Gmail Encryption May Stop NSA Snooping, Not Google's

Diposkan oleh silent aja 7:33 PM Post a Comment

While Google's announcement that it wants to encrypt all Gmail messages while they're in transit was praised for making government spying more difficult, observers point out that the move won't save your messages from Google's own prying eyes.

'The email provider can still see the message. They're just encrypting it when it's going over the Internet, not when the message is in their own system,' said Seth Schoen, a senior technologist with the privacy group Electronic Frontier Foundation. Schoen walked this reporter through the myriad possible methods of email encryption.

Google, in a blog post this month, said that Gmail has 'always supported' data encryption during the transportation of emails, using a type of encryption called Transport Layer Security.

Google has stepped up efforts to keep its Gmail email messages private, but they're private only to a point. View Enlarged Image

But other email carriers don't always support TLS, so only about half of emails received by Gmail users are encrypted, Google said.

TLS encryption works only if both sender and receiver use it. If you're sending an email to an email service where such encryption isn't mandatory, the Google encryption doesn't actually work.

Google published a blog post to nudge other email providers to update to TLS.

'The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can't do it alone,' wrote Brandon Long, Gmail delivery team tech lead, in that post.

Baca Juga

The move did spur one big email provider, Comcast (NASDAQ: CMCSA), into action. Google had noted that less than 1% of email received from Comcast had encryption. Comcast is now testing TLS encryption on its email, company spokesman Charlie Douglas told IBD.

'With respect to Google, since Gmail is a large domain, we plan to gradually ramp up encryption with Gmail in the coming weeks,' said Douglas, who declined to say how much the effort will cost Comcast.

Encrypted email certainly aids online privacy, but it only goes so far.

Even when both parties use TLS, data are only protected from the time they leave your device to the time they land in someone else's inbox. So Google - and in theory any email provider looking within its own system - still gets a peak at your emails before they're encrypted and after they're received and decrypted, Schoen says.

'Google still absolutely can see the body of your message and they can still absolutely show you ads based on that,' he said.

Google declined comment other than to refer IBD to Long's blog post.