Why Google Should Encrypt Our Email

from the it's-good-for-everyone dept

Julian Sanchez has put forth an interesting and compelling proposal: if Google really wanted to take a stand in favor of user privacy, it should encrypt all our emails.
Google is in an ideal position to overcome these difficulties, and finally make strong e-mail encryption a mass phenomenon. Their Gmail service—the one David Petraeus was using to exchange steamy messages with his biographer and lover, Paula Broadwell—has some 425 million active users by last count. Many of those users access the service through a Web interface, which Google can change and update for all users simultaneously. That means we could all wake up tomorrow to find a handy new “Encrypt Message” button included in the familiar Gmail interface we're already using. Meanwhile, Google (along with Facebook) has rapidly become a kind of universal Internet identity provider, with the Google Account used as a key not only to access Google’s own myriad offerings, but many other independent online services as well.

Because truly strong encryption is “end to end”—meaning the end-users generate, store, and have sole access to their own private encryption keys—a robust content encryption system may require users to have appropriate client software installed on their own machines. Here, too, Google is well positioned to provide a solution: They already make a widely-used browser, Chrome, and a popular operating system for mobile devices, Android, which could be updated with the necessary functionality built-in, eliminating the need for a separate browser plug-in.
Of course, as Julian notes, one reason why Google is resisting this is that it would make it more difficult to scan your emails and offer contextual advertising based on what's in those emails. He notes that Vint Cerf more or less admitted this last year, in noting that it would be a challenge to their business model. But Julian notes that there are other ways to target advertisements (some of which might be more effective) than keying them directly off each email -- for example, it can still use your search history, social profiles, Youtube videos, etc. For what it's worth, in all the years I've used Gmail, I don't recall ever looking at the ads they display -- though, obviously, some people out there must click. Also, a point worth noting: Microsoft's new Outlook.com email system does not scan each email for contextual advertising purposes. If they can do it, it seems silly to argue that Google needs to scan each email. More importantly, Julian isn't saying that every email should be encrypted -- so plenty of messages will still be sent in the clear, and those can be used for contextual ads. And the benefits may outweigh the negatives:
Meanwhile, Google would garner enormous goodwill from privacy advocates, reams of free press coverage, and an attractive new selling point, not only for Gmail but for Chrome and Android as well. Encryption would likely be a particularly appealing feature for Google's paying enterprise customers, whose messages may contain information that is not only private but highly valuable. At the very least, it's worth running the numbers again to see whether offering strong encryption might now be a net boon to the company's bottom line.
Furthermore, he notes that Google can use this to take a real stand against efforts by law enforcement to build wiretapping into email. Those efforts have been going on for a long time, and Google has fought against them in the past. But, he notes, getting people up in arms about the feds taking away something that people already have is a much more powerful motivator than getting them worked up about the feds making it impossible for Google to offer that feature in the future.
Because people are loss-averse, taking away something people already have and value can be all but impossible—while preventing them from getting it in the first place is far easier. By rolling out e-mail encryption now, Google can ensure that ordinary users see myopic efforts to regulate secure communications infrastructure as something that affects all of our privacy and security—not just that of faceless crooks or terrorists.
For what it's worth, Ed Felten responded to Julian's proposal by noting a few potential issues with it: (1) managing the crypto keys and cyrpto code would be an issue (would Google also store your key? if so, many of the benefits go away) and (2) there are features that rely on Google being able to see your email. For that latter issue, he notes that beyond just the question of contextual advertising, it could make things like filtering messages more difficult -- and that includes for more important filters like spam.

Julian responds by noting that these are not insurmountable issues. The management of the crypto keys could be handled by Google if people are okay with it, or they could offer up third party options (whether local, or some other "cloud" provider, such as Dropbox).
...lots of cloud services that offer encryption let the user choose whether or not to let the provider keep a backup copy of the user's keys. The more paranoid could sacrifice some mobility and convenience—and risk losing access to some of their messages if their local copies of the key are destroyed—by opting not to let Google keep even an encrypted copy of their key. Or, as a middle ground, a user could always store an encrypted backup copy of her key with a different cloud provider, like Dropbox, which need not even be known to Google. That provides all of the advantages of storing the key with Google at a relatively minor cost in added hassle, but substantially raises costs for any attacker, who now must not only crack the passphrase protecting the key, but figure out where in the cloud that key is located. Assuming it's accessed relatively infrequently (most of us read our e-mail on the same handful of devices most of the time) even a governmental attacker with subpoena power and access to IP logs is likely to be stymied, especially if the user is also employing traffic-masking tools like Tor
As for the filtering option, he notes that you can still filter based on other metadata, and that most of the encrypted notes are less likely to be spam, since they're more likely to be used between people who know each other. To avoid the problem of spammers suddenly jumping on the encryption bandwagon, he suggests an option where you might only accept encrypted mail from white-listed addresses.

