Google’s naming and shaming rival email providers, pointing out Tuesday which of its competitors don’t fully encrypt users’ email. In a new section of its Transparency Report, Google identified the email providers that use an encryption protocol called Transport Layer Security (TLS), which makes it impossible for snoopers to view the content of a message as it’s being shuttled from one inbox to another.
Google says nearly half of emails sent between Gmail accounts and other email accounts aren’t fully encrypted because other companies haven’t implemented TLS.
“When you mail a letter to your friend, you hope she’ll be the only person who reads it,” Google wrote in a blog post. “Emails that are encrypted as they’re routed from sender to receiver are like sealed envelopes, and less vulnerable to snooping—whether by bad actors or through government surveillance—than postcards.”
According to Google’s data, nearly all of the messages sent from AOL, Yahoo and LinkedIn email accounts are encrypted as they travel to Gmail users. Microsoft’s Outlook.com encrypts more than 9 in 10 emails received from Gmail, but less than 9 in 10 sent to Gmail.
Some email providers with more lax security features are already taking action within hours of Google’s report. Comcast, which Google says encrypts less than 1% of emails sent to Gmail inboxes, told the Wall Street Journal that it plans to introduce better encryption “within a matter of weeks.”
Email providers have been under pressure to boost security for the past year due to ongoing revelations concerning the scope of surveillance conducted by the National Security Agency. Google is also testing a more powerful form of security, called end-to-end encryption, that it plans to eventually roll out to all Gmail users. With the service, the contents of an email would be nearly impossible for others to read not only when an email is in transit but also after it’s arrived in the recipient’s inbox. Former NSA contractor Edward Snowden has been a vocal advocate of end-to-end encryption.
“We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection,” Google wrote on its security blog. “But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.”
A world where everyone uses fully-encrypted emails would actually be a huge threat to Google’s business. If Google couldn’t scan its users’ messages, the company would no longer be able to generate huge revenues by showing relevant ads in users’ inboxes.