Gmail Moves To Protect User Data With Encrypted Datacenter Traffic
The use of the HTTPS encrypted connection means that data sent via a web browser across the internet to a web server is encrypted end to end. Whilst it may be possible to try to crack the encryption used via secure socket layer (SSL) certificates, it will be a tough job that will take considerable time.
Google's Gmail email product which includes both personal and business Gmail offerings has offered encrypted Gmail access by adding the HTTPS:// prefix instead of HTTP:// since the service first started.
Few users made the effort to use it because since moving beyond the early Mosaic and Netscape browsers, it's no longer necessary to actually type in the prefix to reach a web site. You can you just type “gmail.com” instead of “http://www.gmail.com”. However, in 2010, all Gmail logins redirected to a secure SSL version which encrypts traffic.
With the continued information releases from former intelligence contractor, Edward Snowden, it is now clear that US intelligence agencies have been finding ways to gain illicit access to communication lines around the world to listen in on traffic moving across the internet.
This knowledge was not widely known at the time. The move opened the door to the widespread collection of internet data of all kinds that were travelling across data transmission lines and through data centers.
As a result of this announcement, a number of companies including Google, Facebook and Microsoft, with Yahoo bringing up the rear as the last hold-out, chose to encrypt all forms of data within their data centers and sent between data centers so that the mass collection of data over transmission lines would prove more difficult to gain value from.
Targeted Instead of Mass Collection
The dismay over the knowledge that communications were being collected en masse led the aforementioned technology companies to protect their data and that of their users.
Data can still be collected by intercepting communications, but it's all encrypted. This makes it more of a challenge for supercomputers to attempt to decode a huge amount of data that is constantly being sent across the internet. As a result, it will become financially prohibitive to conduct such mass surveillance in the future and make it readable.
Online surveillance then has to return to focusing on specific targets to acquire intelligence about them, rather than gathering private data on everyone.
What About Other Companies?
Encryption is not a silver bullet because not every company goes to the trouble of encrypting their data centers for web traffic and also their own traffic sent between data centers.
As with most aspects of computing, the weakest link is where you run into trouble. Your information shared with a third party may be encrypted, but the third party re-sharing that same information in an unencrypted manner is the leaky bucket. With this kind of thing, you just cannot know how or where your data is being sent.
The only true security is provided by setting up your own private encryption certificates for email and other communications, then passing this information on to the receiving party so that they can access and decrypt your emails upon receipt.
As Edward Snowden pointed out at the SXSW Interactive event recently, that's presently too much effort and too complicated for most people. So we get the security we deserve in many respects, but at least big US technology companies have now stepped up to help add new layers of security that were not fully present before.