Angry Over U.S. Spying, Tech Giants Bolster Defenses
By CLAIRE CAIN MILLER
What began as a public relations predicament for technology companies has evolved into a crisis that threatens their businesses.
Google, via Associated Press
By CLAIRE CAIN MILLER
Published: October 31, 2013
SAN FRANCISCO — Google
has spent months and millions of dollars encrypting email, search
queries and other information flowing among its data centers worldwide. Facebook’s chief executive said at a conference this fall that the government “blew it.” And though it has not been announced publicly, Twitter plans to set up new types of encryption to protect messages from snoops.
Related
-
N.S.A. Said to Tap Google and Yahoo Abroad (October 31, 2013)
It is all reaction to reports of how far the government has gone in
spying on Internet users, sneaking around tech companies to tap into
their systems without their knowledge or cooperation.
What began as a public relations predicament for America’s technology
companies has evolved into a moral and business crisis that threatens
the foundation of their businesses, which rests on consumers and
companies trusting them with their digital lives.
So they are pushing back in various ways — from cosmetic tactics like publishing the numbers of government requests they receive
to political ones including tense conversations with officials behind
closed doors. And companies are building technical fortresses intended
to make the private information in which they trade inaccessible to the
government and other suspected spies.
Yet even as they take measures against government collection of personal
information, their business models rely on collecting that same data,
largely to sell personalized ads. So no matter the steps they take, as
long as they remain ad companies, they will be gathering a trove of
information that will prove tempting to law enforcement and spies.
When reports of surveillance by the National Security Agency surfaced in
June, the companies were frustrated at the exposure of their
cooperation with the government in complying with lawful requests for
the data of foreign users, and they scrambled to explain to customers
that they had no choice but to obey the requests.
But as details of the scope of spying emerge, frustration has turned to outrage, and cooperation has turned to war.
The industry has learned that it knew of only a fraction of the spying,
and it is grappling with the risks of being viewed as an enabler of
surveillance of foreigners and American citizens.
Lawmakers in Brazil, for instance, are considering legislation requiring
online services to store the data of local users in the country.
European lawmakers last week proposed a measure to require American
Internet companies to receive permission from European officials before
complying with lawful government requests for data.
“The companies, some more than others, are taking steps to make sure
that surveillance without their consent is difficult,” said Christopher
Soghoian, a senior analyst at the American Civil Liberties Union. “But
what they can’t do is design services that truly keep the government out
because of their ad-supported business model, and they’re not willing
to give up that business model.”
Even before June, Google executives worried about infiltration of their networks. The Washington Post reported on Wednesday
that the N.S.A. was tapping into the links between data centers, the
beating heart of tech companies housing user information, confirming
that their suspicions were not just paranoia.
In response, David Drummond, Google’s chief legal officer, issued a
statement that went further than any tech company had publicly gone in
condemning government spying. “We have long been concerned about the
possibility of this kind of snooping,” he said. “We are outraged at the
lengths to which the government seems to have gone.”
A tech industry executive who spoke only on the condition of anonymity
because of the sensitivities around the surveillance, said, “Just based
on the revelations yesterday, it’s outright theft,” adding, “These are
discussions the tech companies are not even aware of, and we find out
from a newspaper.”
Though tech companies encrypt much of the data that travels between
their servers and users’ computers, they do not generally encrypt their
internal data because they believe it is safe and because encryption is
expensive and time-consuming and slows down a network.
But Google decided those risks were worth it. And this summer, as it
grew more suspicious, it sped up a project to encrypt internal systems.
Google is also building many of its own fiber-optic lines through which
the data flows; if it controls them, they are harder for outsiders to
tap.
Tech companies’ security teams often feel as if they are playing a game
of Whac-a-Mole with intruders like the government, trying to stay one
step ahead.
Google, for instance, changes its security keys, which unlock encrypted
digital data so it is readable, every few weeks. Google, Facebook and Yahoo have said they are increasing the length of these keys to make them more difficult to crack.
Facebook also said it was adding the encryption method of so-called
perfect forward secrecy, which Google did in 2011. This means that even
if someone gets access to a secret key, that person cannot decrypt past
messages and traffic.
News from the technology industry, including start-ups, the Internet, enterprise and gadgets.
“A lot of the things everybody knew they should do but just weren’t
getting around to are now a much higher priority,” said Paul Kocher,
president and chief scientist of Cryptography Research, which makes
security technologies.
Facebook said in July that it had turned on secure browsing by default,
and Yahoo said last month that it would do the same for Yahoo Mail early
next year. And Twitter is developing a variety of new security
measures, including encrypting private direct messages, according to a
person briefed on the measures.
Many tech companies have made public information about the number of
government requests for user data they receive, and sued to ask for
permission to publish more of this data. On Thursday, Google, Microsoft,
Facebook, Yahoo, Apple and AOL reiterated these points in a letter to
members of Congress.
But publishing the numbers of requests the companies receive has less
meaning now that reports show the government sees company data without
submitting a legal request.
A sense of betrayal runs through the increasingly frequent conversations
between tech company lawyers and lawmakers and law enforcement in
Washington, and in private conversations among engineers at the
companies and increasingly outspoken public statements by executives.
Mr. Drummond and Larry Page, Google’s co-founder and chief executive,
have said privately that they thought the government betrayed them when
the N.S.A. leaks began, by failing to explain the tech companies’ role
to the public or the extent of its spying to the tech companies,
according to three people briefed on these conversations. When President
Obama invited tech chief executives to discuss surveillance in August,
Mr. Page did not go and sent a lower-level employee instead.
Mark Zuckerberg, Facebook’s chief executive, sarcastically discussed
surveillance at the TechCrunch Disrupt conference in September.
“The government blew it,” he said. “The government’s comment was, ‘Oh,
don’t worry, basically we’re not spying on any Americans.’ Right, and
it’s like, ‘Oh, wonderful, yeah, it’s like that’s really helpful to
companies that are really trying to serve people around the world and
really going to inspire confidence in American Internet companies.’ ”
Nenhum comentário:
Postar um comentário