by a Thinker, Sailor, Blogger, Irreverent Guy from Madras

Google Making end-to-end encryption for email easier


Have you ever tried to use email encryption, also called end-to-end encryption?  I have.  And I gave it up. Six year ago.  Email encryption is one of the most secure form of communication possible today.  If everyone uses email encryption, the government agencies - US, India or others - would have their jobs cut out for them.  To put it simply, the BlackBerry Messenger is an encrypted system.  The end-to-end encryption is something, though not exactly, similar.

But till now using such end-to-end encryption has been a pain.  For one, there is no method to use encryption on webmail services.  The browsers simply do not support it, and the only extension for Firefox that I know of was unreliable.

The only secure and reliable method to use such end-to-end encryption is to opt for a desktop mail program, like Mozilla Thunderbird.  But even with Thunderbird, it mean jumping through hoops to get the encryption going - like installing GnuPG (actually GPG4Win), and preferably Enigmail extension for ease of use.

(original b&w images courtesy en.flossmanuals.net)

There was also (and will be) the problem of distributing Public Key to people who want to send you mail, and keeping secure your Private Key.  To send end-to-end encrypted mail to 'you', I will need to download and install 'your' Public Key, and vice-versa.  You should keep your Private Key safe, and use it to decrypt the encrypted mail sent by me.

In a first, Google has taken the initiative to bring the end-to-end encryption to its Chrome browser with an extension (still in alpha stage), soon to be released for the public.  While the problem of public/private keys will remain, this is the first initiative by a major web service provider to encrypt email communication.

Which raises some interesting points:
  • What is its impact going to be on crime prevention & anti-terror tactics?
  • Keeping in mind that end-to-end encryption will not mask/hide the sender or recipient, will everyone using email encryption fall under suspicion, especially in places where freedom of internet is under threat?
  • Google has been the major beneficiary in 'data harvesting' of information in emails, and using it for targeted advertising.  What will be the impact on Google's (and other such company's) bottom line?
  • What will the Govt. of India do with such user-initiated encryption?  Will they ban it outright? Or demand that everyone deposit a copy of their Private Keys to a government owned 'secure-server'?  Just recall the brouhaha we had in India with BlackBerry Messenger's secure encryption feature, and the solution arrived at.  [http://www.dailymail.co.uk/indiahome/indianews/article-2126277/No-secrets-Blackberry-Security-services-intercept-data-government-gets-way-messenger-service.html]
Interesting time indeed!

1 comment:

  1. Grateful to check out your website, I seem to be ahead to more excellent sites and I wish that you wrote more informative post for us. Well done work.

    ReplyDelete

Support - Donate

Your Blog is

Donate thro ECWID

Contact Form