August 12, 2014
Rivals Yahoo And Google In Joint Email Encryption Venture
Eric Hopton for redOrbit.com - Your Universe Online
Two tech world giants - Yahoo and Google - have put rivalry aside in an attempt to introduce a new joint email encryption system. With over 600 million unique email users between them, the two companies have a huge share of the global market and the ability to offer enhanced encryption will help cement their positions as leaders in the field. They are planning to have the new system up and running by next year.
For the new system to be successful it will need to offer greatly improved security and be user-friendly without the normal complexity and clumsiness of current encryption methods. Google and Yahoo believe they have the answer. The new tool will be an optional add-on with users able to turn it on and off at will.
As Stephanie Mlot of UK’s PCMag reports, the announcement of the joint venture was made by Yahoo’s Chief Information Security Officer Alex Stamos at this year’s Black Hat security conference held in Las Vegas.
In the post-Snowden world Google has already beefed up its email security with new measures to enhance protection. Earlier this year the company announced that Gmail would be using encrypted HTTPS connection for all mail, replacing the less secure HTTP. HTTPS was always an option, but was turned on for everyone in 2010; however the option could be turned off. This option was removed in March. Google claimed that improvements to HTTPS had overcome initial objections that the system was slower than HTTP. The company followed this up with the launch of a trial of its End-to-End encryption tool extension. When End-to-End is up and running it will provide the option of an extra level of security for highly sensitive messages.
As Danny Yadron writes in his Wall Street Journal blog, the proposed Google/Yahoo tool will use existing “Pretty Good Privacy” (PGP) technology. Traditional email services depend on web companies holding users’ passwords and other security and identification data on their own servers. PGP, however, “relies on each user having their own encryption key stored on their laptops, tablets and smartphones.”
There are important legal implications for the PGP option. In the past the US courts have been able to force webmail companies into handing over their encryption keys – most notably in the case of Lavabit, Snowden’s own email provider at the time of his leaks.
Yadron points out that the new encryption method promised by Google and Yahoo would enable them to “argue that they don’t have the keys for their encryption service.” If that looks like it's leading to the next government versus the internet industry battle, then it seems that Yahoo at least is up for the fight. As Stamos puts it, Yahoo is a “publicly traded multibillion dollar company with an army of lawyers who would love to take this argument all the way to the Supreme Court.”
Shop Amazon - Find the Value of Your Gadgets