Friday, June 6, 2014

Google's End-to-End is Unacceptable

by Dietrich Schmitz

Regular readers will know that I have taken issue with Google since last year on how they manage Gmail and Drive.

For starters, should any governmental agency manage to break through Google's firewall (oops, the NSA did and pitched camp last year), they will have unfettered access to your meta data and direct access to your Gmail and Drive files. (Image right: Google's End-to-End Logo)

Why?  Because they are stored in clear text (unencrypted) format.

That's odd.  Google Cloud does just the opposite.  Hmmm.  I Wonder why.  (Taps fingers.....)  That's because Google Cloud is for the 'paying customers' who INSIST that their data meet critical mandated security thresholds (FIPS).  So, Google Cloud customers, in the interest of keeping them from leaving altogether, are being assured, by Google, their data is FIPS-compliant and cannot be viewed by third-parties.  How nice of them.

When it was determined last year that the Fox is in the Hen House, many corporations left en masse U.S. domestic cloud ISPs for Western- and Eastern-Europe ISPs to avoid the NSA.  This concern is quite understandable on many levels and still nothing has been done to impede, much less stop the NSA from continuing their global eavesdropping.

Gmail and Drive are considered part of Google's consumer-facing services which are, at present, offered for free.  Most everyone using Gmail likes the fact that they get it for free, but, were they to make the effort to read their 'Terms of Service' agreement, would discover that Google reserves the right to parse any and all meta and personal clear text data belonging to the respective account holder.

Principally, the main thrust of this stipulation is so that Google can use intelligent advertisements positioned in the account holder's Gmail gutter margins that reflect subjects which might be of potential interest to said account holder by virtue of the parsing logic applied to their data stream.  Very nice, yes?  No!!!!!!!!!!!!

This is fundamentally wrong.  Users may be stuck with the current terms of service for getting their free Gmail and Drive, but, do they have a recourse?

Certainly, one option would be to drop using Gmail and Drive entirely in favor of some other solution.

Another solution is being provided by Google who have been under great public pressure to do something to protect account holders' right to privacy.

The solution is being named End-to-End in an announcement posted on Google's website.  It's not even available yet and coding for the solution is being worked on and tested before it will ever reach production release to the general public.

While that may sound good, a cursory inspection of the Google Code website reveals a few issues which I feel make this solution unacceptable from the start.

1) Google is only offering 'the solution' as a Google Chrome browser extension.  Many use Chrome.  I don't because it is 'proprietary'.  That means it is not 100% open source and so violates one of the cornerstones of FOSS: Transparency.  We cannot and do not know what is or isn't in proprietary code and because of that, potential rogue code and abuses can be introduced without the general public's knowledge and/or approval.  That is what Transparency is all about.  So, Google wants you to have 'their' solution on 'their' terms, stipulating the use of 'their' browser which in and of itself has volumes of code nobody can claim to know or understand.

2) As if #1 wasn't bad enough, Google has chosen to 'reinvent the wheel'.  Namely, the long-standing, mature, fully-debugged gpg2 open source OpenPGP standard codebase is being rejected out of hand, again because they want to do things 'their' way by creating a duplicate, immature, bug-laden codebase port of gpg2 as an incomplete subset into slow, interpretive Javascript.  That's right.  Javascript.  gpg2 is fully compiled C/C++ code.

3) Google chooses to adopt a new Eliptical Curve cryptographic standard over the proven mature RSA standard.  Recall that NIST is now in a public relations dilemma having been exposed as consorting with the NSA in introducing 'weakened' cryptographic string constants into their ECC codebase last year.  In discovering the problem with ECC, the NIST insist they had no part or knowledge of the NSA's intentional introduction of weakened code and put the code out for public review and follow up action to correct any seen defects based on public comment.  That leaves a 'cloud' in my mind over any software dependent on EC.  In terms of severity, in comparison to items 1 and 2, a thorough audit of EC might restore confidence and make item 3 less an issue in the long-term.

But fundamentally, Google's developers, it would appear, are taking shortcuts and making fundamental flawed decisions by forcing a solution which requires proprietary Chrome (Transparency violation) and creating their own immature crypto codebase to 'emulate' a subset of gpg2 OpenPGP features.  EC will only be compatible with version 2.1 of gpg2.

I am giving this project a 'thumbs down'.  Unacceptable.  Back to the drawing board Google.

-- Dietrich
Enhanced by Zemanta


Post a Comment