http://www.wired.com/2014/06/end-to-end/
Google is taking another step towards an internet that can stand up to snooping from the NSA.
Today, the company released the source code for a new web browser plugin that encrypts your email messages before they’re sent across the net. Dubbed End-to-End, the plugin aims to prevent interlopers from reading messages even if they gain access to the computer servers that drive your web email service of choice. So, if you’re using Googles’s Gmail, it could thwart the NSA and other snoopers even if they have access to Google’s network.
The plugin isn’t yet available to the general public. The idea is for security researchers to heavily test the code before Google releases a completed version of the plugin that’s available to everyone. “The End-To-End team takes its responsibility to provide solid crypto very seriously, and we don’t want at-risk groups that may not be technically sophisticated–journalists, human-rights workers, et al–to rely on End-To-End until we feel it’s ready,” the company said in releasing the code. “Prematurely making End-To-End available could have very serious real world ramifications.”
Several other companies and independent open source projects are working on similar encryption tools, but this one has added heft because Google is behind it. Once it’s finished, End-to-End could be a big step forward for email privacy, but there are some big limitations, and critics say the tool could end up doing more harm than good.
A Google First
As Venture Beat first reported in April, the plugin will be based on the venerable encryption standard PGP, short for Pretty Good Privacy. Specifically, it will be based on OpenPGP, the same standard used by other open source implementations of PGP, such as GPG.
Using PGP, all messages are scrambled in such a way that, in theory, only the sender and intended recipient can open them. That means that even if the NSA intercepts your PGP encrypted messages from Google’s servers, they won’t be able to read it without the use your private key.
It’s already possible to use PGP with Gmail and other webmail services through a third-party plugin called Mailvelope, and Samsung’s Android phones have long included PGP encryption as an option with its stock email program. But this the first time Google has officially supported encrypting email.
The Limitations
This makes for good security, but it can also be inconvenient. For example, the End-to-End plugin will store your private keys on your local machine. That means if you want to use someone’s else’s computer, or a public machine, you’ll either need to import your keys or simply not use the service. Also, the keys will not be backed up or store on Google servers, according to the company’s online FAQ. That means that if you lose your key, or forget your passphrase, it’s gone forever.
What’s more, if you use End-to-End, any emails you encrypt won’t be instantly searchable. That’s a big problem with encryption in general. Though a new technique called homomorphic encryption could eventually solve this problem, it’s not something that’s built into OpenPGP today.
Plus, Google won’t be able to scan encrypted email messages in order to target advertising. Security expert Eleanor Saitta believes this may lead to Google to discourage most users from actively using encryption. She worries that the End-to-End may simply be a publicity stunt designed to keep Google’s engineers happy while scoring points with privacy advocates.
She also points out Google has history of abandoning projects that don’t make the company money, such as iGoogle and Google Reader. If activists come to rely on Google’s encryption tools, but those tools are discontinued, they will be left without crucial protections. “People live and die by the long-term success and failure of communication platforms — I mean that in a very literal sense,” she says. “You cannot put people in a position where they are depending on a software platform for life safety issues and then simply terminate it.”
The Competition
Her other worry is that the existence of Google’s own plugin may discourage people from building other alternatives, or make it harder for open source encryption projects to raise funds. For example, Mailpile raised over $100,000 last year to build a new open source email client that works with any email provider, including Gmail, and has PGP encryption baked in from the beginning. But it will need more funding eventually, and Saitta worries that potential backers may not be as motivated to contribute.
What’s more, she says, we need more than just this kind of message encryption. Although it’s possible to encrypt the contents of an email, it’s not possible to conceal who you’ve been sending email to or who you’ve received email from. That has led to the creation of many alternative messaging schemes, such as the chat encryption system Off The Record. Saitta has been working on another email alternative called Briar which does away with intermediary servers altogether, passing encrypted messages directly from device to device. Meanwhile, PGP creator Phil Zimmermann has teamed up with Ladar Levison of Lavabit–the email service Edward Snowden used–and other security researchers to create a new email protocol called Darkmail, but haven’t yet released any code publicly.
In short, there’s nothing that can replace email quite yet, and using email privately, for now, means using encryption. Google is a unique position to make it easier for people to use PGP, but we need more than just encrypted email if we want to keep our communications private. We also need clients like Mailpile and Thunderbird, as well as new ideas like Briar and Darkmail. And we still need people fighting for political change to stop the NSA and other government agencies to stop spying on civilians. Ultimately, we need as many people as possible working to protect our privacy. The new Google encryption is a welcome addition to the tool kit, and let’s hope there are more to come.
Share on Facebook339
