Google boosts Chrome encryption amid email warning

The Internet giant tries to convey to users that many emails are not secure once it leaves Google's hands.


Google routinely publishes reports to establish transparency into how often responds to data requests from law enforcement agencies, but its latest update pertains more to industry competitors.

The Internet giant issued a memo on Tuesday -- a reminder to some and maybe a heads-up to others -- that while Google might promise to keep emails encrypted within its bounds, it can't say the same when messages float beyond its digital grasp.

In fact, Google estimated that between 40 and 50 percent of emails sent between Gmail and other email providers aren’t encrypted at all.

Brandon Long, the tech lead for the Gmail Delivery Team, offered a real world comparison in a blog post on Tuesday to nail home the point for Internet users of all proficiency levels:

When you mail a letter to your friend, you hope she’ll be the only person who reads it. But a lot could happen to that letter on its way from you to her, and prying eyes might try to take a look. That’s why we send important messages in sealed envelopes, rather than on postcards.

Email works in a similar way. Emails that are encrypted as they’re routed from sender to receiver are like sealed envelopes, and less vulnerable to snooping—whether by bad actors or through government surveillance—than postcards.

While acknowledging other email providers to encrypt their emails too (albeit without naming names), Long noted a few public service announcements intended to nudge others to do the same.

That starts with a new section in Google's Transparency Report dedicated to promoting safer email infrastructures.

Google also has a few other security-minded announcements this week, including End-to-End, a new Chrome extension powered by OpenPGP, an open standard touted to be supported by existing encryption tools.

Stephan Somogyi, a product manager on Google's Security and Privacy team, explained in a separate announcement today that this particular extension offers encryption and other security measures (i.e. HTTPS) "beyond" what Google already provides.

Somogyi wrote:

“End-to-end” encryption means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.

End-to-End isn't actually available yet, and Google hasn't revealed an exact ship date either. But Somogyi promised when the extension is ready, it can be found in the Chrome Web Store.

Image via Google