Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google reportedly wants to make email encryption easier, but don't hold your breath

Ian Paul | April 23, 2014
Still responding to the National Security Agency surveillance revelations, Google is reportedly preparing to help users beef up Gmail security with end-to-end encryption. The search giant is working on a way to make Pretty Good Privacy (PGP) encryption easier to use for Gmail fans, according to a report by Venture Beat.

A simpler solution for Google might be to hang on to everybody's keys on a third-party server. That way, the user doesn't have to deal with private keys and reading email across devices is that much easier.

But once Google has your private key the company can technically read your email, making the whole point of using encryption somewhat pointless, especially if the NSA or other three letter agency comes knocking — see Lavabit's woes.

Follow the money

Then there's the previously mentioned email scanning Google loves to do so it can insert ads based on keywords into your messages.

Perhaps Google could employ some kind of JavaScript magic in the browser that lets it scan messages once they've been decrypted. But Google would still have to send that post-decryption data to its servers to figure out which ads to display.

Once that happens your private messages are landing on Google servers, where they would could once again be available to law enforcement or surveillance agencies with the right paperwork.

Email encryption is nice a dream for Gmail, but the hassles of key management and ad delivery mean PGP/GPG would probably never be more than a feature buried in Gmail Labs, where only the most dedicated advanced users would find it.

If you're interested in trying out email encryption with a public-private key pair, check out our tutorial on how to use the Enigmail Thunderbird extension.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.