Google plans end-to-end encryption tool for additional email privacy

google email transparency data
Credit: Google

In an apparent response to ongoing concerns about electronic communications being collected and read by government agencies, Google released its estimates of how much email is being sent, unencrypted—as well as a tool to do something about it.

Google’s transparency report indicates that about half of the email passed to its servers isn’t encrypted, while about 65 percent of the email sent from Google elsewhere is. Google’s Gmail service itself uses HTTPS and offers encryption from the browser, but that doesn’t matter if it’s being sent to a provider that doesn’t use it. 

The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can’t do it alone,” Brandon Long, a member of the Gmail delivery team, wrote in a blog post. “Our data show that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren’t encrypted. Many providers have turned on encryption, and others have said they’re going to, which is great news. As they do, more and more emails will be shielded from snooping.”

Numerous reports have surfaced, many sourced from documents leaked by Edward Snowden, about the government’s intrusion into the email and digital information owned by Americans. The NSA collects email addresses and chat addresses; and allegedly read millions of private emails in numerous programs reportedly dating back to the weeks after the Sept. 11, 2001 attacks.

The “safermail” report, then, acts as a sort of “name and shame” page for consumers. Email sent to and from the domain, for example, is almost always sent without encryption, while all email sent to the domain is. (About 50 percent of email from is unencrypted, however.)

The “End to End” extension, however, is designed to help users fight back. End to End is a future Chrome extension that will use OpenPGP to encase email in a secure wrapper that can be opened only by the recipient. Eventually, it will be released to the Chrome Web Store as a Chrome extension. For now, however, Google said it was encouraging developers to find, and report, any bugs before its general release.

“We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection,” Stephen Somogyi, a product manager for Google, wrote. “But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.”

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter