Schmidt: NSA revelations forced Google to lock down data

Google's chairman defended the company's efforts to secure data, but some question its own collection practices

Google has worked hard to lock down the personal data it collects since revelations in the last year and a half about mass surveillance programs at the U.S. National Security Agency, company Chairman Eric Schmidt said.

The news of surveillance by the NSA and intelligence agency counterparts at allied nations has damaged the U.S. tech industry on "many levels," with many Europeans now distrusting U.S. tech companies to hold on to their personal data, Schmidt said Friday at a surveillance conference at the Cato Institute, a libertarian think tank.

Schmidt learned of efforts by U.K. intelligence agency GCHQ to intercept traffic between Google data centers through a newspaper article, he told the audience. "I was shocked," Schmidt said.

Google had envisioned a complicated method to sniff traffic, but "the fact that it had been done so directly ... was really a shock to the company," Schmidt said.

After reporters showed Google engineers a diagram of the intelligence agency's methods to tap links between Google data centers, the engineers responded with a "fusillade of words that we could not print in our family newspaper," Washington Post reporter Craig Timberg said.

Google responded to the revelations by former NSA contractor Edward Snowden by spending a lot of money to lock down its systems, including 2,048-bit encryption on its traffic, Schmidt said. "We massively encrypted our internal systems," he said. "It's generally viewed that this level of encryption is unbreakable in our lifetime by any sets of human beings in any way. We'll see if that's really true."

Schmidt told the audience that the safest place to keep important information is in Google services. "Anywhere else" is not the safest place to keep data, he said.

Schmidt touted the incognito browsing feature in Google's Chrome browser and Google's Dashboard feature, which allows its users to set their privacy preferences. He noted that some security experts have questioned his claim that Android is the safest mobile operating system. Both Google and Apple are working "very, very hard" on security features in their mobile OSes, he said.

Timberg, along with some audience members, questioned Google's own collection of personal data, however. Google itself collects huge amounts of user data, Timberg noted.

Google collects data to help deliver its services, and has, in some cases, killed projects that raised privacy concerns, Schmidt said. "I hear this perception that we're somehow not playing by the rules of modern society," he said. "I think that's wrong. I think the evidence is that Google has been incredibly sensitive to privacy issues."

Chrome's incognito feature will "do nothing" to protect users from government surveillance, said Chris Soghoian, principal technologist with the American Civil Liberties Union. Soghoian also questioned Schmidt about past comments he made suggesting Google retains user information to comply with law enforcement surveillance requests.

Google complies with legal law enforcement requests, Schmidt said, and retains user data for a year because of government mandates.

Julian Sanchez, a senior fellow at Cato, asked if Google has incentives to lock down data when much of its business model is collecting user data.

People criticizing the company's privacy efforts "don't understand how Google works," Schmidt said. "Google's job is build stuff that delights customers. When governments illegally invade their privacy, that's like a negative. It's easy to understand why we'd make these systems stronger."

Timberg asked Google about a recent push by the FBI and U.S. Department of Justice to build back doors in encrypted services as a way to fight crime. The recent requests came after announcements from Apple and Google of new encryption tools for mobile phones.

Back doors are a bad idea, Schmidt said. "It'd be great, if you're the government, to have a trap door, but how do we at Google know that the other governments are not taking over the trap door from you?" he said.

Law enforcement officials have "so many ways" to investigate crime without requiring tech companies to build back doors into products, Schmidt said.

In an earlier panel at the Cato forum, Soghoian said the U.S. public should be as concerned about surveillance by local police as it is about surveillance by the NSA.

Big-data tools created for intelligence agencies, including metadata collection programs, are "trickling down to state and local law enforcement agencies," he said. "It's simply not appropriate for local law enforcement to have intelligence community-grade surveillance technology, because these devices do not respect the privacy of innocent Americans."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. National Security AgencyJulian SanchezCraig Timbergeric schmidtgovernmentinternetChris SoghoianprivacyCato InstituteAmerican Civil Liberties UnionGooglesecurityEdward Snowden

More about AppleCato InstituteDepartment of JusticeFBIGCHQGoogleIDGNational Security AgencyNewsNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts