Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity

    Google Built End-to-End Encryption to Block Cyber-Crime, Not the NSA

    By
    Wayne Rash
    -
    June 5, 2014
    Share
    Facebook
    Twitter
    Linkedin
      email encryption

      The blog entry by Google’s Stephan Somogyi announcing Google’s new End-to-End encryption tool gives some reason for hope that useful encryption may be within reach of nontechnical emailers.

      But assertions that End-to-End will somehow protect you from the National Security Agency snooping are overblown. In fairness, Somogyi doesn’t actually claim that his tool will exclude the NSA. That’s been done by others.

      Let’s face it, if your goal is to prevent the NSA from reading your email, using Google’s Gmail isn’t going to work for you. There are several reasons, not the least of which is that the agency can simply get a court order for your email if it has reason to believe that you are doing something that it wants to find out about. Another is that in many cases, the NSA isn’t necessarily interested in the contents of your endless yammering, but rather who you yammer with.

      In other words, in many cases the NSA is a lot more interested in your email metadata than in the email itself. If, upon examining your metadata the agency finds that you’ve been corresponding with its wide definition of Bad Guys, then it will go looking for the contents of your email with the aforementioned warrant. Encrypting the email in transit, which is what End-to-End encryption promises to do, simply won’t matter.

      So how does End-to-End become more effective than, say, translating your email into Pig Latin? Somogyi’s blog post will give you a hint. He’s really focusing on cyber-crime, not the NSA. Encrypting your email, and for that matter everything else, is an effective means of keeping criminals from reading your sensitive information.

      While there may be cyber-criminals who have the means to decrypt some messages, the chances of their being able to accomplish something as complex as decrypting a PGP-encrypted message quickly enough to be usable is highly unlikely.

      Likewise, considering the level of effort and the massive computing power that may be necessary to perform such a decryption project, it’s unlikely that anything you have to say is worth it to them.

      What End-to-End will do is keep your data, including email, encrypted from the time it leaves your computer until the intended recipient gets it on the other end using OpenPGP. This is in addition to the encryption that Chrome (and most other browsers) uses when connecting to Gmail and some other services. The reason End-to-End is important is that it’s designed to be easy for a layman to use.

      Google Built End-to-End Encryption to Block Cyber-Crime, Not the NSA

      Somogyi’s blog post is also important for another reason, and that’s because he calls attention to the fact that Gmail is always encrypted. If this doesn’t sound like a big deal to you, then check the settings for the email service or client you use.

      While other Webmail services, such as Microsoft’s Outlook.com, also encrypt their connections, many POP, IMAP and SMTP servers do not. This means that when you check your email at a public WiFi location, anyone who can see your transmission can read your mail.

      It may be that you never intentionally send or receive sensitive mail using open WiFi hotspots, but do you check mail on your smartphone while you’re working on your fitness routine at Dunkin Donuts or Starbucks? If you do, and if you have allowed your smartphone to use the open connections at such a place, you may find that you are, in fact, sending and receiving email over an open connection.

      Right now, End-to-End, when it’s released, will only be a tool that works as an extension to Google’s Chrome browser. Because of this, you’re not going to be able to take advantage of it when it’s released unless you have a version of Chrome for your computer or smartphone and you use it for checking email.

      But if you’re using an email client such as Microsoft Outlook or other clients, then your communications may not be protected. The only way to know for sure is to check your mail client’s settings and see if they’re set to use Secure Sockets Layer or Transport Layer Security, or if you’re connecting using a secure VLAN. Your network administrator can tell you the answer to this if you don’t know how to check.

      If you’re not sure, then the best practice is to assume that your email and other communications are not protected. This means that wireless communications are probably not secure. Using a wired connection if you have access to one is much safer, if only because tapping into an internal Ethernet is harder to do, but it’s not impossible.

      Now, back to that concept of secure Gmail. While Google’s email system is already protected using an SSL connection, and while it will be possible to encrypt it further using End-to-End, you’re crazy if you think the NSA or other state-sponsored intelligence agencies can’t read your email. They can.

      Google is subject to the same laws as everyone else, so when the company gets a court order, it provides the information. Until the law is changed, the company has no choice.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×