Why Google Should Encrypt Our Email

from the it's-good-for-everyone dept

Google is in an ideal position to overcome these difficulties, and finally make strong e-mail encryption a mass phenomenon. Their Gmail service—the one David Petraeus was using to exchange steamy messages with his biographer and lover, Paula Broadwell—has some 425 million active users by last count. Many of those users access the service through a Web interface, which Google can change and update for all users simultaneously. That means we could all wake up tomorrow to find a handy new “Encrypt Message” button included in the familiar Gmail interface we're already using. Meanwhile, Google (along with Facebook) has rapidly become a kind of universal Internet identity provider, with the Google Account used as a key not only to access Google’s own myriad offerings, but many other independent online services as well.



Because truly strong encryption is “end to end”—meaning the end-users generate, store, and have sole access to their own private encryption keys—a robust content encryption system may require users to have appropriate client software installed on their own machines. Here, too, Google is well positioned to provide a solution: They already make a widely-used browser, Chrome, and a popular operating system for mobile devices, Android, which could be updated with the necessary functionality built-in, eliminating the need for a separate browser plug-in.

Meanwhile, Google would garner enormous goodwill from privacy advocates, reams of free press coverage, and an attractive new selling point, not only for Gmail but for Chrome and Android as well. Encryption would likely be a particularly appealing feature for Google's paying enterprise customers, whose messages may contain information that is not only private but highly valuable. At the very least, it's worth running the numbers again to see whether offering strong encryption might now be a net boon to the company's bottom line.

Because people are loss-averse, taking away something people already have and value can be all but impossible—while preventing them from getting it in the first place is far easier. By rolling out e-mail encryption now, Google can ensure that ordinary users see myopic efforts to regulate secure communications infrastructure as something that affects all of our privacy and security—not just that of faceless crooks or terrorists.

...lots of cloud services that offer encryption let the user choose whether or not to let the provider keep a backup copy of the user's keys. The more paranoid could sacrifice some mobility and convenience—and risk losing access to some of their messages if their local copies of the key are destroyed—by opting not to let Google keep even an encrypted copy of their key. Or, as a middle ground, a user could always store an encrypted backup copy of her key with a different cloud provider, like Dropbox, which need not even be known to Google. That provides all of the advantages of storing the key with Google at a relatively minor cost in added hassle, but substantially raises costs for any attacker, who now must not only crack the passphrase protecting the key, but figure out where in the cloud that key is located. Assuming it's accessed relatively infrequently (most of us read our e-mail on the same handful of devices most of the time) even a governmental attacker with subpoena power and access to IP logs is likely to be stymied, especially if the user is also employing traffic-masking tools like Tor

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Julian Sanchez has put forth an interesting and compelling proposal: if Google really wanted to take a stand in favor of user privacy, it should encrypt all our emails Of course, as Julian notes, one reason why Google is resisting this is that it would make it more difficult to scan your emails and offer contextual advertising based on what's in those emails. He notes that Vint Cerf more or less admitted this last year, in noting that it would be a challenge to their business model. But Julian notes that there are other ways to target advertisements (some of which might be more effective) than keying them directly off each email -- for example, it can still use your search history, social profiles, Youtube videos, etc. For what it's worth, in all the years I've used Gmail, I don't recalllooking at the ads they display -- though, obviously, some people out there must click. Also, a point worth noting: Microsoft's new Outlook.com email systemscan each email for contextual advertising purposes. If they can do it, it seems silly to argue that Google needs to scan each email. More importantly, Julian isn't saying thatemail should be encrypted -- so plenty of messages will still be sent in the clear, and those can be used for contextual ads. And the benefits may outweigh the negatives:Furthermore, he notes that Google can use this to take a real stand against efforts by law enforcement to build wiretapping into email. Those efforts have been going on for a long time, and Google has fought against them in the past. But, he notes, getting people up in arms about the fedssomething that people already have is a much more powerful motivator than getting them worked up about the feds making it impossible for Google to offer that feature in the future.For what it's worth, Ed Felten responded to Julian's proposal by noting a few potential issues with it : (1) managing the crypto keys and cyrpto code would be an issue (would Google also store your key? if so, many of the benefits go away) and (2) there are features that rely on Google being able to see your email. For that latter issue, he notes that beyond just the question of contextual advertising, it could make things like filtering messages more difficult -- and that includes for more important filters like spam.Julian responds by noting that these are not insurmountable issues. The management of the crypto keys could be handled by Google if people are okay with it, or they could offer up third party options (whether local, or some other "cloud" provider, such as Dropbox).As for the filtering option, he notes that you can still filter based on other metadata, and that most of the encrypted notes are less likely to be spam, since they're more likely to be used between people who know each other. To avoid the problem of spammers suddenly jumping on the encryption bandwagon, he suggests an option where you might only accept encrypted mail from white-listed addresses.Some Google haters will insist that Google will never do this because it might diminish the contextual ad business, but as Julian explains (in both links!) that's not necessarily the case. Furthermore, Google has, in the past, shown that it recognizes that making a goodwill gesture in terms of increasing privacy or better protecting its users can often pay off in much more usage and public goodwill in the long run. As Julian notes: it seems that it's at least worth running some numbers to see how it might make financial sense to better protect user emails.

Filed Under: email, encryption, gmail

Companies: google