Google to government: we encrypt because you hacked us

Responding to complaints by the US government over mobile device encryption, Google chairman Eric Schmidt has said the company’s hand was forced by government hacking.

Google chairman Eric Schmidt has fired a blunt response to representatives of the US government who have criticised Google’s and Apple’s recent efforts to step up encryption in their respective mobile operating systems, Android and iOS.

“There’s a current kerfuffle over the default encryption in the iPhone 6. But the people who are criticising this should have expected this," Schmidt said at an open panel on Wednesday hosted by Joe Wyden, chairman of the US senate finance committee.

With the release of iOS 8, Apple said it no longer held encryption keys to devices running the OS, which meant that the only way to access to a locked iOS device was by knowing the passcode. Google announced last month that Android L, it’s next operating system due this year, would have deviceencryption on by default, making it more difficult for law enforcement to access information stored on a device.

Law enforcement can still gain access to for example an iCloud account associated with an iPhone, but they wouldn’t be able to press Apple for access to the device itself.

Outgoing Attorney General Eric Holder earlier this month criticised Apple and Google, saying law enforcement shouldn’t be prevented from accessing information when investigating a crime.

Schmidt said Google’s decision to block law enforcement was a response to actions by the National Security Agency (NSA) and the UK’s GCHQ against Google infrastructure. The agencies' attacks on Google were carried out under the project MUSCULAR, which compromised communications links between Google and Yahoo data centres.

“After Google was attacked by the British version of the NSA, we were annoyed to no end so we put end-to-end encryption at rest as well as throughout our systems, making it essentially impossible of any kind to get that information. The further encryption in iPhone 6 has been optional in Android for.. the last three years. We’re making it by default as well,” said Schmidt.

Also present on the panel was Microsoft’s chief legal counsel Brad Smith. Microsoft is currently contesting a US warrant for email stored in its Dublin, Ireland data centre. The company is challenging the US’ Electronic Communications Privacy Act, which as it stands, allows US law enforcement to search property overseas without physically entering that property.

Microsoft’s biggest concern is that Europe becomes like China, where foreign cloud companies are required by law to host customer data in a data centre that is owned by a local company.

Smith said he fears that a European country could enact such a law. German chancellor Angela Merkel has previously indicated interest in citizen's ability to find email services supplied from within Europe rather than the US.

“Most people are more likely to trust their own government than someone else’s. So what you would see is a law in a country in Europe that says that people’s data can only be put in a data centre that is only run by a company from that country,” said Smith.

Schmidt agreed with Smith, adding that current US laws could jeopardise one of America’s only growth sectors.

“Data localisation means it will be owned by a non-American company. That means the future of the internet companies is half of what it could be if that spreads, roughly speaking…. So this is an industry that rivals the scale of any American industry and we’re one of the two or three that have provided economic growth for America for the last decade,” said Schmidt.

“We’re screwing around with those kinds of concepts without considering that that’s a national emergency… if this kind of thing continues, we have a much more serious problem on our hands because it will affect America.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags directors for CSO AustraliaiCloudIreland data centreNational Security Agency (NSAAppleEnex TestLabiphone 6iOS 8dublinBrad Smitheric schmidtgovernment hackingencryptionGoogle to governmentCSO Australiadevice encryption

More about AppleCSOEnex TestLabGCHQGoogleMicrosoftNational Security AgencyNSAYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place