Over the weekend, I had a piece at Ars Technica urging Google to roll out end-to-end encryption for Gmail, allowing hundreds of millions of ordinary users to enjoy the level of privacy now largely reserved for paranoid ubergeeks. I tried to address some of the obvious economic reasons Google might be hesitant to do this, but as Princeton’s Ed Felten points out, there are important technical questions as well:
First, how would the crypto keys and crypto code be managed? […] To start with, we would need a place to store your private key. We could store it on your desktop, but this would conflict with the usual cloud model that gives you access from multiple devices. We could have Google store your private key for you, then download it to whatever device you’re using at the moment, but then what’s the point of encrypting your messages against Google? The best solution is to have Google store your private key, but encrypt your private key using a password that only you know. Then Google would download your encrypted private key to your device, you would enter your password, and the private key would be decrypted on the device.
This is pretty much how I’d imagined it working for the average user, but there’s no real reason we need a one-size-fits-all solution here; lots of cloud services that offer encryption let the user choose whether or not to let the provider keep a backup copy of the user’s keys. The more paranoid could sacrifice some mobility and convenience—and risk losing access to some of their messages if their local copies of the key are destroyed—by opting not to let Google keep even an encrypted copy of their key. Or, as a middle ground, a user could always store an encrypted backup copy of her key with a different cloud provider, like Dropbox, which need not even be known to Google. That provides all of the advantages of storing the key with Google at a relatively minor cost in added hassle, but substantially raises costs for any attacker, who now must not only crack the passphrase protecting the key, but figure out where in the cloud that key is located. Assuming it’s accessed relatively infrequently (most of us read our e-mail on the same handful of devices most of the time) even a governmental attacker with subpoena power and access to IP logs is likely to be stymied, especially if the user is also employing traffic-masking tools like Tor
The next problem we would have to solve is how to do cryptography in the browser. A service like GMail has to run on lots of different devices with differently abled browsers. Presumably the cryptographic operations–including time-consuming public-key crypto operations–would have to be done in the browser, using the browser’s Javascript engine, which will be slow. It would be nice if there were a standardized API for in-browser crypto, but that doesn’t exist yet, and even when it does exist it will take a long time to be deployed so widely that a public service like GMail can rely in it being present on all devices.
What is most problematic is that the software code to do all of this–to manage your keys, decrypt messages, and so on–would itself be written and delivered by Google, which means that Google would, after all, have the ability to see your messages, simply by sending you code that silently uploaded your keys and/or data. So if your goal is to make it impossible for Google to see your messages, for the protection of you and/or Google, then you won’t have achieved that goal. […] The only solution we know is to acquire the secure functionality by a traditional download, incorporating carefully vetted code that cannot be modified or updated without user control. The code might be provided as a standalone app, or as a browser extension. We could do that for GMail (and at least one company has done it), but that would give up some of the portability that makes the cloud email attractive.
I think the speed issue is probably not that big a deal on newish devices, and will only become less of an issue, but for some of the other reasons Ed cites, the preferable way to do this is with dedicated client software. This does create some sacrifice in terms of portability, but frankly if you’re really concerned about secure communications you probably don’t want to be decrypting your sensitive messages on untrusted devices anyway. Also, as I note in the piece, this is where Google has an advantage as the distributor of a widely-used open source operating system and browser. The relevant functionality could come bundled with Chrome and/or Android (and serve as a selling point for both) as well as being offered as a separate plugin for other browsers (or bundled with Google’s widely-installed voice/video chat plugin). Users could still, of course, access their unencrypted webmail from any old browser, but one imagines that if Google leads the way, other developers will have a strong incentive to make their own software compatible.
The second major issue is how to keep messages secret while still providing GMail features that rely on Google seeing your messages. These features include spam filtering (which you couldn’t live without) and the content-based ads that Google shows next to your messages (which Google probably wouldn’t want to live without). Can these be provided without leaking the full content of messages to Google? I suspect the answer is a qualified yes–that pretty good versions of these features could be provided in a more privacy-friendly way–but that’s a topic for another day.
Add to these issues that encrypted messages won’t be searchable (unless stored locally as plaintext), which is a bit of an inconvenience, but probably not a dealbreaker. You can probably still do a good deal of spam filtering just using metadata, and it helps that most users will generally be trading encrypted messages with friends and contacts. Users might even elect to only get such messages from “buddies,” whitelisted addresses, or (more permissively) other Gmail users, which would make encrypted e-mail within the service a little bit more akin to Facebook or Gchat messaging. At least initially, it probably makes sense to have this be the default, and users who really need to get encrypted messages from random, unapproved senders they’ve never interacted with before can tweak their settings to let those messages through.
As for content ads, well, that’s the million dollar question—and as Vint Cerf has candidly acknowledged, a primary reason Google hasn’t already done this. My answer here is the same as it was in the article: First, most people are still going to exchange a lot of unencrypted messages, and Google can still serve keyword ads based on those. Second, Google recently revised its policies to allow sharing of user information between its disparate services, provoking some grumbles from privacy folks. That means they’ve got a hell of a lot of other data to draw on in determining what ads are likely to be relevant to a particular e-mail user, from search history to favorite YouTubes, which I’d actually expect to be substantially more useful for tailoring ads than e-mail keywords. Also, at least initially, using the encryption feature will probably mean logging directly into your Google account via their Web interface (where Google gets to show you ads) rather than simply reading your messages in an ordinary mail client (where they don’t). So the loss of one kind of targeting data from some messages has to be balanced against the probable increase in ad exposures. It’s up to Google’s accountants to figure out how that all nets out, but these considerations seem like a good prima facie reason to at least run the numbers if they haven’t done it recently.
23 responses so far ↓
1 Why Google Should Encrypt Our Email – It's kGeekTime // Dec 19, 2012 at 6:08 am
[…] responds by noting that these are not insurmountable issues. The management of the crypto keys could be handled by Google if people are okay with it, or […]
2 – Why Google Should Encrypt Our Email // Dec 19, 2012 at 9:51 am
[…] responds by noting that these are not insurmountable issues. The management of the crypto keys could be handled by Google if people are okay with it, or […]
3 charlie jernigan // Dec 19, 2012 at 11:06 am
For me, the potential impact on searching my mailbox may very well be a deal breaker unless handled very carefully.
4 Julian Sanchez // Dec 19, 2012 at 12:06 pm
It’s not like you have to use it.
5 Cynic // Aug 18, 2013 at 11:12 am
Have we not forgotten what happened to Hushmail? They professed an email service in which they claimed that they had no access to your email. If I remember correctly, they were basically served a court order requiring them to modify the applet they served to a particular user, which gave them access to the key. In order to be truly secure, any encryption needs to be done OUTSIDE of Google. Period.
6 Kathrin // Sep 24, 2013 at 4:58 pm
Snuggled in private lounges and astounding Ocean-View Staterooms are senior citizen age 65 great diners, where couples can
take advantage is booking an exhilarating Asian cruise deal
is one overwhelming choice for vacationers who book a room for themselves.
The more of those activity based connections that a person will not be the only way to find the right options for them.
DeNiro, who will be 67 in mid August, somehow doesn’t fit the characterization of senior citizen.
7 mobile app design // Sep 29, 2013 at 11:13 pm
I just couldn’t leave your website prior to suggesting that I
really enjoyed the standard information a person supply to your guests?
