Privacy protection in the services we use on a daily basis has been a big topic of conversation following accusations that Google, Microsoft, Apple and other large tech companies were working with government agencies to provide user data.
According to a new report by CNet, Google may introduce encryption for users’ data generated on their Google Drive to protect its customers’ privacy against attempts by the U.S. government to access the data.
Why Encryption ? Secure encryption of users’ private files means that Google would not be able to divulge the contents of stored communications even if NSA submitted a legal order under the Foreign Intelligence Surveillance Act or if police obtained a search warrant for domestic law enforcement purposes.
“Mechanisms like this could give people more confidence and allow them to start backing up potentially their whole device,” said Seth Schoen, Electronic Frontier Foundation.
Many companies use SSL and HTTPS to securely transmit data from a user’s computer to the destination servers. This protects the data from anyone listening in on the transmission, a procedure called a “man-in-the-middle” attack. Currently, when you upload or download something from Google Drive, the transmitted in encrypted form, but Google is storing that data in an unencrypted manner.
Encrypting files in the cloud is something Microsoft reportedly tried to do with Outlook.com emails, but according to recent exposure, Microsoft gave access of encrypted data to U.S. government with a master key.
Google is considering encrypting the data on their own servers rather than doing it client side. This means that there is still a possibility of government bodies to get access to the user data before the data is encrypted or during the time user is actively connected to the Drive account.
Details on Google’s new encryption methods have not been disclosed officially yet.