Google Enhances Gmail Encryption


In a move taken by Google that promises to enhance email security, the company announced it is about to launch a new Chrome browser extension that is designed to encrypt users’ Gmail. The move is also said to make it more difficult for the National Security Agency (NSA) to conduct surveillance activities into a person’s private email. The line of code developed by Google engineers for Chrome’s browser extension is called End-to-End and lists in the code, words that relate to the addition and removal of secure socket layer data. This line of code is in reference to information that appeared in a report allegedly leaked by former NSA contractor, Edward Snowden.

Nearly eight months ago, The Washington Post revealed that voluminous amounts of data were being extracted by the NSA from Google and Yahoo servers outside the United States. This NSA exploit occurred at a time when Google’s practice was to strip encryption from data as it flowed from the Internet into Google’s internal server network. This secret NSA activity was apparently uncovered in the release of highly sensitive documents leaked by Snowden and published by the Post. One such document included a graphic that showed where the public Internet meets the Internal Google Cloud which is where user data is stored. Someone from the NSA is purported to have written, “SSL added and removed here! :-)” at the bottom of the graphic. The Post reported that when two Google engineers saw the graphic, they exploded into profanity.

Now, eight months later, the search engine giant hopes its End-to-End extension will allow for easier use of what is known, in the glossary of Internet jargon, as OpenPGP which is a protocol for encrypting email using public key cryptography. References show the acronym PGP stands for “pretty good privacy.” Google engineers believe that the deployment of encryption to enhance privacy measures included in the new browser extension will better secure its Gmail service to its user base.

Although the existence of the new extension has now been publicized, it is available only to developers and what the company calls power users due to the fact that the code must first be compiled into a working extension prior to use. According to Google sources, the hope during this early Alpha testing period, is for those involved in testing the extension will report their positive and negative observations to help ensure that the extension is as secure as possible.

In a related event that recently surfaced, Google published its transparency report revealing that Comcast, the company providing Internet service to the most number of homes in the United States, encrypts less than 1 percent of all email sent to Google’s Gmail service. In a matter of a few hours after the Google report was published, the company responded by saying that it would begin email encryption this month.

Internet technology experts say that until Google actually launches the enhanced Chrome browser extension to better secure its Gmail service, there are other methods that can be used to send encrypted email. One such method is by using a different mail client altogether such as Mozilla’s Thunderbird with Enigmail added. Otherwise a user with privacy and security concerns may opt to utilize third party tools such as Desktop Email Encryption and Gateway Email Encryption produced by Symantec, a company that develops a host of enhancements and security related software.

By Mark Politi

PC World
Washington Post
Coviant Software
PC World 2