top | item 10588714

(no title)

> Tellingly, Google's security efforts were also a top-down reaction to a major security incident.

What was that? All I can think of is when the chinese stole their source code but the response to that would presumably be more about managing who has access to what internally than improving the security of their user facing products.

edit: to be clear I'm thinking of the time they had code stolen by a chinese employee in their china office, presumably on request of the govt.

discuss

mtgx|10 years ago

Yes, I think that was the first event that pushed Google to focus much more on security. The second one was of course in the summer of Snowden, when Google found out NSA had full access to its network. Since then it has taken quite a few measures to improve security and now it treats its own network as the "untrusted Internet".

https://www.usenix.org/conference/lisa13/enterprise-architec...

Unfortunately, other than the default full disk encryption it's pushing on Android 6+ devices, I'm not really seeing Google push client-side encryption anymore. I wonder if it even wants the E2E email extension to be fully developed anymore. And even though it should be quite trivial for Google to adopt Signal's text and voice encryption in Hangouts, I doubt it has any intention of ever doing that.

tptacek|10 years ago

Cite a source that demonstrates that NSA had full access to Google's network, please.