Gmail security engineering lead Nicolas Lidzborski, announced that all Gmail messages will now be run through an encrypted Hypertext Transfer Protocol Secure (HTTPS) connection, in a blog post.
"Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default," he said.
"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers – no matter if you're using public WiFi or logging in from your computer, phone or tablet."
HTTPS is a popular internet security protocol that uses digital certificates to authenticate the identity of the web server a computer is communicating with and block man-in-the-middle attacks, for example. The protocol also encrypts any data passing between the server and the computer. Lidzborski said the use of HTTPS will stop intelligence agencies monitoring Gmail users' communications.
"Every single email message you send or receive – 100 percent of them – is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centres – something we made a top priority after last summer's revelations," he said.
Google is one of many companies known to have been targeted by the NSA during PRISM. News of the PRISM campaign broke earlier this year when whistleblower Edward Snowden leaked classified documents to the press, proving the NSA siphoned vast amounts of customer data from numerous technology companies.
Google has since worked to improve its security services to allay its customers' fears. The firm began encrypting its search data using the Secure Sockets Layer (SSL) protocol earlier in March.
Snowden listed encryption as a key way for companies to protect their customers from NSA spying during a privacy discussion at the SXSW conference in Texas earlier in March.
Despite the positive move, the use of HTTPS does not necessairly mean Gmail users are 100 percent protected from intelligence agencies such as the NSA. It is still unclear whether the NSA used hacking methods to collect data from companies such as Google without their knowledge or if it simply used Foreign Intelligence Surveillance Act (FISA) requests.
FISA requests are specific court orders that force US-based companies to hand data to the NSA. They include a gagging clause that blocks companies from disclosing key information about their involvement to the public.
NSA general counsel Rajesh De said the businesses involved were fully aware of what metadata was being collected during a hearing chaired by the US Privacy and Civil Liberties Oversight Board earlier this week. If true the NSA could still collect Gmail customer data from Google using FISA requests.
No comments:
Post a Comment