Moving to restore trust in cloud computing services, Google said Thursday that it has made encrypted HTTPS connections mandatory for Gmail.
"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers -- no matter if you're using public WiFi or logging in from your computer, phone or tablet," Nicolas Lidzborski, Google security engineering lead, wrote in a blog post.
The company turned HTTPS on by default in 2010. From then until now, users were able to disable it -- for the sake of marginal speed gains or compatibility -- but no longer.
Google has long been at the forefront of online security, partially out of necessity, because it is frequently targeted by hackers. It was one of the first online companies to introduce two-step authentication. And it says Google Apps for Government was the first set of cloud computing apps to receive Federal Information Security Management Act (FISMA) certification from the US government. (Microsoft disputed this in 2011, and Google said Microsoft's allegations were false.)
[Take control of your privacy on Google. Read 5 Google Opt-Out Settings To Check.]
Lidzborski wrote that all messages Gmail users send or receive are now encrypted when moving internally. "This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers -- something we made a top priority after last summer's revelations."
The revelations at issue are those that arose from the NSA documents revealed by Edward Snowden. They have called into question the security of cloud computing and have prompted some companies to reconsider their commitment to third-party hosting.
Mandatory HTTPS connections might secure data in transit between Google's servers and its customers, but it should not be mistaken for true end-to-end encryption. Google's Gmail algorithms can still read Gmail text to serve ads. And the company can still access Gmail messages if ordered to do so by a court or at its discretion, as Microsoft did recently when it looked through the communications of a Hotmail-using blogger to identify an employee who allegedly leaked Windows source code to the blogger. However, given the outcry over Microsoft taking such action without a court order, it's doubtful Google is eager to avail itself of the access rights it has under its terms of service agreement.
Lidzborski also wrote that Gmail was up and running 99.978% of last year, which works out to an average downtime of two hours for each user during that period.
Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.