Google encrypts Gmail to safeguard against NSA snooping

21 Mar, 2014 11:47 / Updated 11 years ago

Google is doing its best to put a lid on the NSA’s prying eyes by using enhanced encryption technology to make its flagship email service airtight.

“Your email is important to you, and making sure it stays safe and always available is important to us,” Gmail engineering security chief, Nicolas Lidzborski, said in a blog post.

“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email.

“Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers — no matter if you’re using public WiFi or logging in from your computer, phone or tablet.”

The internet giant’s announcement is the latest attempt to bolster the company’s widely used email service and follows a similar step in 2010, when the company made HTTPS the default connection option.

At the time, however, users had the option to turn this protection feature off. Starting from Friday, Gmail is HTTPS-only. The move is a response to a disclosure made by National Security Agency (NSA) whistleblower, Edward Snowden, that the agency had been secretly tapping into the main communications links that connect Yahoo and Google data centers around the world.

According to a secret January 9, 2013 accounting, millions of records were being sent every day from Yahoo and Google internal networks to data warehouses at the NSA’s Fort Meade, Maryland headquarters.

The NSA's principal tool to exploit the Google and Yahoo data links is a project called MUSCULAR, operated jointly with the agency's British counterpart, Government Communications Headquarters (GCHQ).

To do so, the NSA and GCHQ rely on capturing information being sent between company data centers around the globe via fiber optic cables, intercepting those bits and bytes in transit by tapping in as information is moved from the “Public Internet” to the private “clouds” operated by the likes of Google and Yahoo. Those cloud systems involve the linking of international data centers, each processing and containing huge troves of user information for potentially millions of customers. Intelligence officers who can sneak through the cracks when information is decrypted — or never encrypted in the first place — can then see the information sent in real time and take “a retrospective look at target activity,” according to documents seen by the Washington Post.

In November, Google Executive Chairman Eric Schmidt said the alleged snooping operations were “outrageous” and perhaps even illegal.

"It's really outrageous that the National Security Agency was looking between the Google data centers, if that's true,” the Wall Street Journal quoted Schmidt, who has served as the Silicon Valley company’s chairman for over a decade, as saying.

“The steps that the organization was willing to do without good judgment to pursue its mission and potentially violate people's privacy, it's not OK," Schmidt said. "The Snowden revelations have assisted us in understanding that it's perfectly possible that there are more revelations to come."

However, on Wednesday the top lawyer for the NSA told a civil liberties oversight board that all communications information and metadata collected by the agency pursuant to the 2008 FISA Amendments Act, whether the material was gathered by the agency’s internet data-mining program PRISM or by the “so-called ‘upstream’ collection of communications moving across the internet”, was done so with the direct knowledge of companies like Google and Facebook.

The NSA has previously claimed it only focuses on targets with foreign intelligence value. The agency can also request access via Google and other tech companies with the aid of a court order.

During an on-stage Q&A at the TED conference in Vancouver on Thursday, Google CEO Larry Page maintained that the NSA’s actions had not been done with the company’s knowledge and were a threat to democracy.

“For me, it’s tremendously disappointing that the government sort of secretly did all these things and didn’t tell us,” Page said. “I don’t think we can have a democracy if we’re having to protect you and our users from the government for stuff that we never had a conversation about.”