A year after revelations first emerged from former National Security Agency contractor Edward Snowden about mass Internet surveillance, more e-mail providers are adopting encryption, a simple change that could make it harder for spy agencies to vacuum up huge numbers of communications in transit.
In an analysis released this week, Google said 65 percent of the messages sent by Gmail users are encrypted when delivered, meaning the recipient’s provider also supports the encryption needed to establish a secure connection for transmission of the message…Gmail has more than 425 million accounts worldwide and was an early adopter of e-mail encryption.
Only 50 percent of incoming messages are encrypted, Google says, but that’s up from 27 percent on December 11, 2013. And the numbers could get even better as more providers offer encryption by default to their customers. Charlie Davis, a Comcast spokesman, says the Internet service provider is working on it and plans to “gradually ramp up encryption with Gmail in the coming weeks.”
There are still significant gaps: less than 1 percent of traffic to and from Gmail from Comcast and Verizon is currently encrypted, and fewer than half of e-mails from Hotmail accounts to Gmail are encrypted.
What’s more, messages are protected only in transit—there’s nothing to stop the NSA from reading them if it gains access to an e-mail provider’s servers. Even here, though, the tide may be turning: on Tuesday Google released draft source code of a tool, called End-to-End, that would secure a message from the moment it leaves one browser to the moment it arrives at another—meaning even e-mail providers couldn’t read them as they travel between two people, because they wouldn’t have the keys needed to decrypt those messages…
Embarrassed by Snowden’s revelations, many Silicon Valley giants are advertising increased use of encryption.
Apart from any other consideration, as long as smart coders devise methods for keeping freestyle government snoops out of your life – and a profit can be made from it – then the word will get out.
Whatever the reasoning, netizens will continue to make their own decisions about privacy, voting with their feet if they feel concerned, refusing to opt in if they value privacy more than an extended puberty. That’s still a milieu apart from creeps with unconstitutional authority handed over by elected cowards – looking through the pages of your life.
Gmail users have no “reasonable expectation” that their emails are confidential, Google has said in a court filing.
Consumer Watchdog, the advocacy group that uncovered the filing, called the revelation a “stunning admission.” It comes as Google and its peers are under pressure to explain their role in the National Security Agency’s (NSA) mass surveillance of US citizens and foreign nationals.
“Google has finally admitted they don’t respect privacy,” said John Simpson, Consumer Watchdog’s privacy project director. “People should take them at their word; if you care about your email correspondents’ privacy, don’t use Gmail.”
Google set out its case last month in an attempt to dismiss a class action lawsuit that accuses the tech giant of breaking wire tap laws when it scans emails in order to target ads to Gmail users.
That suit, filed in May, claims Google “unlawfully opens up, reads, and acquires the content of people’s private email messages.” It quotes Eric Schmidt, Google’s executive chairman: “Google policy is to get right up to the creepy line and not cross it.”
“Unbeknown to millions of people, on a daily basis and for years, Google has systematically and intentionally crossed the ‘creepy line’ to read private email messages containing information you don’t want anyone to know, and to acquire, collect, or mine valuable information from that mail,” the suit claims…
According to Google: “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS [electronic communications service] provider in the course of delivery.”
Um, I’d say that’s pretty clear. Also blindingly apparent to any geek who’s been around this electronic neighborhood for a spell is that Google never let on that anything other than “Do no harm” was their corporate guidance. From day one every bit of their PR was designed to reinforce a counter-culture ethos, differentiation from the rest of America’s greedy corporate culture.
And all that sums up the past few years as a revelation. A decidedly negative disclosure.
UPDATE: Google officials say this article quoted Google’s idiot lawyers – not the people who govern policy.
Google has launched a new feature in Gmail that will alert users when the system detects suspicious activity that might indicate the account has been compromised.
Gmail already displays information at the bottom of the in-box showing the time of the last activity on the account and whether it’s still open in another location. But people often don’t think to check that information, Will Cathcart, a Gmail product manager, said in an interview.
So Google is taking the extra step of displaying a warning to users in the form of a big banner that says “warning your acct was accessed from…” and which specifies a geographic region where the account was accessed when unusual activity was detected.
“For example, if you always log in from the same country and all of a sudden there is a log in from halfway around the world” that is suspicious, Cathcart said. Or, if the system detects that one particular IP address is accessing numerous accounts and changing passwords for them, that would trigger warnings for affected accounts, he said.
After receiving the warning banner, users can click a “details” link to get more information, such as where the last access points were. Users can change their password from that window.
The Gmail blog has a bunch more info on the topic. Seems like a useful pointer.
Daylife/AP Photo used by permission
Google has declined comment on a Washington Post report that it has asked the National Security Agency to help track down the cyberattackers who recently breached its databases.
Reporter Ellen Nakashima’s front page story on Thursday rekindled concerns about corporations collaborating with government sleuth agencies. You might recall the alarm raised by privacy and civil liberties advocates in 2006 after a USA TODAY investigation revealed how the NSA secretly analyzed phone records of tens of millions of Americans.
At the time, public backlash was directed mainly at telecom giants AT&T, Verizon and BellSouth for so readily giving up their customers’ private phone records to a government agency.
In a similar vein, Google, the world’s dominant search service, amasses data on the surfing habits of most Internet users, and stores vast amounts of sensitive data belonging to users of its popular Gmail and Google Apps online services, says Amrit Williams, CTO of security firm Big Fix. Because the NSA is an “opaque intelligence organization . . .the potential for abuse of private information at the intelligence or government level is very high,” he says…
That’s possible – perhaps, likely; but, it’s an unsound logical statement. It’s opinion.