Google has announced today that it will encrypt email messages as they travel along the Internet and between its own data servers. The move is meant to fix a vulnerability that allowed the National Security Agency to intercept those messages through a program revealed by the Washington Post last year.
The agency was reportedly able to intercept information as it traveled between Google’s data centers — a claim illustrated by a hand-drawn smiley face that caused some Google employees to “explode in profanity” when the Post showed them the document. A post on the Google blog says that the update announced today, which will protect “every single email message you send or receive” from prying eyes, was “made a top priority after last summer’s revelations.”
Google isn’t the only company that promised to encrypt its users’ communications following the revelation of NSA programs meant to collect all kinds of data from tech companies. Yahoo, whose email system and video chat service were also compromised, made the same promise. (Interestingly, Yahoo has until the end of this month to encrypt all of the information sent between its data centers, if it intends to keep its promise to do so by the end of the first quarter of 2014.)
Encrypting those communications will make it more difficult for the NSA to monitor the emails of countless Gmail users, but it won’t make them impervious to surveillance. The Intercept reported in March that the agency has built a system meant to spread malware to millions of computers, which would allow it to gather information before it can be encrypted. Patching these vulnerabilities creates speed bumps that will slow the agency’s drive to spy on essentially the entire world, but they won’t cause the agency’s surveillance programs to stop.
That’s assuming that the information is properly encrypted, of course. Remember that the NSA has been working to weaken encryption standards, that Yahoo’s use of HTTPS in Yahoo Mail was “inconsistent,” and that Apple failed to properly implement a security standard in both its mobile and desktop operating systems for at least 18 months. Caution is warranted.
Still, at least these companies are starting to address the technical problems that allowed the NSA to gather so much information for so long. Now they’ll just have to hope that lawmakers, which often sign off on requests for that data anyway, will address the legal system too.
[illustration by Brad Jonas for Pando]