Google yesterday announced a new service that should be called Encryption for Dummies. You’ve read or watched the daily stream of news on the depredations of cyber criminals and the U.S. government’s ubiquitous spying programs, and maybe you’re concerned that you’re not the only one reading your e-mails. Google has read your mind (or maybe your e-mails) and has a solution to offer.
Officially named End-to-End, it’s an extension to the company’s Chrome Web browser that will encrypt your messages until they get to the intended recipient and ensure that what’s sent to you stays encrypted until you decode it. Google’s innovation isn’t in encryption but in making it easier for the masses to use.
“While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use,” the official Google blog post says. “To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools.”
Yesterday’s announcement was something of a soft launch. Google released the source code, with an open call for “the community”—the nondummies out there—to test it out and hopefully report any flaws they find. Then it gets rolled out as something you or I can download and plug in.
As Google noted in a separate post yesterday, sending an e-mail without any encryption is the digital version of putting a postcard in the mail. If you want your message to be private, you seal it in an envelope. Gmail already uses something called Transport Layer Security (TLS) to scramble inbound and outbound messages automatically. But that doesn’t really protect your messages unless the system on the other side is doing the same thing, which it isn’t between 40 percent and 50 percent of the time, according to Google’s data.
As one comment on Google’s post puts it: “with all the breaches and leaks and hacks, it feels almost like this is closing the barn door after the horse has bolted.”
There’s something to that point. If you’re worried about the NSA and the government invading your privacy, this isn’t going to mean much to you, since, as we now know, Google hands a lot of stuff over to the government. Still, let’s call it a step in the right direction.