Volume of encrypted e-mail rising amid spying fears

  • Follow Business

SAN FRANCISCO — The amount of e-mail cloaked in encryption technology is rapidly rising as Google, Yahoo, Facebook and other major Internet companies try to shield their users’ online communications from government spies and other snoops.

Google and other companies are now automatically encrypting all e-mail, but that doesn’t ensure confidentiality unless the recipients’ e-mail provider also adopts the technology.

In an analysis released Tuesday, Google Inc. said that about 65 percent of the messages sent by its Gmail users are encrypted while delivered, meaning the recipient’s e-mail provider also supports the technology. That’s up from 39 percent in December. Incoming communiques to Gmail are less secure. Only 50 percent encrypted while in transit, up from 27 percent in December.

Encryption reduces the chances that e-mail can be read by interlopers. The technology transforms the text into coding that looks like gibberish until it arrives at its destination.

Google and other Internet services rely on a form of encryption known as Transport Layer Security, or TLS. Security experts say that encryption method isn’t as secure as others. But encryption that is tougher to crack is also more complicated to use.

Gmail, with more than 425 million accounts worldwide, was one of the first free e-mail services to embrace TLS. Yahoo, Facebook and AOL also are encrypting their e-mail services. Microsoft Corp., whose stable of e-mail services includes the Outlook, MSN and Hotmail domains, has started encrypting many accounts as part of a transition that will be completed later this year.

Less than half of the correspondence from Hotmail accounts to Gmail wasn’t encrypted as of late May, Google said. Security is even worse at Comcast.net and Verizon.net, where less than 1 percent of the traffic coming to and from Gmail is encrypted, according to Google.

Comcast spokesman Charlie Douglas said the Internet service provider plans to start encrypting e-mail to and from Gmail accounts in the next few weeks. Microsoft reiterated that it is still rolling out encryption in its free e-mail services.

Verizon didn’t have an immediate comment.

The Google report comes a year after the first wave of media reports about the U.S. government’s intrusive techniques to monitor online communications and other Internet activity. The National Security Administration says its online surveillance focused on people living outside the U.S. as the agency tried to defuse threats of terrorism.

After lashing out at the government spying, Google and other Internet companies began encrypting e-mail and other online services in an attempt to reassure users worried about their privacy. The Internet companies are hoping their efforts to thwart government surveillance will make Web surfers feel comfortable enough to continue to visit their services. The companies make more money from online ads if their audiences keep growing.

Edward Snowden, the former NSA contractor who leaked documents revealing the online espionage, is among critics who believe the encryption methods deployed by Google and it peers are inadequate. In a March appearance at a technology conference, Snowden described TSL encryption as “deeply problematic” because U.S. government operatives merely needed to obtain a court order or hack into data centers to obtain users’ e-mails and other information.

Like many privacy activists, Snowden prefers “end-to-end” encryption, a more complicated step that requires a key to decrypt the information contained in e-mails. Theses encrypted keys are only held by an e-mail recipient, making it virtually impossible for an unauthorized user to know what’s in the message. This form of encryption takes more technical expertise to do right and can cause more headaches if passwords are forgotten because they can’t be reset. That raises the risk of the e-mail being inaccessible even to the recipient.

Google hopes to make end-to-end encryption easier by releasing an extension for its Chrome browser later this year. The company released the coding for the planned extension to security specialists Tuesday in an effort to detect any weaknesses before making it available to everyone.


Search Augusta jobs