Some Google haters will insist that Google will never do this because it might diminish the contextual ad business, but as Julian explains (in both links!) that's not necessarily the case. Furthermore, Google has, in the past, shown that it recognizes that making a goodwill gesture in terms of increasing privacy or better protecting its users can often pay off in much more usage and public goodwill in the long run. As Julian notes: it seems that it's at least worth running some numbers to see how it might make financial sense to better protect user emails.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: email, encryption, gmail
Companies: google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Androgynous Cowherd, 19 Dec 2012 @ 12:06am

    Encrypted spam prevention

    It's even easier to avoid the problem of being unable to filter encrypted spam. Just choose a cryptosystem that's a) an asymmetric cipher and b) reasonably expensive to encrypt.

    To spam an encrypted message to millions of users, the spammer's computer would have to encrypt each of millions of copies separately using the individual target's public key. This would be slow and expensive and destroy the economic reason for spamming in the first place. Spammers would thus avoid encryption, even if it meant the likelihood of being caught and blocked by filters at many destinations.

    link to this | view in chronology ]

    • identicon
      The Ultimate Anonymous Coward, 19 Dec 2012 @ 12:30am

      Re: Encrypted spam prevention

      Not only that, the spammer's computer first has to retrieve all the public keys from somewhere. If that's an email service like gmail, a sudden mass download of public keys for huge numbers of mailboxes there will be a sure indicator of a spammer winding up for a fastball. And it wouldn't be hard for automation to detect a mass key download and either block it, or (evil!) let it go ahead but silently drop every incoming email from the same IP address for a while. Or, to defeat even a spammer clever enough to grab keys from one IP and send mail from a second, just wait for an encrypted message to arrive at one of the mailboxes whose keys were in the mass download, wait a bit longer, and then see if many or all of the other such mailboxes got mail near the same time and these mails have low diversity in originating IPs. Then dump them.

      link to this | view in chronology ]

      • icon
        nasch (profile), 19 Dec 2012 @ 6:20am

        Re: Re: Encrypted spam prevention

        Much easier than that would be a little checkbox that says if an encrypted email comes in from someone not in your contacts, send it to spam. I expect false positives would be rare.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Dec 2012 @ 7:16am

        Re: Re: Encrypted spam prevention

        Wait a minute.... block? That is censoring free speech!!!! How come you're willing to impinge on their legitimate free commercial speech but go ballistic when anyone talks about blocking the transmission of illegal copyrighted content?

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Dec 2012 @ 8:05am

          Re: Re: Re: Encrypted spam prevention

          First off, not wanting to recieve something is not censorship. You have a right to shout bullshit from the rooftops but I have a right to cover my ears.


          Second part is a strawman and not worth responding to

          link to this | view in chronology ]

    • icon
      RonKaminsky (profile), 19 Dec 2012 @ 11:58am

      Re: Encrypted spam prevention

      > the spammer's computer

      Unfortunately for your theory, "the spammer's computer" is in reality, often 10's of thousands of other peoples' computers (i.e., botnet).

      Ah, the nostalgia for the "why your idea to prevent spam won't work" form letter (the one with the checkboxes)...

      As Mike points out repeatedly, the real (and mostly only) way to solve problems is economics --- i.e., spam will not disappear until user education/cultural evolution has made it unprofitable.

      link to this | view in chronology ]

  • icon
    Laurel L. Russwurm (profile), 19 Dec 2012 @ 1:02am

    "the more paranoid"

    We live more of our lives online, and governments and corporations increasingly peak at our private data, so encryption ought to be the order of the day.

    But giving Google the keys? #samesame

    link to this | view in chronology ]

    • icon
      Ninja (profile), 19 Dec 2012 @ 1:56am

      Re: "the more paranoid"

      It all depends on how much you trust them..

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Dec 2012 @ 2:29am

      Re: "the more paranoid"

      See, it's an interesting quandary: do we hand over the keys to a corporation, or to government? Because we damn sure can't trust the government to use that power wisely, and I'm highly skeptical of corporations using it wisely.

      link to this | view in chronology ]

      • icon
        FarSide (profile), 19 Dec 2012 @ 6:06am

        Re: Re: "the more paranoid"

        If things weren't so friggin screwed up, the answer would be easy - trust the company, and if they do wrong then it's the government's job to pound on them.

