Google To Enable End-To-End Email Encryption, Highlight Good Email Security Practices

from the good-to-see dept

Back in December of 2012, we wrote about (and agreed with) Julian Sanchez's suggestion that Google should do end-to-end encryption of emails, even if it (only slightly) mucked with its advertising business model. The impact on overall security would be great (and this was before the Snowden revelations had even come out). As Sanchez pointed out, not only would this (finally) drive more widespread adoption for email encryption, it would create enormous goodwill among privacy advocates. About six weeks ago, we mentioned this again, when it was rumored that Google was trying to make encrypted email easier, though it was said that it wouldn't go "site-wide" on end-to-end encryption.

A new blog post on the Google blog* has now detailed at least some of Google's plans, including offering a new End-to-End Chrome extension that will make it much easier for anyone to send and receive encrypted email messages. This is a big step forward, and hopefully shows how serious Google is about actually encrypting messages, rather than leaving them open for snooping.

This announcement came along with adding a new section to Google's famed transparency report, entirely focused on email encryption in transit, which will hopefully increase the use of Transport Layer Security (TLS) from other email providers out there. In the initial report, Google notes that 65% of outbound messages on Gmail to other providers use TLS, while 50% of inbound messages use TLS (over the last 30 days). And, more importantly, it highlights who supports TLS... and who doesn't (Comcast seems to be a shameful leader on that front). With some transparency, hopefully it will lead more email providers to adopting TLS.

* For the sake of full disclosure, the author of the blog post on Google's site is an old friend of mine, whom I've known for nearly 20 years (I feel old), since long before he worked at Google. I had no idea he was working on this and actually haven't spoken to him in probably a year or two (because life happens). I didn't find out about it from him, but from people talking about it on Twitter.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    John Fenderson (profile), 4 Jun 2014 @ 12:11pm

    Re: Re: Re: Re: Re: Re: Re:

    "I would argue that the current interest in encrypting emails is driven by a desire for protection against government snooping"

    You miss my point. People who are really worried about this won't be relying on Google to do it (especially since they won't be using gmail!). They'll be using their own crypto anyway. Google's effort is an attempt to protect people who aren't concerned enough to implement a real solution. I fail to see how this can be anything but an improvement, even if the security isn't ironclad.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.