Yahoo CISO: End-to-end Mail encryption by 2015

Summary:At Black Hat USA 2014, Yahoo's CISO announced in a presentation that consumers will be seeing end-to-end encryption in its Mail product by 2015.


Today at Black Hat USA 2014, Yahoo's CISO announced in a presentation that consumers will be seeing end-to-end encryption in its Mail product by 2015.

Announcing a new PGP plugin that piggybacks off of Google's PGP plugin, Alex Stamos told the audience at his talk Building Safe Systems at Scale - Lessons from Six Months at Yahoo that this project has been a priority since he joined Yahoo Inc. six months ago.

Recruited for the project is (now former) EFF staff technologist Yan Zhu.

In the Thursday talk, Stamos told attendees that Yahoo is using the end-to-end encryption plugin that Google released a few months ago, with the plan of having both Yahoo Mail and Gmail able to exchange encrypted mail between the services seamlessly and easily.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

The move is a step in the right direction for security teams endeavoring to bring encryption to consumers, which faces challenges around ease of use for the ordinary user.

Encryption has followed security's traditional quandary of easy versus secure. Basically, if anything [in tech] is easy to use, lots of people will use it -- but security and simplicity seldom go hand-in-hand.

Stamos directly referenced the 'post-Snowden era' of consumer privacy and security as the impetus for his push at Yahoo to his Black Hat audience.

He said,

Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real.

We as an industry have failed. We’ve failed to keep users safe.

If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.

Stamos' talk was the best-liked and most talked about briefing at Black Hat USA Las Vegas 2014.

Mr. Stamos has been tweeting tidbits about the announcement.



The move to encrypted mail brings Yahoo Mail into the forefront of user privacy in mail services among web giants, joining Google and Microsoft in the race to protect customers in the post-Snowden era of security.

Photo credit: Black Hat USA/UBM Tech, used with permission.

See also:

Topics: Security


Ms. Violet Blue (, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that inclu... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.