CWmike writes: Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments — started last year, but accelerated in June following the NSA leaks — is as much about economics as data encryption, experts say. Eric Grosse, vice president for security engineering at Google, told The Washington Post: 'It's an arms race.' Kevin Bocek, vice president of product marketing for certificate management vendor Venafi, told CSOonline on Monday, 'This is a business strategy. A large part of Google's business is about [customer] trust.' The crux of the issue with Google making the NSA dragnet harder(knowing if the government wants in, it will get in) is that the NSA evaluates the tactic it uses by weighing the cost with the value of the information obtained. However, the agency does evaluate the tactic it uses by weighing the cost with the value of the information obtained. 'The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical,' Bruce Schneier, a renowned security technologist and cryptographer, wrote in The Guardian. 'They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.' The NSA's capabilities for cracking encryption are not known outside the agency. However, the most secure part of an encryption system remains the 'mathematics of cryptography,' Schneier said. The greater weaknesses, and the ones mostly likely to be exploited by governments in general, are the systems at the start and end of the data flow.'I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks,' Schneier said in a blog post. 'Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts.' Is this about citizen's rights, or a business decision (some might say an existential issue) for Google? Does it matter, and will it make a difference?
We can found no scientific discipline, nor a healthy profession on the
technical mistakes of the Department of Defense and IBM.
-- Edsger Dijkstra