Google Encrypts Gmail Between Data Centers

It may be a bit of an older article, but after the privacy unit and especially after the speaker last Tuesday, I thought this article would be a nice addition to the blog.

As a result of Edward Snowden’s NSA leaks, and the discovery that the NSA was collecting data from Google and Yahoo without their knowledge, Google (as of March 20th) announced that Gmail is more secure in an attempt to prevent the government from spying on one’s email activity. While Google” made HTTPS encryption the default for its users back in 2010″, the difference now is that Google now internally encrypts every email message Gmail users send or receive. This method prevents the NSA from intercepting emails while they are in transit.

The desire for internally encrypted emails was not viewed as publicly needed until after the NSA leaks, and undoubtedly, the interception of emails and other metadata was happening before the leaks occurred. Encrypted emails existed prior this, although it was not a default option. Before now, encrypted emails signified sensitive information. With Google’s encryption of emails, the line between sensitive information and casual conversation are now heavily blurred, which leads to my question:

Because there is no initial visible difference between a email that would have previously needed encryption and a casual conversation, might that lead to a greater desire for the NSA to obtain and read all encrypted emails? When does more encryption actually begin to harm privacy?

6 Responses to Google Encrypts Gmail Between Data Centers

  1. I actually feel as though the encryption of all emails will ultimately lead to a greater amount of privacy for Gmail users. If the NSA continues to scan through the emails of Gmail users, yes, they won’t know which emails are which since they are all encrypted and that might lead them to collect all of them. However, they were likely doing this before the encryption of all emails began anyway, and if so, there wouldn’t actually be any greater harm to the privacy of Gmail users.

    Also, you have to think about the privacy of users from all potential threats. There are also people who might want to intercept emails that may contain the sensitive information and have negative intentions. For these people, it would have been easy to figure out which emails contained sensitive information because only those emails were encrypted. Now, they wouldn’t know so you’d be safer, as a Gmail user, because someone wouldn’t know whether or not an email has sensitive information or not. I believe Matt Curtin even said at one point that you are safest if you encrypt everything. For an analogy, say the president always rides around with the secret service, but his car is the only one that is armored to protect him. It’d be much easier to tell which car he was in. He is in greater danger. If all the cars have these protections, it is less clear which car he is in and he is therefore a little safer.

    Lastly, if you think about it from a rule utilitarian point of view, the rule would be that everybody always encrypts all emails. If everyone does this, attackers don’t know which emails contain sensitive information and therefore less sensitive information would be forcibly obtained. This leads to happier Gmail users. I believe it may be morally right to encrypt everything.

  2. I believe the NSA would like to scrape/collect any email sent, whether it be encrypted or not. It does not matter if the NSA’s desire to read encrypted emails increases. They still will not able to the read the email, because it is encrypted. Therefore, I do not believe encryption will ever begin to hurt privacy, because, in a sense, something that is encrypted is about as private as it can get. Matt Curtin said it best when he said everyone should encrypt everything, because that basically levels the playing field for everyone. That is unless a quantum computer is successfully built or someone somehow can figure out how to crack current encryption standards.

    I think this was a great move by Google, and I hope many other internet companies of the same sort will follow suit quickly. I agree wholeheartedly with Matt Curtin when he said you should encrypt everything. The basis for my agreement would follow from a Utilitarian ethical standpoint. I believe the more data/information that is encrypted, the more private and secure that data/information is. More security and privacy will seemingly only produce more happiness, whereas less security and privacy will certainly decrease happiness among people, myself included. Therefore I believe what Google did was morally right, and that it is the morally right move to encrypt everything because it will produce the most amount of happiness.

  3. Because of Google’s recent policy of encrypting messages, people’s privacy has indeed been increased. As mentioned, the NSA probably cannot read encrypted emails even if they wanted to. The only way they could access the email is by going to Google itself. I think this is a great decision by Google to better protect the privacy of its users, especially after the recent concerns that users were having regarding its privacy.

    However, this action done by Google does have the potential to decrease privacy by making the NSA “want” to read encrypted emails more. This article shows that the NSA is developing decryption programs and successfully using them on supercomputers. How viable it is for them to do this is another matter, as it may take a very long time for them to crack HTTPS or other encryption standards. Because Google now encrypts each and every email, decrypting all of a user’s email may be infeasible. Nevertheless, the use of encryption has motivated the NSA or develop better and more advanced decryption technologies. This may hurt the users’ privacy in the future.

    Another way Google’s action may have a negative affect is if the government decides to ban encryption of peoples’ emails. As learned, the government in the 1990’s classified encryption keys over 40 bits as a “weapon” and forbid it’s use. Perhaps this was so that the NSA would be able to find the encryption keys. We can see something like this happen again is the NSA becomes “frustrated” with the increased encryption which Google and other companies/individuals use. This would definitely hurt privacy, although the NSA may not want to go this far to collect information from citizens.

    Note: The article was written in September, just a few months after March 20.

  4. Encrypted or not encrypted, any message that NSA wants to read officially or unofficially, included or not included as evidence in a trial, is available to them one way or the other. Evaluate it; if one (e.g., Google) is trying to do business in some country, on the table or under it, are they going to question the regulations, official or unofficial, imposed on them by the government? These offers that are made that something is encrypted, and would not be revealed to anyone, is merely a secondary, and satisfactory illusion to ones who think that privacy exists anymore?
    If Google’s CEO Eric Schmidth told CNBC, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” (Quinn, p286) Isn’t it obvious that Google is willing to go far and beyond the written law, which is usually only written after something goes public, and isn’t avoidable on the stage on public debate? If the Google’s CEO has that ethical stance, then encryption provided by Google or no encryption provided basically mean the same thing. Only time can tell that which other communication companies are involved in selling out their customers’ privacy on the name of the dilemma between the privacy and security.

  5. When I read your question this example came to my mind:
    Imagine that you have a bike and you know that there is this person who has been stealing bikes and he is a master in stealing bike. Are you going to not lock your bike or lock it with a little lock, or are you going to get a really legit lock and try your best to stop him from stealing your bike??
    There has to be a point where we will reach and at that point, not NSA nor any other organization cannot invade your privacy — at least in the way that NSA has been doing for the past who knows how many years.
    I have to agree with Tyler Li when he said that it is going to further improve Google users’ privacy encrypting each and every email. However I disagree with the fact that government can ban some sort of encryption all of a sudden. I just think that that is not something that can be done after all these awareness that Edward Snowden brought to public’s attention.
    I think the way that we can get to some result here is to let Google encrypt anything they want as much as it is needed. This way we have the privacy that everybody is looking for. Then we have to let NSA have access to selected data as they find things out using other ways.
    I just don’t think if I am providing some service to public, others should have any access to the data stored on my servers unless there is enough evidence to show that the use of the data stored on my servers will be useful for a specific case.

  6. In all privacy topics, I expect people to understand that literally nothing in our society is private. Any person, if they wanted to know where you lived, what you do daily, where you go to school, they could literally just google your name. Currently, our society is always connected, and there is no way to be disconnected. Every device you own that can connect to the internet, and through whatever piece of software you interact through, they will always store your data, and that data is accessible by anyone who really wants it.

    I do think that encryption helps privacy, and it doesn’t undermine it. Encryption is only readable by computers that have the code to read it and that makes it a little more exclusive and private. Encryption also discourages the invasion of privacy because it creates more layers between the data and the person who wants it.