[liberationtech] Op-ed—A plea to Google: Protect our e-mail privacy

Sun Dec 16 10:44:13 PST 2012

http://arstechnica.com/tech-policy/2012/12/op-ed-a-plea-to-google-protect-our-e-mail-privacy/

Op-ed—A plea to Google: Protect our e-mail privacy Rolling out strong
encryption for Gmail would be a win-win situation for Google.

by Julian Sanchez <http://arstechnica.com/author/julian-sanchez/>

 - Dec 15 2012, 11:50am EST

We recently learned that even the director of the CIA, David Petraeus, can’t
seem to secure his private e-mail conversations
properly<http://www.nytimes.com/2012/11/17/technology/trying-to-keep-your-e-mails-secret-when-the-cia-chief-couldnt.html>

, and over the past month tech commentators have responded to that
discovery with a familiar litany of depressing advice: Privacy doesn’t
exist online, e-mail is as public as a postcard, and don’t say anything on
the Internet you wouldn’t want to read in the newspaper. Civil
libertarians, meanwhile, have urged the need for legal reforms—such as a
proposal just approved by the Senate Judiciary Committee to require police
to get a warrant before obtaining e-mails or personal files stored in the
cloud, which Congress is likely to consider next year.

Yet politics, as we all know, moves much more slowly than technology. The
courts aren’t much better: It was only in 2010 that a federal appeals court
first ruled that the Fourth Amendment does, in fact, apply to e-mail, while
the status of other types of digital records remains murky. Yet there is
one company in an ideal position to dramatically increase e-mail privacy
for hundreds of millions of users overnight, offering protection from
malicious hackers as well as nosy governments—the same company, ironically,
from which the FBI obtained Petraeus’ e-mail: Google.

Back in the 1990s, so-called Cypherpunks waged a successful battle to
loosen regulations on strong encryption software, dreaming of the day when
the everyday communications of ordinary Internet users were protected by
unbreakable digital locks. That vision has been only partly realized: We
now have a vibrant and growing digital economy made possible by the routine
encryption of commercial traffic, but routine encryption of e-mail contents
is still largely seen as the province of geeks and paranoids, too arcane
for the average user.

One reason is that encryption, like the telephone or e-mail itself, is what
economists call a network good: Its value to the individual user depends
crucially on how many *other* people are using it. An e-mail account isn’t
much use if you’re the only person you know who’s got one, and spending
time figuring out how to use a suite of encryption tools only make sense if
the people you want to write are using compatible tools. Moreover,
encrypted communication requires a trustworthy repository of public keys,
tied to individuals’ identities or e-mail addresses, so that only the true
intended recipient of an encrypted message can unlock it with their private
key.
425 million and counting

Google is in an ideal position to overcome these difficulties, and finally
make strong e-mail encryption a mass phenomenon. Their Gmail service—the
one David Petraeus was using to exchange steamy messages with his
biographer and lover, Paula Broadwell—has some 425 million active users by
last count. Many of those users access the service through a Web interface,
which Google can change and update for all users simultaneously. That means
we could all wake up tomorrow to find a handy new “Encrypt Message” button
included in the familiar Gmail interface we’re already using. Meanwhile,
Google (along with Facebook) has rapidly become a kind of universal
Internet identity provider, with the Google Account used as a key not only
to access Google’s own myriad offerings, but many other independent online
services as well.

Because truly strong encryption is “end to end”—meaning the end-users
generate, store, and have sole access to their own private encryption
keys—a robust content encryption system may require users to have
appropriate client software installed on their own machines. Here, too,
Google is well positioned to provide a solution: They already make a
widely-used browser, Chrome, and a popular operating system for mobile
devices, Android, which could be updated with the necessary functionality
built-in, eliminating the need for a separate browser plug-in.

Though it often takes flak from privacy advocates, Google has a history of
taking steps to advance user privacy: In 2010, the company activated HTTPS
as the default protocol for Gmail
users<http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html>

, ensuring that traffic between Google’s servers and the end-user would be
automatically encrypted. (Facebook, another popular privacy whipping
boy, followed
suit only this year<http://www.computerworld.com/s/article/9233897/Facebook_to_roll_out_HTTPS_by_default_to_all_users>

.) It also offers two-factor authentication, which helps guard against
hackers by requiring a special code, sent by SMS to the user’s cell phone,
whenever someone logs in from an unrecognized device. Yet because Google
itself ultimately holds the keys to each account, these safeguards aren’t
much use if the company’s own systems are compromised—as has already
occurred<http://arstechnica.com/tech-policy/2010/01/furious-google-throws-down-gauntlet-to-china-over-censorship/>

 in a series of recent
attacks<http://online.wsj.com/article/SB10001424052702303657404576359770243517568.html>

 targeting Chinese dissidents—or when a government (whether that of the
United States or some nastier regime) comes knocking with a subpoena.

