Why Google is testing encryption of Drive consumer data

Byron Acohido | USA TODAY

There may be a hidden agenda to Google's move to begin experimenting with encryption of Google Drive consumer data, as reported by CNET.

"Google is concerned about the impression left with many people that it actively cooperated with the National Security Agency's PRISM surveillance program," says John M. Simpson, director of Consumer Watchdog's Privacy Project. "They want to show that your data can be protected from government snooping"

CyberTruth asked Jules Polonetsky, director of the Future of Privacy Forum, to flesh out the wider context.

CT: What's compelling Google?

Polonetsky: Companies in general have had to be prodded over the years by critics to expand the use of encryption for various services. There is some cost and complexity to rolling it out and some fear that it could impact performance. Now companies are scrambling to show consumers that they are on their side, and can be trusted to push back against government intrusion.

CT: Would this really stop the government from obtaining and effectively monitoring consumer data from Google's services?

Polonetsky: It depends on how Google implements this. Some companies have encrypted files but held the key, in case users needed assistance or to help with file recovery. Such encryption protects against hackers -- unless they steal the keys. Keep in mind, the government t can and does demand the keys when needed. Encrypting so that only the user has the key, and even Google can't access the data would make it very hard for the government to make wide scale requests.

The government would be forced to the legally shakier ground of trying to demand that Google build a tool to intercept its users own log-in attempts, a step likely to cause a major confrontation with industry and step the government might not be ready to try, at least not in the current environment.

CT: What are the odds Microsoft, and others, such as Box, will begin similar experimentation?

Polonetsky: For a long time, companies didn't want to provide bullet proof protection for files for fear that they would be used by criminals, for child porn, for storing stolen music. They wanted to be able to respond to legitimate law enforcement requests and want to deter use of their services by the bad guys. These steps by Google show that calculus may be starting to shift.