        Unfortunately, here in the real world, I don't know the best answer.

        However, if we are talking proper encryption here, then it's not handing the keys over to anyone - it's letting me have the keys, Google providing a place to store things that even they can't access, and the govt can go sit in a corner and cry about it.

        link to this | view in chronology ]

      • icon
        John Fenderson (profile), 19 Dec 2012 @ 9:25am

        Re: Re: "the more paranoid"

        do we hand over the keys to a corporation, or to government?


        Neither. Corporations and the government are equally trustworthy. Meaning they're not at all. You have to watch them like a hawk at all times.

        It also helps to remember that every interaction with them is an exchange. You're giving up something to get something. The trick is to make sure that what you're getting is worth at least as much as what you're giving up.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Dec 2012 @ 3:32am

      Re: "the more paranoid"

      It is safe enough if it only the public part of a public private key pair. Use and management of the private part of the key needs to be dealt with.

      link to this | view in chronology ]

  • identicon
    Unnamed Shy, 19 Dec 2012 @ 1:50am

    Simple explanation

    I think the most likely reason Google has not deployed encryption massively is not any of the mentioned. The most likely reason is because they are under heavy pressure from governments which kindly "advise" against it.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Dec 2012 @ 9:26am

      Re: Simple explanation

      Nah. It's the money. Google can't monetize what they can't read.

      link to this | view in chronology ]

      • icon
        Khaim (profile), 19 Dec 2012 @ 11:11pm

        Re: Gmail ads

        I don't think Google makes enough money from Gmail ads to even keep the servers on. And before you cry "but then why would they provide a mail service at all", let me remind you of the dozen other services they offer that don't even have ads.

        link to this | view in chronology ]

  • icon
    Ninja (profile), 19 Dec 2012 @ 1:54am

    For what it's worth, in all the years I've used Gmail, I don't recall ever looking at the ads they display -- though, obviously, some people out there must click.

    I admit I have looked at the ads once or twice and I clicked them one of the times out of curiosity. Most of the time I ignore them. Now we have those annoying videos on Youtube where you can skip in like 5 seconds. I always skip when I can and I find those completely and utterly annoying. And I'm not alone, 100% of my friends also think this way.

    But I'm straying from the point of the article.

    The management of the crypto keys could be handled by Google if people are okay with it, or they could offer up third party options (whether local, or some other "cloud" provider, such as Dropbox).

    lastpass.com comes to mind. So far they are doing a wonderful job and I'm using insane passwords everywhere with no fear (including for the master key). And they offer several multi-factor options which I gladly use.

    In any case I'm strongly in favor of Google enabling encryption in multiple levels. The article says it all, it's a huge act of goodwill that will certainly help the fight for privacy in the long term. And truth be said, Google has served as a driving force for many improvements in the competition services. They offered shitloads of space the competition followed the path, they offered a clean, easy and intuitive interface and competition followed, they offered labels and the competition followed...... You know what I mean ;)

    link to this | view in chronology ]

    • identicon
      PRMan, 19 Dec 2012 @ 9:51am

      Re:

      Strangely, the ads I have actually WATCHED on YouTube are the ones with Skip Ad. Some of these have turned out to be beautiful pieces of artwork with great songs and wonderful visuals. Others are highly targeted to my interests (such as the ad for Lego Batman 2 I didn't skip when I was looking at a solve video for Lego Pirates of the Caribbean--smart move).

      It's as if companies know they are doing [Skip Ad >>>] ads, and go out of their way to make them quality so that I don't skip them.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Dec 2012 @ 2:15am

    I'm mostly a "Google fanboi", but I agree with this 100%. I want to be able to encrypt not just e-mail messages, but also Google Talk (with OTR) and Google Drive - all from the browser.

    I REALLY wish this would be automatic for everyone, to get everyone to use encryption, but even offering it as an "option" would be a GREAT addition. We should really push Google to do this.

    Eventually others will do it anyway, especially when web crypto API's arrive in a little more than a year, and they could gain a lot of positive PR by being the first to do it now, rather than being the 10th to do it later on, when it's not so newsworthy anymore.

    link to this | view in chronology ]

  • identicon
    Bryan O'Doyle, 19 Dec 2012 @ 2:45am

    Google Implementing Encrypted Email...

    Just off the top... a few things more likely...

