Google has released code of its new open source End-to-End encryption extension to be tested for bugs and back doors by security experts. While it claims to be an effective privacy guard, it leaves the main question of whether it’s NSA-proof open.
The Google team believes that its new End-to-End tool will allow users to easily encrypt their emails on the go.
What the Google team did is that they took an already existing open-source encryption standard OpenPGP, which now is rather complicated for a general user as it requires serious technical expertise, and made a product suitable for anyone. Later, when the draft tool is finalized, it would be transformed into a standard extension package for Google’s Chrome browser.
The main difference of the new tool is that it requires a recipient to own a similar program for decrypting the message, otherwise instead of a meaningful letter the receiver would get a set of meaningless symbols.
However promising it might sound, the end-to-end encryption technology does not eliminate the possibility of a government agency such as the NSA reading your emails.
But to do so they’d have to get connected directly to your computer to be able to get the message deciphered easily instead of intercepting it in accordance with a secret court order to decipher it later. This would imply much greater technical and computing resources than the NSA is currently believed to have.
“It’s important that the government not overstep,” Google’s chief of security Eric Grosse said in an interview recently. “We don’t want any government breaking the security of the Internet.”
To a certain point communication giants like Google, Microsoft and Yahoo remained hesitant about the end-to-end encrypted email protocol for a simple reason – that would cut them from additional profits they obtain by gathering personal data from messages and further selling it to those interested in targeted advertising. That’s the main reason behind these companies’ decision last year not to sign the Dark Mail Alliance proposed by communications providers Lavabit and Silent Circle.
But the scandal around the NSA’s global surveillance forced technology companies to change their politics.
With a lot of money spent on introducing encryption technologies on the company’s servers, Google is now preparing to make the companies that lag behind with encryption investments feel ashamed for the lack of security in communications they provide.
According to the files leaked by the former NSA contractor Edward Snowden, the NSA has direct access to leading companies’ servers – Google included – and simply copies the dataflow in full.
Moreover, the NSA even started developing a “quantum computer” capable of breaking all kinds of encryption.
So, it appears that no browser add-on can guarantee 100 percent security from the totalitarian surveillance effort of the US government.
And then there’s more bad news, experts say. The communication giants wouldn’t invest into encryption technologies if they don’t expect to at least recoup their money later. And the NSA would need a larger budget to adapt to the new “secure” communication rules of the game.