Google Previews Gmail Encryption - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Business
News
6/4/2014
03:26 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Previews Gmail Encryption

Gmail users will soon be able to encrypt their messages easily with End-to-End, a free Chrome extension.

Google I/O 2014: 8 Things To Watch
Google I/O 2014: 8 Things To Watch
(Click image for larger view and slideshow.)

Google on Tuesday introduced software called End-to-End to encrypt Gmail messages in transit and simultaneously published data about encryption usage by email providers, as if to shame companies with indifferent security practices.

In a blog post, Google security product manager Stephan Somogyi characterized the company's effort simply as an attempt to "help make this kind of encryption a bit easier."

But Google's action follows a year of revelations about the extent to which intelligence agencies can access electronics communications. The documents leaked by former NSA contractor Edward Snowden have made businesses and individuals reticent about trusting their information to third-party service providers.

Thus we find Google encouraging other online service providers to do more to protect customer data. By naming names -- last month, less than 1% of email sent from Gmail to comcast.net addresses remained encrypted, for example -- Google may be able to hasten industry adoption of encryption and restore faith in cloud computing, upon which much of its business depends.

[Gartner's annual competitive positioning graphic shows challenges ahead for some vendors. Read Gartner's Magic Quadrant 2014 For Cloud: Winners And Losers.]

But Google cannot unilaterally secure the Internet. In its Transparency Report, the company acknowledges that while encryption makes snooping on messages in transit more difficult, it does not make it impossible. In addition, email messages can be read once they've been delivered, through malware or other means.

According to Google, 69% of messages from Gmail to other providers, and 48% of messages sent to Gmail, support encryption through Transport Layer Security (TLS).

Google's gambit appears to be working already. On Tuesday, Comcast said it is testing encryption for customers' email messages and intends to begin deploying the technology in a matter of weeks.

Google's embrace of encryption will have a downside for the company: Messages encrypted on Google's servers cannot be scanned, eliminating their use as a source of ad-targeting data. However, given how much Google already knows about its users and the fact that it expects only the security-conscious minority to install its encryption software, the company's ability to target ads isn't likely to be much degraded.

Google's encryption software is not yet ready for mainstream use. The company is offering it as alpha code so it can be tested. Those who find bugs in the code can submit them for a possible reward through the company's Vulnerability Reward Program.

When End-to-End is ready to be released, Google plans to offer it through its Chrome Web Store as a Chrome browser extension. End-to-End is based on OpenPGP, an open protocol for encrypting messages through public key cryptography.

Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?Also in the The IPS Makeover issue of Dark Reading Tech Digest: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
poclovis
50%
50%
poclovis,
User Rank: Apprentice
6/25/2014 | 12:11:05 PM
Wrong article link as well
Wrong article I clicked on the Galaxy takes on Ipad and got a google article instead!
jgomez777
50%
50%
jgomez777,
User Rank: Apprentice
6/20/2014 | 12:19:16 PM
Wrong article
I clicked on the Galaxy takes on Ipad and got a google article instead!
cklimeczko570
100%
0%
cklimeczko570,
User Rank: Apprentice
6/19/2014 | 10:28:49 AM
Re: GMAIL ENCRYPTION - LIKE IT MATTERS
I clicked on  

Samsung Galaxy Tab S Takes On iPad  and got this article instead. 
mySecure_Phone
50%
50%
mySecure_Phone,
User Rank: Apprentice
6/18/2014 | 4:02:10 AM
Re: And PGP is new because...?
Maybe Google will do what they promised to but what about an informations sent via other channels? Protect your privacy by using independent programs. If you are using a cell with Android system, just download mySecurePhone - software to encrypt outgoing emails, texts and calls. Good thing is that mySecurePhone is compatible with any email account.
jgherbert
50%
50%
jgherbert,
User Rank: Ninja
6/7/2014 | 11:57:40 AM
And PGP is new because...?
Ok, so this is new for Google that they might offer encryption (assuming you trust the extension... do you?). I wonder how it will really work though. Will Google be offering to keep track of your private or public keys for you perhaps? After all, keeping keys in cloud storage protects you in case of loss, so let's get those all stored somewhere handy like GoogleDrive. Nicely done ;-)

Seriously though, PGP has been around for the longest time but it just hasn't caught on not least because it's a pain in the backside to use for most people. I suspect that PGP's "web of trust" concept is about to be blown wide open by people who will just sign off on anything they see rather than actually validating the keys. So just wait for the first exploit of that.

I also wonder whether we'll see corporates - many of whom still allow gmail/webmail access from their networks - shutting down access to gmail totally if this extension becomes popular.

Guess we'll see, right?

j.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
6/5/2014 | 11:39:34 PM
Re: GMAIL ENCRYPTION - LIKE IT MATTERS
@micjustin33, that a good point, and as more and more providers begin to offer encryption as a standard, this will cause spear phishing to become increasingly difficult. At one point spear phishing will become a zero gain operation, and then after the tipping point is crossed, spear phishing will become a lose making practice, once that happens, encryption and security would have won at least on one front.
micjustin33
50%
50%
micjustin33,
User Rank: Strategist
6/5/2014 | 9:34:33 AM
Re: GMAIL ENCRYPTION - LIKE IT MATTERS
Many providers have turned on encryption, and others have said they're going to, which is great news. As they do, more and more emails will be shielded from snooping."
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
6/5/2014 | 12:08:12 AM
Re: Connection to Zix
I think Zixmail is a completely different email provider, like Yahoo Mail, with its own extension. Or does Zixmail have the ability to encrypt outgoing mail from a Gmail account? If not, then Zixmail is just a third party tool in the app store.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
6/4/2014 | 11:42:47 PM
Re: GMAIL ENCRYPTION - LIKE IT MATTERS
Great point -- huge amounts of capital, trumps capital. And I have a feeling that Google will be gaining more user data, than it will be losing from encrypting Gmail messages, because users that desire a higher level of security and are using for instance, Firefox, will have to move to Chrome and in exchange, Google will gain their browser data.  
leemore57
50%
50%
leemore57,
User Rank: Apprentice
6/4/2014 | 6:39:07 PM
Connection to Zix
How is End-to-End connected to the encryption product currently offered in Google Apps from Zix Corp?
Page 1 / 2   >   >>
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll