Comment by atonse
12 years ago
Well, I don't think it's that easy.
If the NSA wanted your data, they could get into your network probably easier than they could get into Google's networks. Companies like Google have way smarter people (and working full time) securing data than most businesses.
For us to secure our networks as much as someone like Google would, we'd have to have a team of the best hackers around.
And by definition, the best hackers around are scarce. They're already working for Google, etc, and X Y Z security company.
Google may have better security, but they're also a much, much larger target. Wiretapping Google gives you access to the private data of Google's millions and millions of users, whereas gaining access to my network gets you access to… me. As long as there's a non-trivial fixed cost to attacking a host or a network, there's an advantage to hosting your own data.
While it's possible that the NSA has a system to automatically detect and wiretap hosts and private networks connected to the internet, it seems unlikely to not have been detected so far. I've taken to assuming that every packet send and received from my servers is being monitored, but that, barring specific interest in me by the NSA, the servers themselves are reasonably private.
Not exactly. Think of this analogy: the NSA built an enormously expensive sieve net to fish the entire Pacific Ocean (Google). While the Pacific may be deeper and wider than your innocuous little lagoon, that lagoon probably hasn't attracted the attention of the NSA. If you think the attention of the NSA is going to be a problem for your dealings, hiring very expensive security talent is necessary to your business plan.
Sure, but in that cat and mouse game between Google and the NSA, Google might actually have a chance. From what tptacek has said above about the kind of stuff Google's been doing (SSL with EC and perfect forward secrecy, etc), they're actually able to make it difficult for the NSA.
Plus, in the world of "I can sift through terabytes of data in seconds" even a little lagoon isn't too little.
You'd think that but that's not actually true. Google's infrastructure is way too big to be completely secure. There are several ways to penetrate Google's network.
I know some of the people in the security team and they are pretty good, but arrogance will be their undoing.
Google has an internal team called the Orange Team that performs security audits and, so far, they have always been successful in penetrating Google's network. If they can, what makes you think the NSA hasn't done that already?
.. and then google gets a letter with a request from the government, opens its data-centers and lies to its customers. It's not that easy your way, either..
"They're already working for Google, etc, and X Y Z security company."
And the NSA, apparently.