Gmail users will soon be able to encrypt their messages easily with End-to-End, a free Chrome extension.
Google I/O 2014: 8 Things To Watch
(Click image for larger view and slideshow.)
Google on Tuesday introduced software called End-to-End to encrypt Gmail messages in transit and simultaneously published data about encryption usage by email providers, as if to shame companies with indifferent security practices.
In a blog post, Google security product manager Stephan Somogyi characterized the company's effort simply as an attempt to "help make this kind of encryption a bit easier."
But Google's action follows a year of revelations about the extent to which intelligence agencies can access electronics communications. The documents leaked by former NSA contractor Edward Snowden have made businesses and individuals reticent about trusting their information to third-party service providers.
Thus we find Google encouraging other online service providers to do more to protect customer data. By naming names -- last month, less than 1% of email sent from Gmail to comcast.net addresses remained encrypted, for example -- Google may be able to hasten industry adoption of encryption and restore faith in cloud computing, upon which much of its business depends.
But Google cannot unilaterally secure the Internet. In its Transparency Report, the company acknowledges that while encryption makes snooping on messages in transit more difficult, it does not make it impossible. In addition, email messages can be read once they've been delivered, through malware or other means.
According to Google, 69% of messages from Gmail to other providers, and 48% of messages sent to Gmail, support encryption through Transport Layer Security (TLS).
Google's gambit appears to be working already. On Tuesday, Comcast said it is testing encryption for customers' email messages and intends to begin deploying the technology in a matter of weeks.
Google's embrace of encryption will have a downside for the company: Messages encrypted on Google's servers cannot be scanned, eliminating their use as a source of ad-targeting data. However, given how much Google already knows about its users and the fact that it expects only the security-conscious minority to install its encryption software, the company's ability to target ads isn't likely to be much degraded.
Google's encryption software is not yet ready for mainstream use. The company is offering it as alpha code so it can be tested. Those who find bugs in the code can submit them for a possible reward through the company's Vulnerability Reward Program.
When End-to-End is ready to be released, Google plans to offer it through its Chrome Web Store as a Chrome browser extension. End-to-End is based on OpenPGP, an open protocol for encrypting messages through public key cryptography.
Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?Also in the The IPS Makeover issue of Dark Reading Tech Digest: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls. (Free registration required.)
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.