Donate
Google Takes First Step Toward End-to-end Email Security Thumbnail
‹ Back
Open Internet Standards 5 June 2014

Google Takes First Step Toward End-to-end Email Security

Andrei Robachevsky
By Andrei RobachevskySenior Director, Technology Programmes

I was very excited when I read Google’s announcement about their beta release of a Chrome extension that will allow users to encrypt their messages end-to-end. Although Gmail supported HTTPS from the very beginning and now always uses an encrypted connection when you check or send email in your browser, the content of your messages is stored at Google and is accessible to them.

This is not a secret, Google’s terms of service say that “automated systems analyse your content (including emails) to provide you personally relevant product features, such as customised search results, tailored advertising, and spam and malware detection.” Unfortunately, as we read from the documents disclosed by Edward Snowden, this information may also be made accessible to other parties.

What Gmail is missing is the end-to-end email security, where one end is myself and the other end – my recipient, and not Google. Also, very important, is that I and my correspondent keep the secret keys, not a third party. In computer security jargon is is called object security as opposed to channel security (what Google was offering from the beginning), since in email there is no direct channel between me and my correspondent. So Google’s End-to-End seems like a step in the right direction.

It appears to be only a half-step, though. The beta version of the extension only partly integrates with Gmail, and is a bit more than a web interface to OpenPGP. It will let you automatically create new conversations with the encrypted blob copied in. But copy&paste is required to decrypt the message. It also doesn’t allow you to use keyservers making key management difficult.

So it doesn’t really make use of encrypted email easier, or even on par with other existing tools, but I take it as a sign that Google is committed to make its email service end-to-end secure and fully integrate with Gmail at some point. Because that would be a strong response to pervasive monitoring – an attack against Internet privacy, from the IETF point of view.

Speaking of other tools, for those who use IMAP (or POP) instead of webmail, many of the popular email clients support PGP through extensions and plug-ins. I am using Thunderbird with Enigmail and find signing and encrypting of emails pretty straightforward.

Yet, end-to-end encrypted mail is far from being ubiquitous. Is it because it is still too difficult, is there lack of awareness or is it not seen as useful to a regular user? At the end of the day a traditional postal envelope doesn’t offer much protection either.

I think all these factors contribute and that means there is a lot to do before Google’s new feature can become useful and used. But I am glad they are moving in this direction.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Yahoo, spying, responsibilities, and possibilities
Yahoo, spying, responsibilities, and possibilities
Building Trust5 October 2016

Yahoo, spying, responsibilities, and possibilities

In breaking news we learned that ‘Yahoo secretly scanned customer emails for U.S. intelligence’. Frankly, that is not at all...

Encryption and Law Enforcement Can Work Together
Encryption and Law Enforcement Can Work Together
Encryption26 October 2017

Encryption and Law Enforcement Can Work Together

The Internet Society and Chatham House will be hosting a roundtable of experts to deconstruct the debate on encryption and...

What Is a Man in the Middle (MITM) Attack?
What Is a Man in the Middle (MITM) Attack?
Encryption26 November 2019

What Is a Man in the Middle (MITM) Attack?

Simply put, MITM is an attack in which a third party gains access to the communications between two other parties,...

Join the conversation with Internet Society members around the world