    Jesus HF Christ returns!!!
    Women genuinely appreciate your candor when you confirm for them their ass is in fact, fat.
    A third political party emerges in the U.S., the leader wins the Presidency and calls a new Congressional Congress and America's Reborn for another hundred years.
    Charlie Brown marries the redheaded girl...

    link to this | view in chronology ]

  • icon
    lfroen (profile), 19 Dec 2012 @ 3:06am

    "Encrypt" is not magic word

    How exactly Google should encrypt it? If key will reside on Google side - the whole execrize is pointless. On the other hand, if key is on client - user experience will be awful.
    Moreover, the whole "why" question left unanswered:
    * For Google, it will hurt targeted advertizement.
    * Privacy advocates? Who cares about them? I don't. And I do understand what implications are. Most of population don't even know they exists.
    What's even more ridiculous, is that if Google whould take every advice techdirt gave, it should just provide service for free, don't look at search history/social profile/etc since that would be "privacy violation", make all software open-source and so on.
    Buisness doesn't work like this - you can never please 100% of your customers. If you have 1-5% "privacy advocates", who cry wolf on every attempt to monetize data about users - correct answer is to ignore them.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Dec 2012 @ 4:05am

      Re: "Encrypt" is not magic word

      Just a nitpick:

      "...make all software open-source and so on."

      To be fair, they do make some of their software open-source:

      https://code.google.com/opensource/projects.html

      link to this | view in chronology ]

    • icon
      Mike Brown (profile), 19 Dec 2012 @ 4:24am

      Re: "Encrypt" is not magic word

      Well, it's true that there are some super-paranoid privacy freaks out there (what are you hiding??!!).

      But to be fair, I don't particularly like that email is about as secure as a postcard. I book travel for politicians and celebrities, and its not unusual that they email me their credit card numbers, and I email out their travel itineraries.

      On that subject: this same information is passed back and forth when people book on my agency's website. It has strong encryption, and people would freak out if it didn't. Why the double standard?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Dec 2012 @ 8:38am

        Re: Re: "Encrypt" is not magic word

        ... website. It has strong encryption, and people would freak out if it didn't.


        HTTPS combines strong crypto with a braindead PKI.

        For one illustration, remember the DigiNotar incident.

        People “would freak out“ if they didn't see the little padlock because HTTPS is a genuine triumph in marketing.

        link to this | view in chronology ]

    • icon
      Ninja (profile), 19 Dec 2012 @ 4:28am

      Re: "Encrypt" is not magic word

      Privacy advocates? Who cares about them? I don't. And I do understand what implications are. Most of population don't even know they exists.

      Good thing there are people that care for you. With increasing surveillance you should care.

      What's even more ridiculous, is that if Google whould take every advice techdirt gave, it should just provide service for free, don't look at search history/social profile/etc since that would be "privacy violation", make all software open-source and so on.

      Read the article again, it says it can still do targeted advertising, it'll just need to adapt.

      Buisness doesn't work like this - you can never please 100% of your customers. If you have 1-5% "privacy advocates", who cry wolf on every attempt to monetize data about users - correct answer is to ignore them.

      It's not 5%, even I don't know the percentage. But the numbers are growing.

      link to this | view in chronology ]

    • icon
      nasch (profile), 19 Dec 2012 @ 6:27am

      Re: "Encrypt" is not magic word

      On the other hand, if key is on client - user experience will be awful.

      Why is that? Lastpass provides a great experience, and they don't know my encryption key. Why couldn't Google do the same? I hear they employ a few smart developers. Or it could be 3rd-party plugin.

      link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 19 Dec 2012 @ 8:11am

      Re: "Encrypt" is not magic word

      How exactly Google should encrypt it? If key will reside on Google side - the whole execrize is pointless. On the other hand, if key is on client - user experience will be awful.

      Did you even read the article? This was discussed.

      * For Google, it will hurt targeted advertizement.


      Did you even read the article? This was discussed.

      What's even more ridiculous, is that if Google whould take every advice techdirt gave, it should just provide service for free, don't look at search history/social profile/etc since that would be "privacy violation", make all software open-source and so on.

      Can you point to a single citation where we've argued any of those? You can't because we don't actually agree with any of those claims.

      Buisness doesn't work like this - you can never please 100% of your customers.

      This has nothing to do with pleasing 100% of your customers. Did you even read the article?

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Dec 2012 @ 9:31am

      Re: "Encrypt" is not magic word

      How exactly Google should encrypt it? If key will reside on Google side - the whole execrize is pointless. On the other hand, if key is on client - user experience will be awful.


      Public-key cryptography solves these problems very well. Google holds the public key, you hold the private one. The public key only lets you encrypt, not decrypt.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Dec 2012 @ 4:02am

    "Why Google Should Encrypt Our Email"

    If they're going to encrypt your email, that means that they'll have the keys with them, allowing them to decrypt your email themselves, thus defeating the purpose of encryption.

