In a latest wave of displeasure toward intrusive surveillance programs, search giant Google is implementing a fully encrypted connection between its servers for the Gmail service in order to foil third-party attempts at eavesdropping into private communications, not by malicious hackers but by its own government.
“Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet,” Google announced, reassuring users that an encrypted HTTPS connection will be a ubiquitous setting for viewing and sending emails.
The latest move comes hot on the heels of Google’s recent shift to an encrypted search connection in China to thwart similar spying programs by the government there in the form of what is aptly called the Great Firewall of China.
Google’s adoption of email encryption also keeps with the pervasive trend in technology most recently implemented by Yahoo when it announced the mandatory SSL encryption for Yahoo Mail users in October of last year.
The encryption trend began last year immediately after the discovery of the PRISM initiative by the National Security Agency and other intelligence services, thanks to whistleblower Edward Snowden. Since then, major tech firms, who have been accused of conspiring with the government’s spying programs, have built up their Internet security infrastructure to balk interception by external parties.
But wait, Gmail engineering security chief Nicolas Lidzborski posted in a blog that “your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers – something we made a top priority after last summer’s revelations.”
What Lidzborski is saying applies only to the movement of Gmail messages between Google users. What of Gmail’s connection to non-Google services? There’s the rub. How can you maintain the same level of security when you start sending or receiving emails from, say, Microsoft or other email service providers?
But even an encrypted email is not an absolute guarantee that your communication can never be intercepted by outsiders. And by outsiders I mean the government, hackers and the email service provider itself. A malware, for example, can be employed to lure users into unwittingly giving up their sensitive information such as passwords to Social Security number.
Nonetheless, Google’s latest move is a welcome development to the growing efforts of the tech industry to secure the Internet.