As privacy advocates celebrate the FBI’s decision to stop harassing Apple over the San Bernardino shooter’s encrypted iPhone, other tech giants seem to have finally noticed that what consumers want is privacy. But for privacy to prevail, the government must stop snooping.
With that idea in mind, Google decided to change how the game is played.
In an official Google blog update detailing new security measures for Gmail, the tech giant announced it would begin alerting consumers whenever the firm detects an account is being targeted — or rather, hacked — by government agencies or their proxies. While the company believes less than 0.1 percent of Gmail users will receive this type of warning, the idea that a tech giant is going to these lengths to give users peace of mind and privacy should give advocacy groups across the country reason to continue celebrating.
Google opened its official statement by announcing the company has a “variety of new protections” in store “that will help keep Gmail users even safer.” The idea, Google added, is to “promote email security best practices across the Internet as a whole.” As one of these efforts, Google announced improvements to its “state-sponsored attack warnings,” a system that has been in place since 2012, when Google began warning Gmail users when their accounts were being targeted by attackers tied to the government.
While these “warnings are rare,” Google noted, “we’re launching a new, full-page warning with instructions about how these users can stay safe.” The blog pointed out that “the users that receive these warnings are often activists, journalists, and policy-makers taking bold stands around the world.”
Enhancing its warning system is not the only thing Google is doing to keep users safe. According to the tech giant, its “safe browsing” notifications will also be expanded to warn users beforehand that a link they are about to open appears suspicious.
Google will also improve its email encryption securities by partnering with Comcast, Yahoo, and Microsoft.
“Google wants to further improve email encryption, and the company partnered up with Comcast, Microsoft and Yahoo to submit a draft IETF [Internet Engineering Task Force] specification for ‘SMTP Strict Transport Security.’ Essentially, Google and its partners want to make sure that encrypted email stays encrypted along its entire path from sender to recipient.”
This idea was originally explored by Google on Safer Internet Day, the day the California company introduced a new tool giving Gmail users a visual warning whenever they receive a message that hasn’t been delivered using encryption. The warning is also displayed whenever a user is about to send an email to an account whose email service provider doesn’t support TLS encryption.
While this step had a positive effect, as Google reported on its blog announcement, the company decided to go even further by partnering with other companies in order to develop a new IETF specification standard. This is intended to help companies “ensure that mail will only be delivered through encrypted channels, and that any encryption failures should be reported for further analysis, helping shine the spotlight on any malfeasance occurring around the Internet.”
The move was Google’s response to research carried out by its researchers, along with the University of Michigan and University of Illinois. According to researchers’ findings, “misconfigured or malicious parts of the Internet can still tamper with email encryption.” That created the necessity for further action in order to protect Gmail users.