Google Ups Gmail Security Standards To Prevent Snooping


Google said Friday that it has improved security encryption for its email service in response to the revelations about the National Security Agency's domestic surveillance practices.

Starting Friday, the company said, Gmail will always use encrypted HTTPS for checking and sending email. While Google has made the HTTPS standard the default for Gmail since 2010, the encryption standard will now be the sole option for more than 400 million Gmail users.

"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers -- no matter if you're using public Wi-Fi or logging in from your computer, phone or tablet," wrote Nicolas Lidzborski, Gmail security engineering lead, in Google's Official Blog. "In addition, every single email message you send or receive -- 100 percent of them -- is encrypted while moving internally."

[Related: Google Cuts Prices For Google Drive Storage]

While Lidzborski didn't specifically mention government spying or the NSA, he did reference the NSA documents leaked by former contractor Edward Snowden that revealed the agency's massive domestic surveillance program. According to the leaks, the NSA collects millions of telephone records as well as email and Internet messages via its PRISM system, which gives the agency direct access to the servers of Google, Microsoft, Facebook and Yahoo, among other large ISPs.

"This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers -- something we made a top priority after last summer’s revelations," he wrote. Google has consistently denied that it provides the NSA direct access to its servers. Last summer Google CEO Larry Page and David Drummond, chief legal officer at Google, stated that the U.S. government does not have direct access or a back door to Google's data centers and that the company had never heard of PRISM.

Google also said Friday that it will continue to strengthen security protection for Gmail. "Our commitment to the security and reliability of your email is absolute, and we’re constantly working on ways to improve," Lidzborski wrote.

Aric Bandy, CEO of Agosto, a Google Apps Enterprise Premier Partner based in Minneapolis, said all of his clients that use Gmail already use the HTTPS standard to encrypt email. But he applauded the move because it sends a message that Google is serious about improving security and data protection in the cloud.

"What this does for business is bring the conversation about security and encryption back to the forefront, which is a good thing," Bandy said. "Now all of your information is encrypted with Google. It's encrypted between you and Google, it's encrypted while it's at rest on Google's servers, and it's even encrypted when it moves between Google's own data centers. And that kind of protection is a requirement in the world we live in today."

Google's announcement comes one day after Microsoft was criticized for spying on emails from a technology blogger's Hotmail account in a case of a former Microsoft employee accused of stealing trade secrets. Seven-year Microsoft veteran Alex Kibkalo was arrested Wednesday by the FBI for allegedly stealing secrets related to Windows 8 source code and leaking the information to a blogger in France. It was revealed in a court complaint against Kibkalo that Microsoft discovered Kibkalo's alleged actions by searching the unnamed blogger's Hotmail account. The software giant said it did not need a warrant to search its own email service because the terms of service for Hotmail (now Outlook) give Microsoft the right to review any communications and remove any material "in its sole discretion."

In addition, Hotmail's terms of service expressly prohibits users from posting or disseminating material that "infringes on any copyright, trademark, patent, trade secret, or other proprietary right on any party." Nevertheless, Microsoft issued a statement late Thursday from John Frank, vice president and deputy general counsel, who wrote that the company plans to tighten security and privacy measures around its email and online communications services following the news of the Kibkalo case.

"While our actions were within our policies and applicable law in this previous case, we understand the concerns that people have," Frank wrote. "Therefore, we are announcing steps that will add to and continue to strengthen further our policies in any future situations involving our customers."

PUBLISHED MARCH 21, 2014

See the latest cloud technologies, learn best practices, and interact with your peers at the channel’s first all-inclusive cloud event: NexGen Cloud Conference & Expo, December 4-5, 2014 at the San Diego Convention Center. Register now at  www.NexGenCloudCon.com