13 Comments

Summary:

PRISM disclosures have prompted demand for more data encryption in the cloud. Google has apparently heard the call.

Google Compute Engine logo

Google, citing customer demand, has added server-side encryption to its growing cloud storage product, according to the Google Cloud Platform blog on Thursday. Data is automatically encrypted before it writes to disk and is likewise automatically decrypted when accessed by an authorized user, Google said.

Here’s the gist:

“Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.”

The new (free) service is now being applied to all new data written to Google cloud storage and to existing objects when overwritten. Older objects will be encrypted going forward.

Google started testing server-side encryption last month. Given the hoopla around government data scooping related to the PRISM program, and concern that U.S. cloud vendors have let the NSA gain access to customer data, encryption is becoming a bigger deal. It’s clear that these vendors are feeling the heat from these disclosures — Vint Cerf, the internet pioneer who is now with Google, was among a group of industry poohbahs who met with President Obama ostensibly to discuss their concerns about PRISM’s impact on their businesses last week.

Here’s what I don’t get — and please comment below — if the vendor holds and manages the encryption keys, doesn’t that mean it could hand them over to the government as well the data they protect? (Be nice, I’m no security expert.)

Update: A Google spokeswoman wrote in to say:

“We don’t provide our encryption keys to any government. We believe we’re an industry leader in providing strong encryption, along with other security safeguards and tools.

In general, regarding government requests - We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don’t follow the correct process. When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network.”

Given the comments on this and related stories, the problem is that users don’t necessarily buy what either the government or vendors are saying regarding data sharing.

This story was upated at 11:57 a.m. PDT August 15 with Google comment.

  1. Correct. If the vendor holds the encryption keys they can be compelled to release them to a government authority. To truly protect date stored in the cloud drive the encryption would have to be done on the client side and the key would have to be unknown to vendor.

    To me this sounds more like a proof of concept/empty gesture more than anything else.

    Share
  2. You got that right. In fact they could be force to hand over the master rotating keys and get the whole shebang. A defence against hackers, sure, but once the hackers have got as far as being in a position to try and decrypt my google docs, we’re a bit stuffed anyway.

    Share
  3. Yes, that’s exactly what it means. Unless you manage your own keys, the cloud vendor (and this is equally true of Box, Egnyte, Dropbox, or whomever else) admins can decrypt the content and potentially turn it over if they get a FISA request.

    Share
  4. it’s mostly a marketing feature. saying mostly because the KGB (they fully earned this nickname) is not the only threat.

    Share
  5. phew. so i guess it wasn’t a dump question. thanks for your comments.

    Share
  6. “Given the comments on this and related stories, the problem is that users don’t necessarily buy what either the government or vendors are saying regarding data sharing.”

    I’ll go so far as to say that I do trust Google will do their best to deny requests when ever possible. I’ll even believe their claim that the government cannot directly pull data from their servers. The problem is how the system is designed. If the encryption is implemented correctly they should not be able to access your data even if they wanted to.

    If these cloud companies want user trust back, they need to start designing their systems in a way that removes trust from the equation

    Share
  7. Actually, these comments aren’t quite correct. We (at least, I) haven’t seen enough details to say. All they say is “the per-object key itself is encrypted with a unique key associated with the object owner”. How is the object owner key stored? If google stores it simply encoded by a master key, yes, they could hand it over. If that key is encrypted by the user’s password or browser cookie or something, Google would not have access to it without the user connecting.

    I’m certainly don’t mean to imply that Google are doing this, just that I don’t think there is enough information to say that, yes, they could hand over the data if compelled.

    Share
  8. Right. You need to keep the encryption keys on devices you control, not on the server, Google or otherwise.

    Share
  9. I don’t want server-side encryption — I want CLIENT-side encryption.

    Share
    1. thomas-murphy-1069020 Monday, August 19, 2013

      Try http://www.ncryptedcloud.com We will release our Google Drive product in Late October.

      Share
  10. John Thompson Sunday, August 18, 2013

    If you use AWS’s HSM, then the customer holds a part of the key. So even if AWS has to hand over all records to the govt due to say a subpeona, the govt won’t be able to decrypt and make sense of the data without the client side portion of the key.

    Share

Comments have been disabled for this post