All messages through Google's e-mail service will be encrypted to protect
the privacy of senders and recipients, the technology giant announced this week.
Google didn't mention the National Security Agency or increasing concern about government monitoring of civilian communication and Internet use, but the announcement of automatic HTTP encryption is likely a response to recent revelations by major media organizations about U.S. domestic spying efforts.
"This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers -- something we made a top priority after last summer's revelations," said Nicolas Lidzborski, Google's Gmail security engineering lead, in a post on the company's official blog Thursday.
The New York Times in August reported that the NSA had access to "vast amounts" of Americans' e-mails and other communications, such as text messages, and routinely searched for keywords that might provide links to terrorists. Thus it would not only affect those who might have been communicating with people on government watch lists but even those who cited names and other information. The revelations came about as an apparent result of information leaked by former NSA contract employee Edward Snowden.
Hypertext Transfer Protocol Secure, or HTTPS, is a method that increases security by layering one type of protocol over another and is effective against so-called man-in-the-middle attacks because it authenticates Web sites and servers.
Lidzborksi's blog post noted the progressive level of encryption used by Google in the last few years. "Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default," he wrote.
"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers -- no matter if you're using public Wi-Fi or logging in from your computer, phone or tablet."
Google was one of the first first free e-mail providers to offer HTTPS encryption, notes Chester Wisniewski, a Canada-based senior adviser at Sophos, a cyber -security firm. "It's great that it is now being utilized for all users," he told us. But he cautioned that it is not a magic bullet.
"People must remember that this does not protect their actual e-mail messages though, it only encrypts the messages between them and Google," Wisniewski said. "The e-mails are still stored and transferred in clear text more often than not."
Google recommends additional security precautions in its blog post, such as creating strong passwords and enabling two-step verification. More hints are available at Google's Security Center.
Yahoo announced last November that it also would encrypt all e-mail as well as customer data from other services by this summer.
"Yahoo has never given access to our data centers to the NSA or to any other government agency," wrote president and CEO Marissa Mayer, in a statement at the time. "Ever. There is nothing more important to us than protecting our users' privacy."