Security Experts:

Google Boosts Security of Gmail Infrastructure

All Gmail Messages Now Encrypted While Moving Internally

Google announced on Thursday that its Gmail service would use added encryption to protect against eavesdropping and keep messages secure.

"Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email,” Gmail security engineering lead, Nicolas Lidzborski, wrote in a blog post.

“Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers – no matter if you're using public WiFi or logging in from your computer, phone or tablet," he added.

The new security protection for Google’s popular email service is the latest move as Internet and technology firms scramble to boost their security efforts and up encryption after Edward Snowden began to leak classified details on the scope of US government spying.

Lidzborski said that 100 percent of email messages that Gmail users send or receive are encrypted while moving internally.

“This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations,” Lidzborski said.

Joseph Hall, chief technologist at the Center for Democracy and Technology, told AFP that Google's encryption "would make it very difficult" for the NSA or others to tap into email traffic directly.

"I'm reluctant to say anything is NSA-proof," Hall told AFP. "But I think what Google is trying to do is make sure they come through the front door and not the back door." He warned that the encryption would be only for "transport" and that data may still be unencrypted while sitting on a user's browser or stored in certain data centers. Hall added that Google's encryption is positive because it is "part of a general trend of strengthening the core Internet structure."

In December 2013, a group of US-based Internet giants called on Washington to overhaul its surveillance laws. In an open letter to President Obama and Congress, the tech giants called on Washington to lead the way in a worldwide reform of state-sponsored spying.

In January, President Barack Obama announced plans to curtail the reach of massive phone surveillance sweeps by the NSA, but said bulk data collection must go on to protect America from terrorists.

In December, Microsoft said it would “pursue a comprehensive engineering effort to strengthen the encryption of customer data” in order to protect its customers from prying eyes and increase transparency.

In a recent letter to customers, IBM executive Robert Weber emphasized the need for Governments to take action in order to restore trust.

“Data is the next great natural resource, with the potential to improve lives and transform institutions for the better,” Weber said. “However, establishing and maintaining the public’s trust in new technologies is essential."

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.