Gmail improves its encryption in response to government snooping

Gmail comes up with improved encryption, but there are still limited opportunities for government spies and others to snoop on private e-mail messages

There is a renewed effort by Google to ensure Gmail is secure from government snooping or from other outsiders with nefarious intentions. 

The latest move helps private companies and other organizations concerned about protecting their own or their customers’ privacy, but it definitely has limits.

First, Google announced in a blog post last week that Gmail as of now “will always use an encrypted HTTPS connection when you check or send email.” HTTPS is a secure communications protocol.

Also, the messages will be encrypted while they move internally through the Google system. “This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers,” Nicolas Lidzborski, Gmail Security Engineering lead, said. 

“Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public Wi-Fi or logging in from your computer, phone or tablet,” he added. 

The move comes soon after a California judge rejected a class action lawsuit against Google for alleged privacy violations. The proposed class action targeted how Gmail collects data from users and uses it to send them relevant ads. It is a key revenue source for the company. There are still other individual lawsuits pending on the issue. 

Meanwhile, experts have told the media that the beefed up encryption by Google will go a long way to prevent snooping into e-mails by government spies, such as the National Security Agency (NSA). The agency may still be able to reach inside for mass surveillance, but it becomes much harder for them. It also restricts any efforts by hackers or even employers watching their employees.

"That should be effective," Mikko Hypponen, a tech security specialist based in Finland, told CNN about the beefed-up security. "By protecting the connection between you and Google servers, they protect you against tons of attackers."

"I wouldn't call it NSA-proofing," Eugene H. Spafford, a computer scientist at Purdue University, also told CNN. "But they're doing something reasonable to protect against that and any other similar kind of eavesdropping."

In fact, Lidzborski said the changes by Google were in response to the recent U.S. government surveillance efforts. "This ensures that your messages are safe ... something we made a top priority after last summer's revelations," Lidzborski adds.

It was reported last year the NSA searched fiber-optic cables operating among data centers belonging to tech companies for data that was of interest.

The issue was of concern for the attorneys representing tech companies – and they are no doubt involved in finding ways to minimize the risk of any controversial surveillance from taking place. Also, in response to revelations about the NSA spying methods, several tech companies have joined "Reform Government Surveillance" – which wants to improve privacy rights and limit government surveillance. The companies include: Google, Facebook, Yahoo, AOL, LinkedIn, Twitter and Microsoft. 

Companies such as Microsoft and Yahoo still have not implemented encryption between email providers, Christopher Soghoian, a technologist for the American Civil Liberties Union, told CNN.

And even with Google’s latest move, there are some limitations to users’ privacy, according to a blog post from The Washington Post. Google’s machines will still look through user messages in order to send them relevant ads. And remember that Gmail is only secure while in Google’s network.

“Not every e-mail provider has agreed to support the technology that's required,” The Post explains. “To make absolutely sure that your e-mails are fully shielded — even if your recipient is using a different e-mail service — encrypt your e-mail yourself, and make sure your friends do, too.” That is something both a business and individuals could do relatively easily.

And attorneys working for businesses may want to advise the company to consider such a move – especially if a breach of privacy could negatively impact the company, through potential legal action or by a loss of business or loss of company secrets.

 

Related stories:

Rand Paul, other conservatives file suit over NSA spying

Facebook still faces foes to privacy settlement

Contributing Author

author image

Ed Silverstein

Ed Silverstein is a veteran writer and editor for magazines, websites and newspapers. A graduate of Harvard's Kennedy School of Government, he has won several...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.