In a world where every day brings in new hacks an threats to your privacy, we’re constantly told that encryption is the key to keeping ourselves and our data safe.
This article will focus on email encryption services. It will discuss the pros and cons of various email encryption services and provide some pointers on how best to encrypt your Gmail mail. First, let’s start with the basics.
What is email encryption?
Email encryption is a technique to make it impossible for someone to read your emails without knowing your password. It does this by encrypting your messages using a key that only you have access to. This prevents anyone from being able to read encrypted messages, including the service provider (e.g Gmail). Encrypted messages can only be decrypted if you provide the correct password/key.
It’s important to note that even though Gmail does not store your private key, they still have access to all of the unencrypted emails on their servers and they can share them with authorities if they’re asked for it or if there are legal reasons behind it. That said, none of your emails will be stored in a way that can be decrypted by a third party.
This new feature is currently available for Gmail users on Android, iOS and the web.
If you want to learn more about how end-to-end encryption works, here’s a great video for you: End-to-end encryption has been around for a while and many apps have adopted it, but Google is the first one to make it a default feature of its email service.
Here’s what others had to say about this new feature: Marcia Hofmann, a senior staff attorney with the Electronic Frontier Foundation, said that Google’s move will likely spur other companies to offer similar protections. “It’s a big deal,” she said in an interview. “I expect we’ll see other email providers follow.”
Michael Posner, president of the New York-based Internet Society, an international organization dedicated to ensuring the open development, evolution and use of the Internet for all people worldwide, said that Google’s move is good news for users. “This decision by Google is welcome and important because it helps advance user trust and confidence in email technology,” he said in an emailed statement.
“This step forward means that more people will be able to take advantage of encryption without having to be technology experts. It also reduces the likelihood that law enforcement will be able to demand access to encrypted email content without following due process.”
l “Google’s decision is a victory for privacy,” said Marc Rotenberg, president of the Electronic Privacy Information Center in Washington D.C. “The move by Google and other companies to incorporate strong encryption into their products will make it harder for information about their customers to be compromised.”
l Richard Sexton, vice president of research at security firm Veracode, based in Burlington, Mass., said that this is an important development because it means that email can now compete with instant messaging as a secure communications channel.
“This is really going to help raise the bar on what we can expect from communications security,” he said. “It’s a big deal.”
The encryption in Google’s new email service is based on an open-source protocol known as PGP, or Pretty Good Privacy. It was developed in the 1990s by Philip R. Zimmermann, an Internet privacy activist who wanted to make strong encryption available to everyone.
Google has incorporated PGP into its Gmail service so that when users send encrypted emails it uses their web browser to render the message and encrypt it using a private key generated for each user and stored on Google’s servers. The sender then sends this coded message through normal email channels, which carry it to the recipient’s inbox and render it again using a public key that has been stored on Google ‘s servers. The recipient’s web browser then decrypts the message using their private key stored locally on their computer.
In March 2013, Google announced that it would no longer provide encryption keys for Gmail messages to the Chinese government. In November 2014, Google announced that it had upgraded its security system so that users’ emails were now encrypted both while traveling through the Internet and while stored on Google systems.
Google has also incorporated PGP into its Chrome OS to allow a user of an encrypted Chromebook to use a USB drive as an additional layer of security when signing in. If this is done, the user must supply a passphrase and access to all confidential data is blocked until both passphrases are entered correctly (the Chromebook automatically locks if the wrong passphrase is entered three times). This makes it impossible to access the data on the USB drive without knowing both passwords.
In a 2009 report, Google claimed that China was one of its largest markets and that it was “not currently possible to say exactly how much information about users Google provides to Chinese authorities”. In 2010, Google stated that they were no longer willing to continue censoring their results on google.cn, and began redirecting Chinese users to their Hong Kong service, google.com.hk (which is outside the jurisdiction of Chinese censorship laws). On October 14, 2010, Google announced it would no longer accept censorship requests for its search engine in China and may exit the country altogether if forced to comply with new laws.
In January 2011, Google began redirecting all searches to google.com.hk from google.cn, and no longer automatically redirected any queries to the Hong Kong site from within mainland China. Since then some users have complained about not being able to access google.cn and its uncensored search results without using specific proxies or other methods of bypassing the Great Firewall from behind the GFW (see censorship in China). The company said: “We want as many people in the world as possible to have access to our services, including users in mainland China, yet the Chinese government has been crystal clear throughout our discussions that self-censorship is a non-negotiable legal requirement”. In response, a spokesperson for the Chinese Foreign Ministry said: “We welcome the normal commercial activities of foreign companies in China, but we also hope that such businesses will respect China’s laws and regulations”.
and its uncensored search results without using specific proxies or other methods of bypassing the Great Firewall from behind the GFW (see censorship in China). The company said: “We want as many people in the world as possible to have access to our services, including users in mainland China, yet the Chinese government has been crystal clear throughout our discussions that self-censorship is a non-negotiable legal requirement”. In response, a spokesperson for the Chinese Foreign Ministry said: “We welcome the normal commercial activities of foreign companies in China, but we also hope that they abide by Chinese laws and regulations”.
However, the company has also been criticized for its actions. A member of US Congress, Tom Lantos, wrote to Yahoo! CEO Carol Bartz on 10 September 2009 urging her to reverse the decision. He argued that “the Internet is a powerful force for good around the world” and it should not be censored. The Reporters Without Borders organisation urged Yahoo! to reconsider its decision saying: “This is an error of judgement that will undoubtedly have serious consequences”. The group asked members of the public to send protest letters to Carol Bartz and other Yahoo executives.