TIME

Gmail Ramps Up Encryption to Thwart the NSA, but It’s Still Not a Silver Bullet

servers
Getty Images

Google announced that its Gmail service will use secure, encrypted connections in an effort to thwart NSA snooping. The measure is a step in the right direction, but users can still do more to protect their own privacy

Yesterday, Google announced that its Gmail service will use a secure, encrypted connection. Gmail has supported encryption since its early days, and the option was turned on by default in 2010 — but with this latest announcement, there’s no way to turn it off.

The official company line is as follows:

Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet.

In addition, every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers—something we made a top priority after last summer’s revelations.

The quip about “last summer’s revelations” doesn’t name any names, but we’re talking about Edward Snowden and the NSA, of course.

Encrypting your Gmail messages from the web interface to Google’s servers – and as they bounce around between Google’s servers before being shuttled to your recipient’s Gmail interface – is a step in the right direction, but it’s still not a cure-all as far as general Internet security is concerned.

Here are a few of the pieces that are still missing.

This is a Gmail-user-to-Gmail-user solution. Everything Google is saying pertains to how Gmail messages move around Google’s network between Gmail users. Once you start exchanging email with non-Gmail users, the system can potentially break down. Not that other services aren’t encrypted, mind you, but Google’s not promising to protect your communications with someone who’s not a Gmail user.

We’ll (probably) never know the extent of Google’s relationship with the NSA. Google might not even know the extent of its relationship with the NSA, for that matter. This encryption setup takes steps to make it difficult or impossible for the NSA to snoop on Gmail messages in the traditional snooping sense, but who knows if the NSA doesn’t have a more direct line into Gmail.

The burden of true security is up to each user, and it’s too cumbersome for most people. As Snowden pointed out in his recent SXSW interview, end-to-end encryption from one user to another is currently one of the best ways to prevent others from snooping on you. The problem is that end-to-end encryption relies on both parties using encryption tools and services for sending messages back and forth. Your average Internet user doesn’t have the time or patience to deal with stuff like that, or they don’t care enough to make sure nobody can intercept the recipes, chain emails and soccer schedules they’re sending around.

These quibbles aside, this is still a nice addition to Gmail’s feature-set. And the greater the number of web companies that roll out widespread encryption like this, the better. Just don’t start emailing your social security number around – that’s all. It’s always best to use the Internet with a tiny ember of paranoia gently burning in the back of your mind.

Staying at the forefront of email security and reliability: HTTPS-only and 99.978% availability [Google]

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser