Today at Black Hat USA 2014, Yahoo's CISO announced in a presentation that consumers will be seeing end-to-end encryption in its Mail product by 2015.
Announcing a new PGP plugin that piggybacks off of Google's PGP plugin, Alex Stamos told the audience at his talk Building Safe Systems at Scale - Lessons from Six Months at Yahoo that this project has been a priority since he joined Yahoo Inc. six months ago.
Recruited for the project is (now former) EFF staff technologist Yan Zhu.
In the Thursday talk, Stamos told attendees that Yahoo is using the end-to-end encryption plugin that Google released a few months ago, with the plan of having both Yahoo Mail and Gmail able to exchange encrypted mail between the services seamlessly and easily.
The move is a step in the right direction for security teams endeavoring to bring encryption to consumers, which faces challenges around ease of use for the ordinary user.
Encryption has followed security's traditional quandary of easy versus secure. Basically, if anything [in tech] is easy to use, lots of people will use it -- but security and simplicity seldom go hand-in-hand.
Stamos directly referenced the 'post-Snowden era' of consumer privacy and security as the impetus for his push at Yahoo to his Black Hat audience.
Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real.
We as an industry have failed. We’ve failed to keep users safe.
If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.
Stamos' talk was the best-liked and most talked about briefing at Black Hat USA Las Vegas 2014.
Mr. Stamos has been tweeting tidbits about the announcement.
The move to encrypted mail brings Yahoo Mail into the forefront of user privacy in mail services among web giants, joining Google and Microsoft in the race to protect customers in the post-Snowden era of security.
Photo credit: Black Hat USA/UBM Tech, used with permission.