Google Drive users to benefit from server-side encryption?
Reports suggest search giant could be about to tighten up security of its cloud storage offering
Google is said to be testing out server-side encryption in a move that would help shield user documents stored on its Drive storage service from government authorities such as the NSA.
Currently, Google Drive files are secured in transition using the HTTPS and TLS protocols, but are not encrypted when stored on the firm’s servers. The web giant is now actively trying to address this issue to give users peace of mind, two sources have told CNET.
If server-side encryption is implemented, Google would theoretically be unable to give government agencies, such as the NSA, access to information even if they submitted a legal request.
The move comes as Google was named as one of the global technology firms that provides information to the NSA by whistleblower Edward Snowden.
Encryption of data at its source would help Google differentiate itself from rivals, particularly Microsoft which has been accused in documents released by Snowden of helping the government agency to circumvent its own email encryption.
Microsoft general counsel Brad Smith has denied Redmond bypasses its own encryption. But he did admit that when the firm wants to comply with legal orders, information is pulled from servers where it “sits in an encrypted state”.
Even since details of the NSA’s Prism project emerged, the major companies implicated in the scandal - including Google, Apple, Microsoft, Facebook and Yahoo - have all denied giving blanket access to the NSA. They maintain that user data is only handed over to authorities when a valid legal request is made through appropriate channels, under the Foreign Intelligence Surveillance Act.
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
An alliance of 63 global technology firms and liberty groups has now emerged. They are aiming to lobby President Obama and Congress to allow internet, telephone, and web-based companies to report national security-related requests with greater transparency.