Google To Enable End-To-End Email Encryption, Highlight Good Email Security Practices

from the good-to-see dept

Back in December of 2012, we wrote about (and agreed with) Julian Sanchez's suggestion that Google should do end-to-end encryption of emails, even if it (only slightly) mucked with its advertising business model. The impact on overall security would be great (and this was before the Snowden revelations had even come out). As Sanchez pointed out, not only would this (finally) drive more widespread adoption for email encryption, it would create enormous goodwill among privacy advocates. About six weeks ago, we mentioned this again, when it was rumored that Google was trying to make encrypted email easier, though it was said that it wouldn't go "site-wide" on end-to-end encryption.

A new blog post on the Google blog* has now detailed at least some of Google's plans, including offering a new End-to-End Chrome extension that will make it much easier for anyone to send and receive encrypted email messages. This is a big step forward, and hopefully shows how serious Google is about actually encrypting messages, rather than leaving them open for snooping.

This announcement came along with adding a new section to Google's famed transparency report, entirely focused on email encryption in transit, which will hopefully increase the use of Transport Layer Security (TLS) from other email providers out there. In the initial report, Google notes that 65% of outbound messages on Gmail to other providers use TLS, while 50% of inbound messages use TLS (over the last 30 days). And, more importantly, it highlights who supports TLS... and who doesn't (Comcast seems to be a shameful leader on that front). With some transparency, hopefully it will lead more email providers to adopting TLS.

* For the sake of full disclosure, the author of the blog post on Google's site is an old friend of mine, whom I've known for nearly 20 years (I feel old), since long before he worked at Google. I had no idea he was working on this and actually haven't spoken to him in probably a year or two (because life happens). I didn't find out about it from him, but from people talking about it on Twitter.

Filed Under: chrome extension, email, encryption, end-to-end encryption, gmail, pgp, privacy, security, tls
Companies: google

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 3 Jun 2014 @ 4:54pm


    That's (your last point) a good one. Large operations like Google have "target" written all over them, and any intelligence agency in any country on this planet can and will attack them. (Of course they will. It's what they get paid to do.) So regardless of the merits/lack thereof of Google or AOL or Facebook or Twitter or anything they do or anything they say....they're going to be hacked. It's only a question of by whom, when, how -- and most importantly, what the consequences will be.

    In that light, this is a good move by Google, because when (not if) they get hacked, they'll have less data to disclose. But...even if the messages are encrypted, they'll still have the metadata[1], and that facilitates traffic analysis which in turn facilitates tracking and association.

    [1] They have to, otherwise they can't deliver messages. They can certainly scrub the logs often, but if someone taps them in real time, scrubbing them won't accomplish much.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.