So how do Google's super-smart security folk protect their data?

You'll be surprised

It's a question that occurs to many of us: if digital security is such a minefield, how do you keep your personal data safe?

One person who knows about the risks is Adam Langley. As a security engineer at Google, he makes key decisions about how your data is spread around the internet. He also has access to systems that would have hackers salivating.

So how does Adam make sure he's not taken for a ride? Not how you'd think. Speaking at a conference at CloudFlare headquarters in San Francisco, he outlined his strategy.

"So my passwords are randomly generated. There are a few sensitive ones that I have memorized, but the rest are in a password manager." And sharing data? He keeps it off his phone. "There is nothing too sensitive on my phone – I don't have corporate email on my phone for example. Which is actually quite nice."

Is that it? Well, no. "I do have a machine at home which is largely experimental, which I wouldn't recommend." The experimental machine apparently segregates and partitions data in a range of novel ways that Langley wasn't that keen to share.

His approach was reiterated by Richard Barnes, Firefox's security head. "I'm pretty much the same, although I use two-factor auth with almost all my services and I use a lot of paper. There's some things I don't put into electrons at all."

Snowden and the NSA

Of course, the issue of Mr Snowden and what he told us about the mass surveillance of the internet by the NSA popped up its head.

"I have to say that when the information came out, it was clear the NSA was much more aggressive than I would have assumed," said Langley. But both he and Barnes agreed that the Snowden revelations were less revelatory and more reinforcing.

"In our field, we've been saying this sort of thing was possible for decades. The news was that it was actually being done," said Barnes.

Both agreed that the documents Snowden produced had proved extremely valuable in raising awareness. "It's been very pleasing to see things getting kicked upwards much faster now," said Langley.

They also took some pleasure in the fact that the documents show that the NSA engineers were not miles ahead of their own efforts. "There was no alien technology there. Given the budget and the number of people that the NSA has, I think a lot of people would have been able to create the systems they have created."

That fact also lent confidence to Langley that in the long run, things were going in the right direction. "In the 1990s, with cryptography we didn't really know what we were doing. So killing off SSL and SHA1 is trying to clear that out. But within a few decades, I think it should be the case that defenders are fundamentally in the clear. There will be years of pain while we clean up our mistakes, but I think fundamentally that we can win this." ®




Biting the hand that feeds IT © 1998–2018