from the keep-at-it dept
So far, one of the biggest stories of the Snowden NSA leaks, by far, is the revelation that the NSA was
infiltrating the private data links between Google and Yahoo data centers (and, it seems likely, other companies as well). Google had clearly suspected this, as it had been reported earlier that they were
scrambling to encrypt those data links. As you may recall, the original Washington Post article also noted that two Google engineers who were shown the NSA's slides "exploded in profanity" and anger at the NSA.
It would appear that this sentiment is pretty common across Google's security team, and they're displaying their anger on Google Plus -- but also announcing that all that data is now encrypted. When the news first broke, security engineer Brandon Downey
expressed reasonable anger about the news:
Fuck these guys.
I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces.
[...]
But after spending all that time helping in my tiny way to protect Google -- one of the greatest things to arise from the internet -- seeing this, well, it's just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.
On Tuesday, the Washington Post revealed a
few more slides showing more details of the NSA's infiltration of private data links between data centers. In response to that, another security engineer, Mike Hearn,
announced that all the traffic shown in those slides is now encrypted, along with his own "fuck you" to the NSA and GCHQ:
I now join him in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it's no different - GCHQ turns out to be even worse than the NSA.
We designed this system to keep criminals out. There's no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we've got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason.
Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.
Of course, some people might reasonably question the idea that Google is "little people" here. And, while it's good to see Google staffers furious about this, it remains to be seen if Google will actually do more about this. A lawsuit against the US government for hacking into its network seems called for. And, potentially
against Level 3 as well, given that it appears Level 3 provided much of the dark fiber Google was using -- and the company gave a giant "if the government comes to us, we can't talk about it" response, that hinted strongly towards "the government came to us and had us tap Google's private links."
Hopefully, we'll start to see that employee anger over this turn into much more: including better privacy tools for users
and using Google's political pull to fight the NSA in DC as well.
Filed Under: datacenters, encryption, engineers, nsa, nsa surveillance, security
Companies: google, level 3
