Comment by dragonwriter
12 years ago
> So does this suggest that Google's SSL encryption can be removed just as easily as that smiley face implies?
Well, yes, if you are Google. The removal of SSL is done by Google's own front end servers at the boundary between the public internet and Google's own network, and Google's own network (including its private datacenter-to-datacenter fiber connections) are apparently not encrypted (which saves compute overhead.)
The revelation in the article (assuming it is correct) is that the GCHQ is taking advantage of this fact to evade Google's move to encrypt user-to-Google connections by simply tapping Google's datacenter-to-datacenter connections and (as well as whatever use GCHQ itself makes of the captured data) providing the NSA the ability to provide search terms that are matched against the captured data, with matching data fed from GCHQ to the NSA.
(This neatly also avoids any US legal limits on domestic electronic surveillance by the NSA, since, first, the surveillance isn't conducted by the NSA or any other US agency, and, second, its presumably not physically conducted in the US at all.)
Tell me if I understand this right: Google thought it was okay to not encrypt that 'internal' traffic, because even when trans-continental, that traffic was on 'private' Google fiber carrying only Google traffic, not the public internet. It was theoretically on a network that only Google had access to.
That's why it seemed okay not to encrypt it, right? (Otherwise, I don't know why Google would have thought it didn't have to encrypt it).
But the NSA managed to tap into this 'private' fiber anyway, perhaps with the cooperation of the actual telecoms that run it?
Do I have that right?
Essentially, that is what the article seems to indicate, except that it was Britain's GCHQ, not the US's NSA, that did the tapping. The GCHQ, as part of the "Five Eyes" intelligence cooperation [1], lets the NSA do searches against the data they get from the taps.
[1] http://en.wikipedia.org/wiki/UKUSA_Community