Google Built End-to-End Encryption to Block Cyber-Crime, Not the NSA

NEWS ANALYSIS: Yes, you can encrypt your email using a new Chrome extension that's fairly easy to use. But do you really think that's going to keep the NSA from reading your email if it wants to?

email encryption

The blog entry by Google's Stephan Somogyi announcing Google's new End-to-End encryption tool gives some reason for hope that useful encryption may be within reach of nontechnical emailers.

But assertions that End-to-End will somehow protect you from the National Security Agency snooping are overblown. In fairness, Somogyi doesn't actually claim that his tool will exclude the NSA. That's been done by others.

Let's face it, if your goal is to prevent the NSA from reading your email, using Google's Gmail isn't going to work for you. There are several reasons, not the least of which is that the agency can simply get a court order for your email if it has reason to believe that you are doing something that it wants to find out about. Another is that in many cases, the NSA isn't necessarily interested in the contents of your endless yammering, but rather who you yammer with.

In other words, in many cases the NSA is a lot more interested in your email metadata than in the email itself. If, upon examining your metadata the agency finds that you've been corresponding with its wide definition of Bad Guys, then it will go looking for the contents of your email with the aforementioned warrant. Encrypting the email in transit, which is what End-to-End encryption promises to do, simply won't matter.

So how does End-to-End become more effective than, say, translating your email into Pig Latin? Somogyi's blog post will give you a hint. He's really focusing on cyber-crime, not the NSA. Encrypting your email, and for that matter everything else, is an effective means of keeping criminals from reading your sensitive information.

While there may be cyber-criminals who have the means to decrypt some messages, the chances of their being able to accomplish something as complex as decrypting a PGP-encrypted message quickly enough to be usable is highly unlikely.

Likewise, considering the level of effort and the massive computing power that may be necessary to perform such a decryption project, it's unlikely that anything you have to say is worth it to them.

What End-to-End will do is keep your data, including email, encrypted from the time it leaves your computer until the intended recipient gets it on the other end using OpenPGP. This is in addition to the encryption that Chrome (and most other browsers) uses when connecting to Gmail and some other services. The reason End-to-End is important is that it's designed to be easy for a layman to use.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...