Google Follows Snowden’s Advice, Encrypts All Gmail Messages


Whether you think former National Security Agency contractor Edward Snowden is a hero or a traitor, at the very least you now know that the National Security Agency has expanded the scope of its surveillance of American citizens quite a bit. The government agency has been forcing tech companies to turn over reams of user data while also brute forcing their way past those company’s security protocols to access even more information about their customers. In reaction to these methods, Google announced today that it’ll be encrypting all incoming and outgoing messages through Gmail by default.

The news comes via a post by Gmail Security Engineering Lead Nicolas Lidzborski, who wrote about the new initiative on the Google Enterprise Blog:

“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet.

In addition, every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers—something we made a top priority after last summer’s revelations.”

Former NSA contractor Edward Snowden called for broader encryption of web services at SWSX in March 2014.

This is good news for those of us who have been concerned about the security and privacy of our data and communications ever since the NSA’s PRISM plan was revealed by documents leaked by Snowden last summer. Interestingly, Snowden himself, speaking via satellite at the SXSW festival earlier this month, called for better encryption methods and for that encryption to be implemented more broadly and as standard operating procedure across the various web services on which we rely.

It’s likely that Google was already working on doing this long before Snowden spoke, but these actions to go show that if we can’t trust the US government to scale back its surveillance efforts, we need to find other ways to keep user data secure.

[Source: Google Enterprise Blog]