What Google's 'End-to-End' encryption means for you
With its new End-to-End encryption service, Google wants to make e-mail safe from prying eyes.
A year after Edward Snowden lifted the veil on the National Security Agency’s cyber snooping, Google is making moves to let users know how seriously it takes e-mail security.
On Tuesday, the company announced the End-to-End Chrome extension, a security tool that will allow users to encrypt e-mail as it is sent from their Web browser to a recipient’s inbox, provided both users are using End-to-End or a similar encryption tool.
Essentially, Google is giving users an added layer of security from prying eyes.
End-to-end encryption services – which turn e-mails into a series of unreadable characters unless you have the code to unscramble them – have been available for years, but were often too difficult for most people on the Internet to use. This new approach aims to make e-mail security simple, writes Google privacy and security product manager Stephan Somogyi in a blog post. Google's End-to-End uses OpenPGP, an open-source encryption standard that works easily with many existing encryption tools.
So, how and when can people get started?
For the time being, only the source code has been released, with the intention that savvy users will test the Chrome extension and then report any bugs that are found. “We’re releasing this code to enable community review; it is not yet ready for general use,” the company says. Once Google feels End-to-End is ready for a wider audience, it will release the software to the public through the Chrome store.
As many have noted, this move can be seen as Google’s attempt to take the lead in encryption reform. Currently, all e-mail sent between Google servers is automatically encrypted. But often when e-mail is sent between other servers, or between Google and another server, the e-mail is not encrypted. According to an update to the Google Transparency Report, about half of all e-mails sent between Gmail and other e-mail services are not encrypted. As a result, according to the Wall Street Journal, Comcast has now announced that it will also begin encrypting users’ e-mail. Comcast currently encrypts less than 1 percent of e-mails received from Gmail, according to the Transparency Report.
Traditionally, big technology companies such as Google and Yahoo have avoided encryption services because they hinder the companies’ abilities to gather user data that can in turn be used for targeted advertising, reports The New York Times.
But as public debates have raged over privacy concerns, ranging from Mr. Snowden’s revelations to a recent PBS Frontline documentary investigating how Internet companies enable government spying, it appears Google is taking extra precautions to ensure it has the public’s trust.
Moreover, Google has now joined Reset the Net, a global campaign set to go live June 5 to protest mass Internet surveillance.