Google says Gmail is now safe from prying eyes, according to a statement released today. The announcement has Gmail users all over the world breathing sighs of relief, but those sighs may be somewhat premature, according to industry critics.
The statement comes just one day after a Federal judge threw out a class action law suit against Google for allegedly reading their users’ emails. The ruling by U.S. District Court Judge Lucy Koh does not prevent individual plaintiffs from moving forward with their own cases, but it does prevent attorneys from soliciting potential members to join the suit. This action protects the company from having to face a legal action that might have cost the company several trillion dollars, thus preserving the value of their stock(GOOG, $1199.90 up $2,74 after-hours) from nosediving in response to the suit.
Encryption has always been available as an option on Gmail. In 2010, Google reset the Gmail system so that the encryption option became the default state for Gmail accounts but users were given the option of overriding the default and opting out of the encryption program. Today’s announcement indicates that all Gmail traffic will now be encrypted without exception, both coming and going between users, and when email messages are passed back and forth between Google’s internal servers in a direct response to revelations of NSA snooping.
The encryption scheme used by Gmail is passive; the user does not have to do anything to encrypt messages using the Secure Socket Layer (SSL) system. Some critics have suggested that the National Security Agency (NSA) can intercept encrypted messages sent via SSL, rendering the system vulnerable to snooping.
Since 39 data centers on the backbone of the internet actually belong to the NSA in the first place, much of this traffic has been passing through NSA server farms ever since the interest was established. Most people have now forgotten that the internet was originally designed to connect government, military and educational institutions with a high-speed data channel. Today, that function has been taken over by a second, much faster internet protocol which is currently restricted to use by government, military and educational institutions, while the original internet has been relegated to commercial use.
Email users who want more secure data transfers can encrypt their messages using a separate encryption system to encode documents to be sent over the internet. These systems, which require a private key transmitted to the recipient separately from the documents themselves, are considered inherently more secure than the SSL system. If the SSL system is breached, all the intruder gets is another encrypted document that they may or may not be able to read.
If the snooper is a private party, a corporation or a garden variety snooper, the chances are that these encryption schemes will protect the documents to which they have been applied. Government snoopers may be more successful. So, apparently, was the search engine company which, Microsoft alleges, has a business model based on spying on the public.
At the same time, Google itself has an image problem to contend with, which brings us back to that pesky class action law suit that the company has just beaten back. The suit alleged that software company was reading users’ mail for the purpose of using that data in their advertising target analysis.
Google makes its living by tracking the preferences of individual users based on their web searches and using that data to target users for advertising messages that hone in on the interests that the users have indicated through their search habits. Google sells this information to advertisers, who can then “push” advertisements based on the user’s preferences and interests through the websites the user visits. This is why advertisements from real estate brokers and mortgage lenders will suddenly start popping up on every website that a user visits after doing a search for “home for sale” in a given location.
Aside from disconcerting the naïve user, who is unaware of how Google operates, these systems have also made the internet a more difficult and dangerous place to be than it was some years ago. A search for security software will cause “come-on” advertisements from companies offering “Me Too” products that often use scare tactics (“You Computer is Infected. Click Here for Help”) to trick unwary users into loading “ad-ware” programs that actually add unwanted programs to the user’s system.
The Google announcement was released on the same day that arch-rival Microsoft was forced to admit that they had searched a blogger’s Hotmail account to track down the person who was leaking Microsoft’s trade secrets to the blogger. Until recently, Microsoft had adopted a “holier than thou” attitude toward its competitor for the practice of reading users’ emails and delivering targeted advertisements to their computers on the basis of that information. Google had steadfastly refused to admit that it reads customer’s email, although it freely admits that the company uses search data to sharpen the focus of its advertising campaigns.
Consumers who want to opt out of the whole messy business can do several things to protect their privacy. One of them is very simple: Do not use Google as your search engine, followed by: Do not use Gmail as your primary email account. In the latter case,this precaution might have little or no value if the people you are corresponding with are using Gmail on their end of the conversation. If all else fails, consider using pen and ink.
Google’s announcement today contained a tacit admission that they have been reading their customers’ emails, or rather, that their computers have been reading their customers’ emails. By announcing that, henceforth, emails will be encrypted as they pass between the company’s internal servers, the company has admitted that those emails in transit were not previously encrypted.
So, Google’s now says its Gmail program is now safe from prying eyes, even if the eyes are their own. Better late than never.
By Alan M. Milner