By Chris Strohm – Nov 15, 2013 10:42 AM CT
Google Inc., Facebook Inc. and Yahoo! Inc. are fighting back against the National Security Agency by using harder-to-crack code to shield their networks and online customer data from unauthorized U.S. spying.
The companies, burned by disclosures they’ve cooperated with U.S. surveillance programs, are protecting user e-mail and social-media posts with strengthened encryption that the U.S. government says won’t be easily broken until 2030.
The National Security Agency headquarters in Fort Meade, Maryland. Photographer: NSA via Getty Images
The NSA has tapped fiber-optic cables abroad in order to siphon off data from Google and Yahoo, circumvented or cracked encryption, and covertly introduced weaknesses and back doors into digital coding, according to reports in the Washington Post, the New York Times and the U.K.’s Guardian newspaper based on documents leaked by former NSA contractor Edward Snowden. Photographer: Krisztian Bocsi/Bloomberg
While the NSA may find ways around the barriers, the companies say they have to assure users their online connections are secure and data can’t be grabbed when transmitted over fiber-optic networks or digitally stored.
Microsoft Corp. is convinced it must “invest in protecting customers’ information from a wide range of threats, which if the allegations are true, include governments,” Matt Thomlinson, general manager of trustworthy computing, said in an e-mail. He didn’t provide details.
Internet companies including Google, Yahoo, Facebook, Microsoft and Apple Inc. are trying to distance themselves from news reports that they gave the agency data on electronic communications of Americans and foreigners or have lax security.
While the companies are trying to prevent the NSA from gaining unauthorized access to their data, they say they comply with legal court orders compelling them to provide the government information.
The NSA has tapped fiber-optic cables abroad in order to siphon off data from Google and Yahoo, circumvented or cracked encryption, and covertly introduced weaknesses and back doors into coding, according to reports in the Washington Post, the New York Times and the U.K.’s Guardian newspaper based on documents leaked by former NSA contractor Edward Snowden.
Companies are fighting back primarily by using increasingly complex encryption, which scrambles data using a mathematical formula that can be decoded only with a special digital key. The idea is to protect sensitive information like e-mails, Internet searches and digital calls.
Google has accelerated efforts to encrypt information flowing between its data centers, doubled the length of its digital keys and implemented measures to detect fraudulent certificates for verifying the authenticity of websites, according to a statement from the Mountain View, California-based company.
NSA spy programs have “the great potential for doing serious damage to the competitiveness” of U.S. companies, Richard Salgado, Google’s director of law enforcement and information security, told a Senate subcommittee Nov. 13.
“It’s very important that the users of our services understand that we are stewards of their data, we hold it responsibly, we treat it with respect,” Salgado said. “We’ve already seen impacts on the businesses.”
Google, Yahoo and Facebook generated $44.4 billion in advertising revenue so far in 2013 in part by mining users’ private data, according to Bloomberg Industries.
An Aug. 14 analysis by Forrester Research Inc. analyst James Staten found the U.S. cloud computing industry could lose as much as $180 billion by 2016 due to the spying disclosures.
Yahoo will make encrypted connections standard by January for all its Mail users with 2048-bit digital keys, Sarah Meron, a spokeswoman for the Sunnyvale, California-based company, said in an e-mail.
Facebook, in addition to moving toward 2048-bit encryption keys, is accelerating a tactic known as “perfect forward secrecy” that prevents the NSA from deciphering the communications of users if it obtains a security code, Jodi Seth, a company spokeswoman, said in an e-mail.
Read More Here
Battle brews as tech companies attempt to fend off NSA hacking
Google, Facebook, Yahoo, and others are all improving their data encryption to discourage the NSA from accessing user information.
The NSA allegedly gathered millions of records from Google and Yahoo data centers around the world, but soon, the agency might have a much harder time trying to collect this type of data.
Google, Yahoo, Microsoft, Apple, and other prominent technology companies are investing heavily in stronger, 2048-bit encryption. Due to computing power constraints, it’s expected to be more than a decade before this type of encryption can be easily overcome.
Google, one of the leaders in the effort, announced in May that it would switch over to 2,048-bit encryption keys by the end of 2013. Yahoo recently confirmed to Bloomberg, which spoke with several tech companies that are investing in new encryption, that it will make 2048-bit encryption standard by January 2014 for all its Mail users. Facebook also plans to move to 2048-bit encryption, a spokeswoman told Bloomberg, and will roll out “perfect forward secrecy,” a feature that prevents snoopers from accessing user data even if they can access the company’s security codes.