Until now, anyone using the Google cloud platform, Google Compute Engine, was forced to use encryption keys generated by Google. Clearly this spooked a lot of people, and there have long been calls for users to be granted greater control of security.
Now this is happening -- users are able to provide their own encryption keys. Customer-Supplied Encryption Key (CSEK) are used to provide a second layer of security, on top of the Google-generated keys that are used by default.
Earlier this month, Facebook announced plans to offer end-to-end encryption in Messenger by the end of the summer. Now the company is starting to roll out the new feature, called Secret Conversations, to some people.
Android Police received several screenshots of the new feature, though it doesn’t seem to actually work yet. It’s also unclear if Facebook is only releasing Secret Conversations to beta testers at this point or offering it to some regular users as an A/B test.
On the first day of the sprawling RSA security industry conference in San Francisco, a giant screen covering the wall of the Moscone Center’s cavernous lobby cycles through the names and headshots of keynote speakers: steely-eyed National Security Agency director Michael Rogers in a crisp military uniform; bearded and besuited Whitfield Diffie and Ron Rivest, legendary inventors of seminal encryption protocols that made the Internet safe for communication and commerce.
Director of National Intelligence James Clapper said Monday that the Snowden revelations have sped up the sophistication of encryption by "about seven years," according to the Christian Science Monitor.
"From our standpoint, it’s not a good thing," Clapper reportedly said at CSM's breakfast event. When asked how he came up with that figure, he cited the National Security Agency.
Over the past year, we’ve heard politicians the world over discussing the need for governments to be able to bypass encryption. Major Silicon Valley powers like Apple and Google have repeatedly told lawmakers that they can’t be given access to the encrypted services they provide for their users, with or without a warrant, because they don’t have that access themselves – only the user has the encryption key.