Constant password breaches and Snowden revelations about Government Surveillance have raised many questions that why don’t cloud and email Services encrypt the data stored on their server?
Revelations forced the popular Internet Giants such as Google and Yahoo to contemplate on the privacy and security issues and in response companies started enhancing their encryption standard by enabling HTTPS by default and removed the option to turn it off.
A few days back, Google admitted that their automated systems read your content, including incoming and outgoing emails to provide you personally relevant advertisements. That means Internet giants generally do encrypt your data, but they have the key so they can decrypt it any time they want.
Encryption is mandatory in Modern Internet and web services should consider Encrypting and decrypting your data locally, so that no one can snoop on. Such cryptographic mechanism is called End-to-End Encryption, that means content of your messages would be known to you and your browser, but not to Google itself.
GMAIL END-to-END ENCRYPTION
Well, According to Unknown Sources from Google confirmed that company is finally planning to take another step to ensure its users Privacy by implementing more complex encryption tools such as the very secure PGP (Pretty Good Privacy).
PGP is an open source end-to-end encryption standard for almost 20 years, used to encrypt e-mail over the Internet providing cryptographic privacy and authentication for data communication, which makes it very difficult to break. So, bringing PGP to the Gmail service will result in a much stronger end-to-end encryption for emails.
The Sources acknowledged that the end-to-end encryption is best from a security standpoint and also compatible with Gmail, but implementing it on the end-user requires significant efforts.
End-to-End Encryption to the email service basically implies that only the sender and receiver can read the contents of a message and nobody else, so it offers stronger protection than SSL/TLS.
ISSUES WITH ENCRYPTION IMPLEMENTATION
Well, there could be some issues in such encryption implementation and right now we don’t know that exactly what measures Google will take, but there are two major issues, which we and Google will deal at the same time:
- How would the Crypto Keys be managed? PGP protected emails would require decryption keys that only the sender and recipient would have to read the content transmitted between the two, and ideally Google won’t have access to the messages.
- What about the features of Gmail that rely on Email Content? This means that the adoption of PGP encryption could be problematic for Google as it won’t allow them to scan your emails to serve its spam filtering feature, content-based advertisements and even the search option.
Stronger end-to-end encryption will certainly be appreciated by Gmail users, but meanwhile you should know that major Desktop Email clients such as Microsoft Outlook and Mozilla Thunderbird with the Enigmail plugin can be configured manually to work smoothly with PGP encryption software, making it a simple matter of clicking a button to sign, verify, encrypt and decrypt email messages. Learn How to use PGP to Secure your Email Communication.
We hope that Google will soon shed more light on their end-to-end encryption initiatives. Stay Tuned.