99 96 56 LINKEDIN 10 COMMENTMORE

SAN FRANCISCO — As much as 50% of e-mail traffic sent from or to Gmail users isn't really private, and Google thinks it should be.

To nudge e-mail providers to make use of already existing encryption, Google on Tuesday published a page telling users which e-mail services support encryption and which do not, based on what it can see of e-mails sent by Gmail's 425 million active users worldwide.

The statistics were posted on Google's Transparency Report. There, users can search by region to see whether their e-mail provider has encryption turned on.

Encryption means that a message going from one e-mail provider to another is encoded, so anyone monitoring the Internet would be unable to read it.

Between 40% to 50% of e-mails sent between Gmail and other e-mail providers aren't encrypted, Google said in a blog post. Currently, many providers have turned on encryption while others say they're going to. That's "great news," Google said. "As they do, more and more e-mails will be shielded from snooping,"

The encryption works only if both sides of the transaction have the encryption protocol, called Transport Layer Security, or TLS, turned on.

If a Gmail user sends a note to someone whose e-mail provider doesn't have TLS, the entire transaction is unencrypted.

"Companies basically just need to flip the switch, and it's on," said Joe Hall, chief technologist with the Center for Democracy & Technology in Washington, D.C.

For example, both Gmail and AOL have TLS turned on. So all e-mails between Gmail and AOL users are encrypted as they travel over the Internet's public backbone.

That's where they are considered most vulnerable to snooping by hackers or governments.

The encryption isn't enough to stop a determined snooper. "Nothing is enough to stop the NSA cold," Hall said.

However, it makes it more difficult, time-consuming and expensive to read someone else's e-mail, which could be a deterrent.

According to Google's statistics, AOL, Yahoo, Facebook, Twitter and LinkedIn all encrypt more than 95% of their e-mail traffic when it's in transit.

Microsoft's Outlook.com e-mail system was encrypted about 50% of the time.

In a blog posting in December, Microsoft said it was working to implement increased encryption across Microsoft products and services.

The Google announcement piggybacks on a campaign launched last year by the Electronic Frontier Foundation, which pushed e-mail providers to turn on TLS.

"It's like knowing you have the technology to travel to the moon, but all around you everyone's flying dirigibles and Zeppelins," said Peter Eckersley, technology projects director for the San Francisco-based digital rights group.

The good news is that the Google statistics show that there's significant growth in the use of e-mail encryption, he said.

Google's second announcement governs what happens once the e-mail arrives.

TLS only works as e-mail messages travel over public Internet thoroughfares, not once they get into the servers, the "digital parking lot," of a company, be it AOL, Google or Yahoo.

For that, Google is announcing that it will create a plug-in for its Chrome browser that will allow users to encrypt their e-mail end-to-end.

Google is not releasing the plug-in today. Rather, it is making the security code that will make the plug-in work available to the security community, so they can see whether it measures up.

Once it's been vetted and shown to be sufficiently strong, the company plans to release the actual plug-in. No timeline was made available Tuesday.

"This is the Holy Grail of security e-mail communications, writing an e-mail so that only the writer and recipient can read it," said Hall.

"We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection. But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it," Google said in a blog post about the Chrome plug-in.

What's surprising about the end-to-end encryption is that it means even Google couldn't see what's in an e-mail.

That matters because one of the ways Google makes its money is by scanning e-mails within its own servers for information so that it can send targeted ads to users.

Someone with a Gmail account who made use of end-to-end encryption would become invisible to Google.

"They've made an interesting calculation that the number of people who are going to use this is going to be small, but they want to give people the option," said Hall.

End-to-end encryption exists today, but the programs are clunky and not very user-friendly, said Eckersley.

99 96 56 LINKEDIN 10 COMMENTMORE
Read or Share this story: http://usat.ly/1mPiIUx