Google plans end-to-end encryption tool for additional email privacy

Google has introduced a tool that will wrap email in a secure PGP wrapper until decrypted by the recipient.

Google released its estimates of how much email is being sent, unencrypted—as well as a tool to do something about it.

Google released its estimates of how much email is being sent, unencrypted—as well as a tool to do something about it.

In an apparent response to ongoing concerns about electronic communications being collected and read by government agencies, Google released its estimates of how much email is being sent, unencrypted--as well as a tool to do something about it.

Google's transparency report indicates that about half of the email passed to its servers isn't encrypted, while about 65 percent of the email sent from Google elsewhere is. Google's Gmail service itself uses HTTPS and offers encryption from the browser, but that doesn't matter if it's being sent to a provider that doesn't use it.

The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can't do it alone," Brandon Long, a member of the Gmail delivery team, wrote in a blog post. "Our data show that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren't encrypted. Many providers have turned on encryption, and others have said they're going to, which is great news. As they do, more and more emails will be shielded from snooping."

Numerous reports have surfaced, many sourced from documents leaked by Edward Snowden, about the government's intrusion into the email and digital information owned by Americans. The NSA collects email addresses and chat addresses; and allegedly read millions of private emails in numerous programs reportedly dating back to the weeks after the Sept. 11, 2001 attacks.

The "safermail" report, then, acts as a sort of "name and shame" page for consumers. Email sent to and from the Comcast.net domain, for example, is almost always sent without encryption, while all email sent to the facebook.com domain is. (About 50 percent of email from Facebook.com is unencrypted, however.)

The "End to End" extension, however, is designed to help users fight back. End to End is a future Chrome extension that will use OpenPGP to encase email in a secure wrapper that can be opened only by the recipient. Eventually, it will be released to the Chrome Web Store as a Chrome extension. For now, however, Google said it was encouraging developers to find, and report, any bugs before its general release.

"We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection," Stephen Somogyi, a product manager for Google, wrote. "But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it."

Join the CSO newsletter!

Error: Please check your email address.

Tags emailGmailGooglesecurityencryptionchrome

More about Comcast CableFacebookGoogleNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Hachman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place