by Dietrich Schmitz
"All tyranny needs to gain a foothold is for people of good conscience to remain silent." - Edmund BurkeTyranny is at our door knocking. Today's news included a story in the Washington Post NSA Infiltrates links to Google, Yahoo, worldwide, Snowden documents say. (Image credit: Washington Post)
Another revelation has been made that the NSA have been camping out on the inside of the Google cloud firewall, cherry picking data -- yours -- like taking candy from a baby -- the method for how the NSA exploit to break through the front-end SSL server is documented in slides like the one shown above.
Sadly, the data fest has been going on for quite some time and Google and Yahoo officially disclaim any knowledge that such activities have been occurring.
It's too bad because the entire cloud behind the firewall has been 'clear text' as shown in the above slide, which means your data isn't encrypted and directly human readable.
Why hasn't Google taken steps to protect your Drive data with encryption?
The truth of the matter is: MONEY
Advertising revenue is obtained by parsing your documents and positioning adverts in the gutter margins as users of Google services like Drive and Gmail go about their daily business. If Google were to encrypt your data, then they could not read it and run adverts any more.
It is outrageous that Google chose not to take action because of this and I would suspect the same pertains for Yahoo.
This is a major error of negligence and abrogation of responsibility on the part of Google to protect the public's right to privacy.
The technology has been available right along which is now routinely used by other cloud services like SpiderOak, Wuala, and Kim Dot Com's Mega to encrypt the entire data stream of data space in the cloud. It's not difficult to implement and even SpiderOak have now offered their own software framework, Crypton.io, for Developers to implement Zero-Knowledge Encryption (ZKE) at any Cloud ISP.
This is no longer an option. ZKE should be considered a mandate and, as such, consumers and businesses should insist upon having it or boycott using the respective Cloud ISP's services. If we all insist on it, we will have power in numbers and can have an effect on the outcome hopefully in a positive way.
The benefit to the user of rented Cloud data space employing ZKE is that all data stored in the Cloud is first encrypted locally (in the memory space of the user's PC) and a private key is maintained locally by the user not physically present on the Cloud data drive. This makes the data on the Cloud transparent and as such the ISP will have Zero Knowledge of what is being stored other than an encrypted byte stream written to a block level drive.
With ZKE for a third party to request access would then require their serving the owner of said data with a warrant before viewing the personal and privately protected information. Good citizens presented with a warrant will comply and unlock their data if the warrant is justified by a Court Judge as having 'probable cause' for issuance. That has always been historically the case up to 9/11 but with the Patriot Act, the erosion of the U.S. Constitution was begun.
Today, some twelve years hence, the degree to which the law has been disregarded is allowing unobstructed intrusion into all corners of our private electronic communications.
I am drawing the line here. Google must take steps immediately to adopt ZKE for all of their media storage used by consumers and businesses or I will no longer support and use any of their services whatsoever.
They have two weeks to come up with a clear public plan to protect the public's data from unwarranted access or I will end it. Boycott Google Cloud services if they fail to act.
-- Dietrich
0 comments:
Post a Comment