Comment by autoexec
21 hours ago
> Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?
I wouldn't count on it. The main way we'd know about it would be a whistleblower at Google, and whistleblowers are extremely rare. Evidence and court records that might expose a secret backdoor or that the government was getting data from Google that was supposed to be private could easily be kept hidden from the public by sealing it all away for "national security reasons" or by obscuring it though parallel construction.
People are incredibly bad at keeping secrets. And there are a LOT of people at Google. I don’t buy it.
There were a lot of people working for the NSA besides snowden, but none of them blew the whistle even though some of the programs he exposed had been around for 12 years. There were a whole lot of people working at AT&T but employees weren't lining up to tell us about Room 641A (https://en.wikipedia.org/wiki/Room_641A) before Mark Klein. How did everyone else manage to be kept quiet? The details about MKUltra and the Manhattan Project were successfully kept a secret for decades before eventually being declassified.
It'd be a huge mistake to look at the instances where somebody did come forward and spill a secret and assume that it means secrets aren't possible to keep or that there are no secrets being kept right now. It's may not be easy to keep a secret, but governments and corporations are extremely well practiced and have many documented successes.
You have a point, but a major reason that the examples you cited above were kept secret was because knowledge about them was compartmentalized. As knowledge leaks, so does the possibility of whistleblowers. It’s an unstable equilibrium. My argument (which admittedly is based on an anecdata about how undisciplined large tech corporations are) is that it’s uniquely hard to keep secrets in modern tech companies because by design, knowledge is not compartmentalized. Modern large tech companies have replaced fiefdoms of knowledge with fiefdoms of operational expertise, if that makes sense.
Anyway, there have been hundreds, perhaps thousands of whistleblowers in the past and the examples you picked I think are representative of the upper bound, rather than the lower bound of the secret keeping capacity of organizations.
That’s why Rule #1 of Security, is limit access; regardless of clearance.
Which explains why there’s all these security levels above “Top Secret,” which is really just a baseline.
Google can just borrow a certified encryption library elsewhere.