Google experimenting with spy-resistant encrypted Google Drive


CNet's Declan McCullagh reports on a rumor that Google is testing a system for encrypting its users' files on Google Drive; they are reportedly considering the move as a means of making it harder for government spies to harvest user-data. There are lots of things this could mean: if Google encrypts the files but retains the keys, it would mean that any government spying would be more visible within the company, since it would require the government requesting access to the keys before it could snoop on users. On the other hand, it might mean that Google would encrypt its files in a way that even it can't encrypt it — called "zero-knowledge encryption" — which would be much more robust against spying. McCullagh talks about companies that do similar things:

Some smaller companies already provide encrypted cloud storage, a concept that's sometimes called "host-proof hosting." SpiderOak says its software, available for Windows, OS X, Linux, iOS, Android, and Nokia N900 platforms, uses "zero-knowledge" encryption techniques that allow it to store data that's "readable to you alone." SpiderOak also offers a Web access option because of "overwhelming customer demand," but suggests the client application is more secure.

Wuala is an application for Windows, OS X, Linux, iOS, and Android created by Zurich-based LaCie AG that also uses client-side encryption. "LaCie employees have very limited access to your data," the company says. "They can only see how many files you have stored and how much storage space they occupy."

Google tests encryption to protect users' Drive files against government demands