. In a previous article we quoted Eric Grosse, vice president for security engineering at Google, as saying that this is basically an arms race. That still sounds about right, and it’s a damn shame.
