Google Built End-to-End Encryption to Block Cyber-Crime, Not the NSA

By Wayne Rash  |  Posted 2014-06-05 Print this article Print
email encryption

Somogyi's blog post is also important for another reason, and that's because he calls attention to the fact that Gmail is always encrypted. If this doesn't sound like a big deal to you, then check the settings for the email service or client you use.

While other Webmail services, such as Microsoft's, also encrypt their connections, many POP, IMAP and SMTP servers do not. This means that when you check your email at a public WiFi location, anyone who can see your transmission can read your mail.

It may be that you never intentionally send or receive sensitive mail using open WiFi hotspots, but do you check mail on your smartphone while you're working on your fitness routine at Dunkin Donuts or Starbucks? If you do, and if you have allowed your smartphone to use the open connections at such a place, you may find that you are, in fact, sending and receiving email over an open connection.

Right now, End-to-End, when it's released, will only be a tool that works as an extension to Google's Chrome browser. Because of this, you're not going to be able to take advantage of it when it's released unless you have a version of Chrome for your computer or smartphone and you use it for checking email.

But if you're using an email client such as Microsoft Outlook or other clients, then your communications may not be protected. The only way to know for sure is to check your mail client's settings and see if they're set to use Secure Sockets Layer or Transport Layer Security, or if you're connecting using a secure VLAN. Your network administrator can tell you the answer to this if you don't know how to check.

If you're not sure, then the best practice is to assume that your email and other communications are not protected. This means that wireless communications are probably not secure. Using a wired connection if you have access to one is much safer, if only because tapping into an internal Ethernet is harder to do, but it's not impossible.

Now, back to that concept of secure Gmail. While Google's email system is already protected using an SSL connection, and while it will be possible to encrypt it further using End-to-End, you're crazy if you think the NSA or other state-sponsored intelligence agencies can't read your email. They can.

Google is subject to the same laws as everyone else, so when the company gets a court order, it provides the information. Until the law is changed, the company has no choice.



Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel