<p>Recently, Google released the source code for a new extension to its Chrome browser that will make it a lot easier for users to encrypt their email.<br /><br /></p>.<p> The tool, called End-to-End, uses an open-source encryption standard, OpenPGP, that will allow users to encrypt their email from the time it leaves their web browser until it is decrypted by the intended recipient. It will also allow users to easily read encrypted messages sent to their web mail service. The tool will require that users and their recipients use End-to-End or another encryption tool to send and read the contents.<br /><br />This could be a major blow to the NSA. Despite numerous cryptographic advances over the past 20 years, end-to-end email encryption like PGP and GnuPG is still remarkably labour-intensive and require a great deal of technical expertise. User mistakes — not errors in the actual cryptography — often benefited the NSA in its decade-long effort to foil encryption.<br /><br />“It’s important that the government not overstep,” Eric Grosse, Google’s chief of security, said in an interview last week. “We don’t want any government breaking the security of the Internet.”<br /><br />Google’s new tool may make the NSA and other intelligence agencies’ jobs more difficult. While end-to-end encryption does not eliminate the potential for an attacker or government agency to read a target’s messages, it forces them to hack directly into their computer to read messages rather than catching them in transit, or gathering them through a secret court order to their communications provider.<br /><br />Speaking by videoconference at the South by Southwest conference in Austin, Tex., this year, Edward J. Snowden, the former N.S.A. contractor, challenged technologists to offer easier end-to-end encryption, saying it would result in a “more constitutional, more carefully overseen enforcement model.”<br /><br />Until now, technology companies have been hesitant to provide end-to-end encryption because it excludes companies like Google and Yahoo from gathering data from messages that can be sold for targeted advertising. None of the major technology providers have signed on to Dark Mail Alliance that offered a new end-to-end encrypted email protocol.<br /><br />Privacy activists have criticised Google and other companies for not supporting end-to-end encryption sooner. “Google wants to sit between you and everyone you interact with and provide some kind of added value,” Christopher Soghoian, the principal technologist of the American Civil Liberties Union, said on the SXSW panel with Snowden. ”They want to be in that connection with you, and that makes it difficult to secure those connections.”<br /><br />But Google’s announcement showed that the company has heard those concerns. “We recognise that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection,” Stephan Somogyi, a Google privacy and security product manager, wrote in a company blog post. “But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.”<br /></p>
<p>Recently, Google released the source code for a new extension to its Chrome browser that will make it a lot easier for users to encrypt their email.<br /><br /></p>.<p> The tool, called End-to-End, uses an open-source encryption standard, OpenPGP, that will allow users to encrypt their email from the time it leaves their web browser until it is decrypted by the intended recipient. It will also allow users to easily read encrypted messages sent to their web mail service. The tool will require that users and their recipients use End-to-End or another encryption tool to send and read the contents.<br /><br />This could be a major blow to the NSA. Despite numerous cryptographic advances over the past 20 years, end-to-end email encryption like PGP and GnuPG is still remarkably labour-intensive and require a great deal of technical expertise. User mistakes — not errors in the actual cryptography — often benefited the NSA in its decade-long effort to foil encryption.<br /><br />“It’s important that the government not overstep,” Eric Grosse, Google’s chief of security, said in an interview last week. “We don’t want any government breaking the security of the Internet.”<br /><br />Google’s new tool may make the NSA and other intelligence agencies’ jobs more difficult. While end-to-end encryption does not eliminate the potential for an attacker or government agency to read a target’s messages, it forces them to hack directly into their computer to read messages rather than catching them in transit, or gathering them through a secret court order to their communications provider.<br /><br />Speaking by videoconference at the South by Southwest conference in Austin, Tex., this year, Edward J. Snowden, the former N.S.A. contractor, challenged technologists to offer easier end-to-end encryption, saying it would result in a “more constitutional, more carefully overseen enforcement model.”<br /><br />Until now, technology companies have been hesitant to provide end-to-end encryption because it excludes companies like Google and Yahoo from gathering data from messages that can be sold for targeted advertising. None of the major technology providers have signed on to Dark Mail Alliance that offered a new end-to-end encrypted email protocol.<br /><br />Privacy activists have criticised Google and other companies for not supporting end-to-end encryption sooner. “Google wants to sit between you and everyone you interact with and provide some kind of added value,” Christopher Soghoian, the principal technologist of the American Civil Liberties Union, said on the SXSW panel with Snowden. ”They want to be in that connection with you, and that makes it difficult to secure those connections.”<br /><br />But Google’s announcement showed that the company has heard those concerns. “We recognise that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection,” Stephan Somogyi, a Google privacy and security product manager, wrote in a company blog post. “But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.”<br /></p>