    This is stupid. IF you really want encryption, do it yourself. It is MUCH safer.

    link to this | view in chronology ]

    • icon
      nasch (profile), 19 Dec 2012 @ 6:33am

      Re:

      If they're going to encrypt your email, that means that they'll have the keys with them, allowing them to decrypt your email themselves, thus defeating the purpose of encryption.

      Not necessarily. They could deliver the encrypted message to your browser (or mobile app), where it's decrypted on your computer. and likewise your computer could encrypt a message and then send it to the server.

      link to this | view in chronology ]

    • icon
      Josh in CharlotteNC (profile), 19 Dec 2012 @ 6:37am

      Re:

      Please read a bit about asymmetric key encryption. This relies one two keys - a public key, and a private (or secret) key.

      http://en.wikipedia.org/wiki/Public-key_cryptography

      Google - and everyone in the world for that matter - can have my public key. They use that key to encrypt something. Once it is encrypted, the only way to decrypt it is with my private key. So long as I'm in full control of my private key, I don't have to worry about everyone knowing the public key, since that only allows them to encrypt something which only I can decrypt.

      link to this | view in chronology ]

  • identicon
    Bill G., 19 Dec 2012 @ 4:08am

    Hushmail stores their encryption keys locally, and all it took was a subpoena to get access to user emails. http://www.zdnet.com/blog/threatchaos/hushmail-betrays-trust-of-users/487

    There's also the Communications Assistance for Law Enforcement Act (CALEA), which requires that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time. https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

    Even if Google wanted to encrypt email messages for the masses, law enforcement would have a hissy fit. Governments would cry 'National Security' and demand a back-door be installed, because Gmail is such a huge service provider. Gmail encryption would be dead before it ever left the gate, or it would only provide a false sense of security because there would be back-doors installed.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 19 Dec 2012 @ 4:38am

      Re:

      Governments would cry 'National Security' and demand a back-door be installed, because Gmail is such a huge service provider.

      So I'm a criminal. I want to communicate via postal service. How would I do it? One of the best ways to do so would be to encrypt the message, let's say, store it in a secured usb drive and mail over and just me and the destination have the encryption keys. So what will the Government do to tackle that? I can also install an encryption software on my phone (or drive the line through a computer that will do the job) where just me and the other part have the encryption keys. What will the police do?

      The basic answer is to deliver focused investigation efforts and 1- infiltrate people to get a hold of the key, 2- investigations will yield source and destination and even if you can't see what's being communicated you can see from and to (further security measures may make this difficult depending on the platform used for communicating) so you'll be able to FOCUS your efforts in the offline realm to get indirectly to the online contents, 3- smart criminals override back doors so this is just a lame excuse for mass surveillance, 4- etc.

      In the end I kind of agree with you but even so I'm all for making their lives even more difficult.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Dec 2012 @ 4:48am

        Re: Re:

        I'm all for making their lives even more difficult.


        Do you think they'll just give up? Roll over, dead?

        Or will they push forward their capabilities for endpoint compromise. Already, the user's own computer is the most vulnerable point. And already, the user's own computer is the most attacked point.

        If nation-states lose all capability for attacking message traffic in the channel, then they'll redouble their efforts to compromise endpoints.

        From the standpoint of making secure communications possible, I'm all for encouraging governments to waste their budgets on attacking what we already know how to secure—if we want to. Let them spend millions and billions on building wiretaps into routers—waste their resources everywhere except on the vulnerable endpoints.

        link to this | view in chronology ]

        • icon
          Ninja (profile), 19 Dec 2012 @ 5:09am

          Re: Re: Re:

          True enough. Except that if you build a backdoor to spy on your own citizens and your enemy, let us say, China, finds out, it will have full access to your communications infra-structure from inside. That doesn't seem reasonable. I wonder how the Govt will deal with that delicate issue.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Dec 2012 @ 5:38am

            Re: Re: Re: Re:

            I wonder how the Govt will deal with that delicate issue.

            During the Cold War, there were many times where we knew something, and we knew the Soviets knew that something too—and further, we knew that they did know, and they knew too that we did know—and we knew that they knew that we knew... and it was nevertheless all very carefully kept very secret. Unmentionable.

            From past behaviour, then, we must conclude that governments in the West consider their own citizens a greater threat than the godless commies.

            So, if China has full access to all our telecommunications infrastructure, then remember that the really important thing is that the public must never find out.

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Dec 2012 @ 5:55am

          Re: Re: Re:

          Let's not try to become more secure, because that will make us less secure! Great point...

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Dec 2012 @ 6:11am

            Re: Re: Re: Re:

            try to become more secure

            Secure against what?

            Security does not exist in a vacuum—it is contextually dependent on the threat. The threat includes not only the adversary's theoretical capabilities, but the adversary's finite resources and deployed capabilities.

            link to this | view in chronology ]

            • icon
              John Fenderson (profile), 19 Dec 2012 @ 9:35am

              Re: Re: Re: Re: Re:

              Secure against any interception, disclosure, and impersonation that takes place without our explicit consent.

              link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Dec 2012 @ 3:00pm

      Re:

      Um, no, CALEA does not require modifications to allow surveillance. 47 U.S.C. § 1002(b)(3):

      "A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."

      The second part "and the carrier possesses the information necessary to decrypt the communication" allows Google to make gmail encrypted.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 19 Dec 2012 @ 4:35am

    It is obvious why you thieves and freetards would want to encrypt your internet so you can steal easier, but you'll never convince honest joes that they need encryption.

    link to this | view in chronology ]

    • icon
      Ninja (profile), 19 Dec 2012 @ 5:11am

      Re:

      It's the honest Joes that are suffering the heaviest surveillance. The hardcore pirate knows how to avoid this. Also, who said they are interested in what is being pirated? Naive, aren't we?

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Dec 2012 @ 9:36am

      Re:

      It's mostly honest joes that use encryption right now.

      link to this | view in chronology ]

  • identicon
    John Doe, 19 Dec 2012 @ 5:20am

    I have nothing to hide

    I have nothing to hide which is exactly why there is no reason for anyone to be reading my email but me. So bring on the encryption. I can only hope that Google will do it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Dec 2012 @ 5:41am

    The unfortunate truth of public-key cryptography is that both sides of the communication have to play along, and it is very difficult to convince non-techie, non-privacy-conscious people to adopt the inconvenience of encrypted email for the sake of privacy (the fact that "if you have nothing to hide, you have nothing to fear" is a common criticism of privacy concerns should speak volumes).

    Obviously the privacy benefits to Google taking this approach are enormous, but they stem largely from the feature becoming ubiquitous and easy. When it is one button click to encrypt your email, what excuse remains not to do it?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Dec 2012 @ 5:52am

    Obviously you should have the key, or they should do it the way Kim Dotcom intends to do it with Mega.

    I'm not sure why the article even suggests to allow Google to manage the key for you, or even other cloud providers. That would totally kill the point of encrypting the message. From that point of view, e-mails are already encrypted like that, and you can't get man-in-the-middle attacks with Gmail, but Google has the keys to them, which means governments have the keys to them.

    So the point is to get Google to do it so somehow only you and the recipient can decrypt the e-mail. Nobody else should have access to them, even if they had to give access to them.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Dec 2012 @ 6:14am

      Re:

      So the point is to get Google to do it so somehow...

      So the point is that Google is a magical genie.

      “Google, please, make me secure!”    Hmmmm... ok.. maybe...    “Google sudo make me secure!”

      link to this | view in chronology ]

  • icon
    eclecticdave (profile), 19 Dec 2012 @ 6:06am

    Browser plugin not an optional extra

    The biggest problem is the need for a browser plugin to be able to do this securely, which is much more of a big deal to organize than the article suggests.

    Any solution that involves adding a button to gmail's web interface fundamentally cannot be secure. Even if you did public-key encryption with all the work done client-side in the browser, that still involves downloading the javascript to do it from the server and there's no way to prevent Google from installing a backdoor at any time if they want or are forced to by the government.

    Even *with* a browser plugin it's problematic as it's difficult to do it in a way that ensures it cannot be bypassed. e.g. the client-side javascript could request the text you entered to be encrypted by the browser, so you get all the right feedback, then substitute it with the unencrypted version when submitting it to the server.

    And let's not forget that if Google have provided the plugin it also might be compromised through the browser's auto-update feature.

    link to this | view in chronology ]

    • icon
      nasch (profile), 19 Dec 2012 @ 6:39am

      Re: Browser plugin not an optional extra

      How are you envisioning that malicious code getting installed?

      link to this | view in chronology ]

      • icon
        eclecticdave (profile), 19 Dec 2012 @ 9:25am

        Re: Re: Browser plugin not an optional extra

        All code running in a browser is downloaded from the server (it can be cached, but you have no control over when it is refreshed).

        Therefore you have no real control over anything the code running on your browser is doing, despite the fact that it running on the client rather than on the server.

        link to this | view in chronology ]

        • icon
          nasch (profile), 19 Dec 2012 @ 10:09am

          Re: Re: Re: Browser plugin not an optional extra

          All code running in a browser is downloaded from the server (it can be cached, but you have no control over when it is refreshed).

          So you're saying the plugin provider would be distributing malware? Don't you think the privacy/security community would notice something like that?

          link to this | view in chronology ]

          • icon
            eclecticdave (profile), 19 Dec 2012 @ 2:59pm

            Re: Re: Re: Re: Browser plugin not an optional extra

            No, I'm referring here to the situation where you're *not* using a plugin, but where all the encryption is done using Javascript.

            Several comments have pointed out that it would be a complete joke if you were to give Google your encryption key as it would be no better than not using encryption at all (in fact it would be worse, as you might *think* your email was private).

            I was originally trying to make the point that this would be completely insecure even if you were to attempt to keep the private key client-side (or on dropbox etc) and do the encryption locally, which the article implied might be more secure.

            While using a plugin is potentially more secure - it's still possible for security to be compromised here too. Suppose the plugin as originally distributed was fine and got the all clear by the security community, but was later compromised by the browser's auto-update feature. How long would it take to be noticed and how much email would be compromised before it was? What if the Feds were targeting you specifically and only you got the compromised plugin, how long would it be before you smelled a rat? Could Google be relied upon to push back against either of these if the government twisted it's arm?

            The bottom line is: Do you trust Google? If you do, then HTTPS is all you need to secure your email from everyone else. If you don't trust Google then why would you trust their encryption implementation?

            link to this | view in chronology ]

            • icon
              nasch (profile), 19 Dec 2012 @ 3:28pm

              Re: Re: Re: Re: Re: Browser plugin not an optional extra

              Suppose the plugin as originally distributed was fine and got the all clear by the security community, but was later compromised by the browser's auto-update feature. How long would it take to be noticed and how much email would be compromised before it was?

              Are you suggesting a bug, or intentionally malicious code?

              What if the Feds were targeting you specifically and only you got the compromised plugin, how long would it be before you smelled a rat?

              That is a nasty problem with no clear solution. But I hope a small one.

              If you don't trust Google then why would you trust their encryption implementation?

              I would trust an open source implementation.

              link to this | view in chronology ]

              • icon
                eclecticdave (profile), 20 Dec 2012 @ 2:32pm

                Re: Re: Re: Re: Re: Re: Browser plugin not an optional extra

                > Are you suggesting a bug, or intentionally malicious code?

                I was primarily thinking of intentionally malicious alterations.

                > I would trust an open source implementation.

                So would I, up to a point. It doesn't make security issues magically disappear, but does make things a lot more difficult for a potential attacker.

                I'll concede my concerns over plugin security might be overblown, but I stand by my main point that web cryptography cannot be done entirely in javascript without some sort of browser support.

                link to this | view in chronology ]

                • icon
                  nasch (profile), 20 Dec 2012 @ 3:56pm

                  Re: Re: Re: Re: Re: Re: Re: Browser plugin not an optional extra

                  I would say widely used open source crypto

                  link to this | view in chronology ]

                • icon
                  nasch (profile), 20 Dec 2012 @ 4:00pm

                  Re: Re: Re: Re: Re: Re: Re: Browser plugin not an optional extra

                  Yeah oops... widely used open source crypto is the best you could get. If that isn't secure enough for your private use, you're in a tiny minority, and your only options would be to code review the oss stuff or write your own. These would only work if you are a very good crypto developer.

                  link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Dec 2012 @ 6:54am

      Re: Browser plugin not an optional extra

      For reasonable security, encryption and decryption of sensitive emails should be carried out as a separate operation to sending and receiving emails, that is use Gmail as a mailbox. Google could be used to make a public key available, to protect incoming emails, and verifying signing of outgoing emails, to the level that the owner of the emal account also has the necessary private key.
      Better security is achieved by exchanging public keys with the people that you wish to communicate with, preferably by real word meetings. Note this means a different public key from every person you wish secure communications with. In this case Google or similar services are only the mailbox, and should have no part in key management.
      Note both the Google public key, and managed public keys are useful for different purposes. The first to allow strangers and mere acquaintances to protect messages. The latter for communication between friends, family and associates. In practice most people are not prepared to live with rhe minor inconvenience of using encryption.

      link to this | view in chronology ]

  • identicon
    out_of_the_blue, 19 Dec 2012 @ 6:57am

    GOOGLE IS THE ENTITY READING YOUR EMAILS.

    Picking up key words, collating those, keeping track of who you send to, and giving all that to NSA.

