Google announced last night that it has upped its email security measures following "last summer's revelations," a not-too-subtle reference to Edward Snowden's massive NSA document leak.
Gmail Security Engineering Lead Nicolas Lidzborski wrote in a blog post that "Your email is important to you, and making sure it stays safe and always available is important to us." He continued:
Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers — no matter if you're using public WiFi or logging in from your computer, phone or tablet.
For the uninitiated, HTTPS is basically a more secure version of the standard HTTP. It's the type of protection you get from banks when performing financial transactions online (and might also slow down your connection a bit). In addition to moving to an encrypted HTTPS connection, said Lidzborski, the company will protect each email sent via Gmail:
Every single email message you send or receive — 100 percent of them — is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers.
Back in November, Google Chairman Eric Schmidt said that he had not been pleased to learn that the NSA had hacked into the company's servers, collecting millions of records each day. "I was shocked that the NSA would do this—perhaps a violation of law, but certainly a violation of mission,” Schmidt told CNN, adding that “This is clearly an overstep.”
He continued, “From a Google perspective, any internal use of Google services is unauthorized and almost certainly illegal."
The new security measures won't make it impossible for the NSA to access Gmail, but they will certainly make it more difficult for the agency to do so, per CNN:
Google is taking the kind of approach to combating surveillance that top privacy researchers advocate: Make mass collection unfeasible by making it more difficult and more expensive to accomplish."I wouldn't call it NSA-proofing," Eugene H. Spafford, a computer science professor at Purdue University. "But they're doing something reasonable to protect against that and any other similar kind of eavesdropping."
The extra security will also help protect Gmail users from non-government hackers, too.
It should be noted that these measures only work between Gmailers: If you send a message to someone with a Microsoft or Yahoo account, the messages won't be encrypted. So you can go ahead and delete those contacts now and only be friends with other Googlers.
This article is from the archive of our partner The Wire.