> Google also declined to disclose whether it had received requests > for encryption keys. But a spokesperson said the company has "never > handed over keys" to the government,
Surely they have provided hard disk images containing key material to aid government investigations related to themselves or their employees? Certainly, the key material wouldn't be the focus of the data sharing in such cases, but saying that it never happened is a bit of a stretch. But this pressure finally explains why Google would prefer ephemeral DH (for perfect forward secrecy) with RC4 over AES without it: <https://www.imperialviolet.org/2011/11/22/forwardsecret.html> <https://www.imperialviolet.org/2012/03/02/ieecdhe.html> This didn't make much sense at the time because is by far weakest-looking cipher in wide use. But if Google faced demands to disclose the private keys used by their TLS servers to enable passive eavesdropping, switching on perfect forward secrecy might counteract these demands. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
