google email transparency dataGoogle

Google plans end-to-end encryption tool for additional email privacy

In an apparent response to ongoing concerns about electronic communications being collected and read by government agencies, Google released its estimates of how much email is being sent, unencrypted—as well as a tool to do something about it.

Google’s transparency report indicates that about half of the email passed to its servers isn’t encrypted, while about 65 percent of the email sent from Google elsewhere is. Google’s Gmail service itself uses HTTPS and offers encryption from the browser, but that doesn’t matter if it’s being sent to a provider that doesn’t use it. 

The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can’t do it alone,” Brandon Long, a member of the Gmail delivery team, wrote in a blog post. “Our data show that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren’t encrypted. Many providers have turned on encryption, and others have said they’re going to, which is great news. As they do, more and more emails will be shielded from snooping.”

Numerous reports have surfaced, many sourced from documents leaked by Edward Snowden, about the government’s intrusion into the email and digital information owned by Americans. The NSA collects email addresses and chat addresses; and allegedly read millions of private emails in numerous programs reportedly dating back to the weeks after the Sept. 11, 2001 attacks.

The “safermail” report, then, acts as a sort of “name and shame” page for consumers. Email sent to and from the Comcast.net domain, for example, is almost always sent without encryption, while all email sent to the facebook.com domain is. (About 50 percent of email from Facebook.com is unencrypted, however.)

The “End to End” extension, however, is designed to help users fight back. End to End is a future Chrome extension that will use OpenPGP to encase email in a secure wrapper that can be opened only by the recipient. Eventually, it will be released to the Chrome Web Store as a Chrome extension. For now, however, Google said it was encouraging developers to find, and report, any bugs before its general release.

“We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection,” Stephen Somogyi, a product manager for Google, wrote. “But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.”

Subscribe to the Security Watch Newsletter

Comments