Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Thread beginning with comment 577318
To read all comments associated with this story, please click here.
Duh!
by Mystilleef on Fri 22nd Nov 2013 19:16 UTC
Mystilleef
Member since:
2005-06-29

The question is why wasn't everything encrypted to begin with?

All network connections and data stores should have been encrypted right from the very beginning.

After all, Google is a services and data store company. You'd think paranoid security would be their foremost priority.

Reply Score: 4

RE: Duh!
by Alfman on Fri 22nd Nov 2013 19:55 in reply to "Duh! "
Alfman Member since:
2011-01-28

Mystilleef,

You are right, it's funny that these corporations just assumed they were safe. This is a mistake many civilians make, but you'd think the corporations themselves would be a bit more savvy.

The whole irony of this story is that many of these corporations do not *really* want their users to have end to end encryption. They could store user data such that they themselves don't have access to it if they really wanted to, private communications could go through them while remaining safely encrypted. However the current business models for companies like facebook & google are highly dependent on prodding around user data to sell ads. I wonder if they'd even continue to provide those services for free if all they could ever see was opaque encrypted data?

Of course they have every incentive to protect *their* infrastructure from government snooping, but I very much doubt they care to build infrastructures that protect users from corporate snooping. The fact remains that so long as user data isn't cryptographically safe from corporate snooping, then there's always the risk that user data will end up in government hands anyways through secret court orders and even government spies working as corporate security officers obtaining network keys, etc.

Edited 2013-11-22 20:02 UTC

Reply Parent Score: 3