So why hasn't it already rolled out strong encryption for end users? Well,
because Google isn’t a charity: It's a business that is able to provide an
incredible array of free services because they can profit from serving up
highly targeted ads, enabled by sophisticated analysis of all the data
their users generate. As “grandfather of the Internet” Vint Cerf, now
Google’s Chief Internet Evangelist, explained to privacy activist Chris
Soghoian at a panel last
year<http://paranoia.dubfire.net/2011/11/two-honest-google-employees-our.html>

, “we couldn't run our system if everything in it were encrypted because
then we wouldn't know which ads to show you.” In other words, if your
e-mails are secured with a lock that Google itself can’t open, then it
can’t scan your e-mails for keywords in order to show you ads for Parisian
restaurants when you’re writing your friends about an upcoming trip to
France.

Fair enough: Nobody expects Google to blow up the business model that makes
possible all the cool free stuff it offers. But precisely because it
has expanded into such a wide range of integrated services, Google is
hardly dependent on keyword analysis of e-mail to target ads: It can still
use all the information gleaned from users’ search histories, social or
location profiles, and favorite YouTube videos. Moreover, even the most
privacy-conscious Gmail users are hardly likely to encrypt “everything”:
The vast majority of nonsensitive messages would probably still be sent in
the clear. Meanwhile, Google would garner enormous goodwill from privacy
advocates, reams of free press coverage, and an attractive new selling
point, not only for Gmail  but for Chrome and Android as well. Encryption
would likely be a particularly appealing feature for Google’s paying
enterprise customers, whose messages may contain information that is not
only private but highly valuable. At the very least, it’s worth running the
numbers again to see whether offering strong encryption might now be a net
boon to the company’s bottom line.
Backdoors to come?

There is, finally, a powerful *political* reason to introduce strong
end-to-end encryption now, beyond the obvious benefits for individual
users. The FBI, which fears that its digital wiretaps will “go dark” as
encrypted communications become more popular, has been quietly but
vigorously promoting<http://news.cnet.com/8301-1009_3-57428067-83/fbi-we-need-wiretap-ready-web-sites-now/>

 an update to the Communications Assistance for Law Enforcement Act to
cover providers of online communication services like Google and Skype.
Just as phone companies have to build wiretap capability into their
networks, they want Skype and Google to build in centralized backdoors for
law enforcement: Strong end-to-end encryption would be out, as companies
would be required to hold copies of the keys to all “secure” communications
for police convenience. This myopic move would drastically reduce the
security of everyone’s communications in the name of making it a bit easier
to spy on a tiny handful of criminals. It’s also unlikely to do much good:
If criminals know that Google can’t offer truly secure communications,
there’s no way to stop them from simply employing their own unbreakable
encryption.

The government could still obtain the encrypted e-mails from Google, of
course, but would need to get the key from the user in order to actually
read them—but that's no greater burden than police have historically faced
with an individual's private papers.

While civil libertarians and privacy advocates are sure to resist any such
proposal, the average Internet user, with little direct experience of truly
secure communications, may not see what the fuss is about. It’s an iron law
of politics: Because people are loss-averse, taking away something people
already have and value can be all but impossible—while preventing them from
getting it in the first place is far easier. By rolling out e-mail
encryption now, Google can ensure that ordinary users see myopic efforts to
regulate secure communications infrastructure as something that affects *all
* of our privacy and security—not just that of faceless crooks or
terrorists.

Google has already transformed our daily lives in an astonishing variety of
ways—from how we find information online to how we find a restaurant in a
new city—but it has also been cast, from time to time, as a privacy villain
in the process. Now it has an opportunity to transform how the public views
the privacy of e-mail communications—while burnishing its own reputation in
the process.

-- 
Rebecca MacKinnon
Author, Consent of the Networked <http://consentofthenetworked.com/>

Co-founder, Global Voices <http://globalvoicesonline.org/>

Senior Fellow, New America Foundation <http://newamerica.net/user/303>

Twitter: @rmack <http://twitter.com/rmack>

Office: +1-202-596-3343
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121216/a9b34ed5/attachment.html>