Mobile // Mobile Business
News
6/4/2014
03:26 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Previews Gmail Encryption

Gmail users will soon be able to encrypt their messages easily with End-to-End, a free Chrome extension.

Google I/O 2014: 8 Things To Watch
Google I/O 2014: 8 Things To Watch
(Click image for larger view and slideshow.)

Google on Tuesday introduced software called End-to-End to encrypt Gmail messages in transit and simultaneously published data about encryption usage by email providers, as if to shame companies with indifferent security practices.

In a blog post, Google security product manager Stephan Somogyi characterized the company's effort simply as an attempt to "help make this kind of encryption a bit easier."

But Google's action follows a year of revelations about the extent to which intelligence agencies can access electronics communications. The documents leaked by former NSA contractor Edward Snowden have made businesses and individuals reticent about trusting their information to third-party service providers.

Thus we find Google encouraging other online service providers to do more to protect customer data. By naming names -- last month, less than 1% of email sent from Gmail to comcast.net addresses remained encrypted, for example -- Google may be able to hasten industry adoption of encryption and restore faith in cloud computing, upon which much of its business depends.

[Gartner's annual competitive positioning graphic shows challenges ahead for some vendors. Read Gartner's Magic Quadrant 2014 For Cloud: Winners And Losers.]

But Google cannot unilaterally secure the Internet. In its Transparency Report, the company acknowledges that while encryption makes snooping on messages in transit more difficult, it does not make it impossible. In addition, email messages can be read once they've been delivered, through malware or other means.

According to Google, 69% of messages from Gmail to other providers, and 48% of messages sent to Gmail, support encryption through Transport Layer Security (TLS).

Google's gambit appears to be working already. On Tuesday, Comcast said it is testing encryption for customers' email messages and intends to begin deploying the technology in a matter of weeks.

Google's embrace of encryption will have a downside for the company: Messages encrypted on Google's servers cannot be scanned, eliminating their use as a source of ad-targeting data. However, given how much Google already knows about its users and the fact that it expects only the security-conscious minority to install its encryption software, the company's ability to target ads isn't likely to be much degraded.

Google's encryption software is not yet ready for mainstream use. The company is offering it as alpha code so it can be tested. Those who find bugs in the code can submit them for a possible reward through the company's Vulnerability Reward Program.

When End-to-End is ready to be released, Google plans to offer it through its Chrome Web Store as a Chrome browser extension. End-to-End is based on OpenPGP, an open protocol for encrypting messages through public key cryptography.

Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?Also in the The IPS Makeover issue of Dark Reading Tech Digest: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
SomebodySmart
50%
50%
SomebodySmart,
User Rank: Strategist
6/4/2014 | 6:16:59 PM
Liberty issue
To those who would argue that NSA has a "right" to listen to the radio let me reply that NSA has no right to FORCE innocent businesses to hand over data.
SomebodySmart
100%
0%
SomebodySmart,
User Rank: Strategist
6/4/2014 | 6:13:59 PM
One-time pad
Return to the old 5.25" floppy. It could be erased with a household magnet. Use bitmaps of close-up photos of sand for randomness for one-time pads. Compose message on one machine and encrypt with one-time pad. Write cryptext to floppy. Remove floppy and insert it into another machine to transmit it over the internet. Hackers cannot break through to the machine with the plain text because it is not connected to anything. As long as you're not broadcasting, but that's another security issue.

 

 
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
6/4/2014 | 5:33:23 PM
Re: GMAIL ENCRYPTION - LIKE IT MATTERS
I would go further and suggest that no amount of security will keep electronic communication secure against an adversary with the funding and reach of the NSA, if they really want to find out about your messages.
c_s_everett
50%
50%
c_s_everett,
User Rank: Apprentice
6/4/2014 | 5:14:46 PM
GMAIL ENCRYPTION - LIKE IT MATTERS
The irony of Google or Gmail offering encryption to users of its service taking into consideration the well documented collusion with the NSA to make customer data available is laughable.  If you're worried about privacy, and you should be, use a  service coming on line soon like Proton Mail.  I have very little faith in Gmail to keep any of my information safeguarded. 

To those who might offer up the tired line of "if you don't have something to hide, why should care", I'll offer this when did the act of being a law abiding natural born US citizen become reasonable suspicion to vacuum up the data an entire population.  Let that sink in - 380,000,000 US citizens. 

It's less about trying to hide something and more about fundamental pricincples this country was found around - like the 4th amendment. 
<<   <   Page 2 / 2
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.