Yesterday, Google announced that its Gmail service will use a secure, encrypted connection. Gmail has supported encryption since its early days, and the option was turned on by default in 2010 — but with this latest announcement, there’s no way to turn it off.
The official company line is as follows:
The quip about “last summer’s revelations” doesn’t name any names, but we’re talking about Edward Snowden and the NSA, of course.
Encrypting your Gmail messages from the web interface to Google’s servers – and as they bounce around between Google’s servers before being shuttled to your recipient’s Gmail interface – is a step in the right direction, but it’s still not a cure-all as far as general Internet security is concerned.
Here are a few of the pieces that are still missing.
This is a Gmail-user-to-Gmail-user solution. Everything Google is saying pertains to how Gmail messages move around Google’s network between Gmail users. Once you start exchanging email with non-Gmail users, the system can potentially break down. Not that other services aren’t encrypted, mind you, but Google’s not promising to protect your communications with someone who’s not a Gmail user.
We’ll (probably) never know the extent of Google’s relationship with the NSA. Google might not even know the extent of its relationship with the NSA, for that matter. This encryption setup takes steps to make it difficult or impossible for the NSA to snoop on Gmail messages in the traditional snooping sense, but who knows if the NSA doesn’t have a more direct line into Gmail.
The burden of true security is up to each user, and it’s too cumbersome for most people. As Snowden pointed out in his recent SXSW interview, end-to-end encryption from one user to another is currently one of the best ways to prevent others from snooping on you. The problem is that end-to-end encryption relies on both parties using encryption tools and services for sending messages back and forth. Your average Internet user doesn’t have the time or patience to deal with stuff like that, or they don’t care enough to make sure nobody can intercept the recipes, chain emails and soccer schedules they’re sending around.
These quibbles aside, this is still a nice addition to Gmail’s feature-set. And the greater the number of web companies that roll out widespread encryption like this, the better. Just don’t start emailing your social security number around – that’s all. It’s always best to use the Internet with a tiny ember of paranoia gently burning in the back of your mind.