Is gonna be again incessantly in order to check out new
posts
8 libertarien // Jan 23, 2014 at 3:24 pm
of course the album Satanic Requiem by the band Sewer has been elected better than Madonna Rihanna and Beyonce
libertarien http://armorgames.com/user/libertari11
9 Garland // Apr 18, 2014 at 9:32 pm
I rarely comment, however i did a few searching and wound up here Encrypting Google:
A Quick Reply to Ed Felten. And I actually do have 2 questions for you if
it’s allright. Is it only me or does it seem like some
of these remarks appear like left by brain dead
visitors? 😛 And, if you are writing at other social sites, I would like to keep up with anything fresh
you have to post. Would you make a list of the complete urls of all your
communal pages like your Facebook page, twitter feed, or linkedin profile?
Have a look at my site; camfrog pro hack (Garland)
10 hypnotherapy adelaide // Aug 25, 2014 at 1:35 pm
I’ve been exploring for a little for any high-quality articles or blog posts in this sort of area . Exploring in Yahoo I ultimately stumbled upon this website. Studying this information So i’m satisfied to express that I’ve a very good uncanny feeling I came upon just what I needed. I most undoubtedly will make sure to don?t fail to remember this site and give it a look regularly.
11 Louis Vuitton Handbags // Oct 4, 2014 at 8:56 am
Excellent beat ! I wish to apprentice while you amend your
web site, how could i subscribe for a blog site?
The account aided me a acceptable deal. I had been a little bit acquainted of this your
broadcast offered bright clear idea
12 emmanuel.wisewould@susurl.com // Oct 8, 2014 at 8:20 pm
What’s up everybody, here every one is sharing these experience,
so it’s good to read this website, and I used to
pay a visit this blog everyday.
13 opalenizna.infomakijaz.pl // Jan 6, 2015 at 3:09 am
I’m not sure why but this web site is loading incredibly
slow for me. Is anyone else having this problem or is it a problem on my end?
I’ll check back later on and see if the problem still
exists.
14 Gabriel // Jan 19, 2015 at 5:31 am
If God did not already put someone in your spirit and on your heart that needs to read this uplifting message from above, simply ask
your Heavenly Father who to bless on today. It is
very important to get your website search engine optimized.
Millions of websites have fallen down from their rankings, after the Penguin update launched on 24th April 2012.
15 salvatore ferragamo sale // Jan 24, 2015 at 7:10 pm
Hello! I’ve been following your web site for a while now and finally got the courage to go ahead and give you a shout out
from Humble Texas! Just wanted to tell you keep up the great job!
salvatore ferragamo sale
16 gagner de l'argent en bourse rapidement // Feb 13, 2015 at 2:34 am
Le taux de ch. mage us a rassuré les opérateurs permettant au
dow jones de tenir ses supports
17 clash of lords 2 // Feb 16, 2015 at 10:15 am
(Brad proceeds to place an overgenerous heaping forkful of
the undercooked green goo in his mouth. Also, the four
members of the League we see in this episode
are Superman, Batman, Wonder Woman and Aquaman, the same
four DC heroes that were most prominently featured on Superfriends.
‘Society is a concept that literally starts at home.
18 free movies online 2015 // Apr 9, 2015 at 10:25 pm
I ϳust could not depart your website priߋr to suggestiung
thazt I actually enjoyed the standarԁ information a person supply on your visitors?
Is going to be bacқ often to investigate cross-cheϲk neww posts
My blo post – free movies online 2015
19 รถมือสอง // Apr 11, 2015 at 8:03 am
whoah this blog is excellent i like reading your
articles. Keep up the good work! You know, lots of people are searching around for this info,
you can help them greatly.
20 Web Design Company // May 17, 2016 at 7:26 am
I just couldn’t leave your website prior to suggesting that I
really enjoyed the standard information a person supply to your guests?
21 designer heels // Jun 18, 2016 at 8:35 pm
What’s up, after reading this amazing paragraph i am too delighted
to share my experience here with mates.
22 RobertSOp // Jan 22, 2018 at 5:35 am
Chcesz wyślesz i prosto przesylki do Polski
23 Sewa Mobil Purwokerto // Apr 30, 2018 at 11:16 am
hadir