Google taking steps to encrypt emails

June 7, 2014 |

Google’s email security, or at least what Google reads of or into its users gmail, has been the subject of some controversy.  See the Guardian’s article from August 2013, Is Gmail secure enough for my private emails.  There has been improvement on that front with The Electronic Frontier Foundation as it reported on 4 June 2014 in New Gmail Data Shows the Rise of Backbone Email Encryption which provides:

For the past few years, EFF has been working on promoting the universal use of encryption for Internet protocols. We started by pushing major sites to switch from HTTP to HTTPS, and gave individual users ways to pull things along.

Last November, we launched our Encrypt the Web Scorecard, which in addition to Web encryption, added a second focus on securing SMTP email transmissions between mailservers. We believe this is a vital protection against non-targeted dragnet surveillance by the US and other governments. In the months after we started rating their support for STARTTLS email encryption, a number of major sites including Yahoo!, Twitter, LinkedIn and Facebook deployed this form of backbone email encryption. Microsoft’s deployments is in progress. We believe that most or all of these companies made these changes in response to EFF’s Encrypt the Web report.

Today, Google, which led the email ecosystem with early adoption of STARTTLS and HTTPS, has published its own datasets on the amount of email that is encrypted in transit between Gmail and other email providers. This data shows that (averaging Google’s inbound and outbound numbers) backbone encryption has risen from 33% to 58% since December last year.1 A Facebook snapshot from two weeks ago shows a similar story. But there is also more work to do. More mail operators need to implement STARTTLS, and some of those that already support STARTTLS need to upgrade their servers to support modern ciphers and forward secrecy.

The Age in Google testing software to take email encryption to the masses reports on the further development by Google in making encryption more accessible and therefore security more effective.  It is not Tor but it is an improvement on what previously existed.  Of course one must always keep in mind that, after the Snowden leaks made plain, backdoors to encryption software are not random and rare occurences.

The article provides:

Google is testing a new browser extension that will be able to encrypt Gmail messages sent to and from Google Chrome, making it harder for someone to read them.

While email encryption software isn’t new, and Google already offers an encrypted connection for Gmail (shown as https on the address bar), the new service would encrypt the message content.

Google said it hoped the plug-in would make the process of encryption more accessible and therefore more widely used. Encryption software tools like PGP and GnuPG are freely available but are cumbersome for consumers.

Google’s plug-in, is called End-to-End, promising uninterrupted protection of data travelling between two parties.

According to a recent Google Transparency report, 40 to 50 per cent of emails sent from within their hosted accounts aren’t encrypted.

”We recognise that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection. But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it,” the statement said.

The company has released the source code to the tech community to check for bugs and get feedback before a public launch.

The move follows Yahoo’s announcement in April it was moving towards a platform where all emails were encrypted by default.

Google’s source code release is part of a day of action scheduled for Friday called Reset the Net. That event aims at motivating internet users to “take privacy back” in light of mass surveillance operations by the US National Security Agency (NSA).

It will involve a range pro-privacy activities coordinated by the Electronic Frontier Foundation with Google, Reddit, Mozilla, Amnesty International and NSA whistleblower Edward Snowden.

“One year ago, we learnt that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives – no matter how innocent or ordinary those lives might be,” Mr Snowden said in a statement issued by his lawyer.

”Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same.”

One Response to “Google taking steps to encrypt emails”

  1. Google taking steps to encrypt emails | Australian Law Blogs

    […] Google taking steps to encrypt emails […]

Leave a Reply