SFGate: If You Send To Gmail, You Have 'No Legitimate Expectation Of Privacy'

Thu 15 August 2013

SFGate: If You Send To Gmail, You Have 'No Legitimate Expectation Of Privacy'

Not that this is really news but if you hand your message to a third-party for delivery you have no expectation of privacy.  Agree with it or not that's the way it is inside the United States.  This is why it is important for people to use end-to-end encryption (like GnuPG) to protect the contents of messages being sent through any email provider.  The same goes for using any instant messenger service, SMS, or telephone that uses a third-party provider.

This isn't anything new, really.  Ever since the telegraph was invented people have encrypted messages before handing them to a third-party for delivery.  The Engima machine was actually developed as a business tool that was later used by the German military during World War II. Businesses needed to protect their communications during transit across a third-party.  Today there isn't a person sending your message to a distant point but rather a computer system that can not only efficiently and accurately send your message across distant lands but can also make a copy of that message and share it with whomever they wish.

While it has become easier for companies to share your messages with governments and third parties it has also become easier to protect your messages with encryption.  The question now is how to make this technology easier for people to use and, perhaps more importantly, make people care about securing their messages.  This last part is probably most important.

We've been kicking the ball down the field for a while.  When Google implemented TLS encryption for its Gmail service people raved about the security measure.  Sure, what they did was important as it prevented anyone watching the network traffic between the user and Google from seeing what was happening.  But that left Google having open access to the contents of the messages being sent.  This is the case for all email providers that use TLS encryption to secure the communications between users and their servers.  Now is the time to fill that gap.  How to do that easily is still up for debate.

By Sparks, Category: Information Security

Tags: Confidentiality / Privacy / Security / email / Google / Gmail /