    Google is literally the FOX guarding the henhouse. It just spends big to plant favorable opinion in tiny minds.

    Stunningly stupid, inherently wrong idea.

    link to this | view in chronology ]

  • icon
    Mikel Ward (profile), 19 Dec 2012 @ 7:40am

    Assuming they overcome all the obstacles with public key distribution and supporting it on several platforms, it would render server side search impossible. Server-side search is what makes Gmail great: no worrying about folders, just search.

    link to this | view in chronology ]

  • identicon
    slick8086, 19 Dec 2012 @ 8:42am

    Just think too how this would make managing your address book easier. Your public key could be your unique identifier instead of your email address.

    link to this | view in chronology ]

  • identicon
    No reason for anyone to wait for Google to wake up, 19 Dec 2012 @ 8:59am

    Just use Thunderbird with Enigmail PGP with the same Gmail through IMAP.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Dec 2012 @ 9:26am

      Re:

      Just use Thunderbird with Enigmail PGP...

      And what if the user's computer has been trojaned with a keylogger?
      Scarfo allegedly used PGP to encode his confidential and incriminating business data. With a judge's approval, FBI agents repeatedly sneaked into Scarfo's business to plant a keystroke sniffer -- it could be either software or hardware -- and monitor its output.


      And in case someone wasn't all that familiar with keylogging technology, here's the first non-paid, non-wikipedia result for “keylogger”...

      Elite Keylogger - CNET Download.com
      CNET Editors' review
      by: CNET Staff on February 27, 2009

      This monitoring software quickly and easily monitors keystrokes and PC activity, and it does so using a well-designed user interface. Our only complaint is the short 7-day trial period.

      When you first install Elite Keylogger, you'll be asked to select modes--visibility and invisibility. . . .

       


      Download Now

      CNET Editor's Rating: ∗∗∗∗∗
      Spectacular

      link to this | view in chronology ]

      • icon
        nasch (profile), 19 Dec 2012 @ 10:11am

        Re: Re:

        If the objective is to evade detection by the FBI, secure email is obviously not going to cut it. I don't think they would have any way to read properly-encrypted email without a warrant, so I don't see too much of a concern there (assuming the warrant process is working correctly, which is a completely different topic).

        link to this | view in chronology ]

  • icon
    Scott Yates (profile), 19 Dec 2012 @ 11:18am

    A good compromise might be

    A good compromise might be to allow me to say that all mail is encrypted with my local key when I tell it to "archive" message.

    This would cause issues with searching as some have mentioned, but as part of the compromise you might store a local cache of your archived messages for searching. Google USED to do desktop search as I remember.

    This might be a good solution.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Dec 2012 @ 12:21pm

    My company already uses GNU Privacy Guard (GPG) which is standard on our CentOS in-house servers. We use thunderbird to send and receive our emails. All in-house communications are encrypted. This is company policy. You send an email to another employee while in the office it is automatically encrypted. We started doing this after a couple of wazoo artists or dev people said "Well you said in your email to SO and SO". Idiots. Because they got access to text emails in the user dir's. HOW? They were working on the system, so now everything internal is encrypted.

    If the guvment want to read them they will have to pry them from and I quote "From my cold dead hands".

    The government of the United States is way too intrusive and takes way too many liberties. They need to be put on hold and stopped dead in their tracks. No more personal info from a web site with no warrant. You will have to deal with the individual you are trying to bust because we don't have their key. It is encrypted in our database.

    If our politicians will not do their job and protect us then we have to take matters in our own hands.

    I direct you to the following
    http://www.maximumpc.com/article/features/protect_your_privary_how_send_encrypted_emails_ with_linux

    link to this | view in chronology ]

  • icon
    Khaim (profile), 19 Dec 2012 @ 11:19pm

    Think of the user

    As usual, lots of nerds are missing the point. Think of the average user - your parents, say. Would this change create more work for them to access their email? Remember, to do this right you need to make sure Google can't read the messages. (If they can, you're just one super-secret-national-security court order away from having your mail read.)

    If you want to encrypt your emails, you can do that now. But if you do that, you probably aren't using Gmail in the first place. People use Gmail because it's dead simple and so easy your grandma can do it. And you want to complicated that with local private keys, that the user has to manage herself? I don't think so.

    link to this | view in chronology ]

    • icon
      nasch (profile), 20 Dec 2012 @ 8:10am

      Re: Think of the user

      I don't think anyone is suggesting Google should force users to encrypt their email, but enable them to do so more easily. So no, it would not be a problem for my parents to ignore the feature.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.