Google announced via blog post Tuesday its participation in a wide-reaching campaign to encourage all Internet users to encrypt their online communications. As part of the Reset the Net campaign to get more people using “NSA-resistant privacy tools,” Google made available the source code for a Chrome extension that provides easy end-to-end encryption for Gmail.
Google says that it encrypts all the messages it can and that approximately 70 percent of outgoing emails sent to other email providers are encrypted, while 48 percent of incoming emails are protected the same way.
“Both sides of an email exchange need to support encryption for it to work; Gmail can’t do it alone. Our data shows that approximately 40 to 50 percent of emails sent between Gmail and other email providers aren’t encrypted,” Google wrote. “Many providers have turned on encryption, and others have said they’re going to, which is great news. As they do, more and more emails will be shielded from snooping.”
Wordpress.org, Mozilla, Reddit and the American Civil Liberties Union are among the other major entities that have pledged to place a Reset the Net “splash screen” on their sites on June 5 to direct readers to easy-to-use Internet security tools.
Google’s release of the source code for an end-to-end encryption tool takes security a step further. End-to-end encryption refers to the practice of uninterrupted encryption from the moment a communication is sent to when it is received and opened by the intended party. In end-to-end encryption, the sending party encrypts the message to be readable only by the intended recipient. Then the receiving party decrypts it, without any involvement by a third party (like, say, email providers themselves, or the National Security Agency).
While tools for end-to-end encryption exist, they are difficult to use and functionally available only to people with expertise in the field. Google’s move Tuesday is intended to simplify the process with a Chrome plug-in.
The plug-in isn’t available yet to the general public, but security researchers will now have access to test the code before Google releases a completed version. Google’s Vulnerability Reward Program will offer financial rewards for finding security bugs in its end-to-end code.
“The end-to-end team takes its responsibility to provide solid crypto very seriously, and we don’t want at-risk groups that may not be technically sophisticated—journalists, human-rights workers, et al.—to rely on end-to-end until we feel it’s ready,” the company said in releasing the code, according to Wired. “Prematurely making end-to-end available could have very serious real-world ramifications.”
Wired notes that this is the first time Google has officially supported encrypting email.