Google End-to-End: The encryption silver bullet?
The world seems to be turning its attention to the notion of data encryption, and Google is the latest to jump on the bandwagon. On June 3rd, Google announced that it would be offering a Chrome extension called End-to-End that provides end-to-end encryption of email. Comcast immediately followed with an announcement that they were aggressively pursuing adding encryption to email.
The move toward encryption is driven by many factors, some logical and some emotional. I suspect that this move by Google is much more on the emotional side of the ledger, largely in response to the NSA revelations from the Edward Snowden affair. The everyday consumer’s false sense of email privacy has been shattered, prompting providers like Google to scramble to respond to this new sense of mistrust.
To those of us in the IT security business, it is easy to treat the Google announcements as marketing hype to shore up concerns over security. Their messaging leaves some questions. The Google announcements prior to June 3 speak almost entirely about data in transit, but make no mention of data at rest. Therefore, the generally accepted truth is that your emails still sit on Google servers in unencrypted form where they can be scanned to gather information that Google sells for advertising purposes.
It is important to remember that Google is not a philanthropic organization; selling advertising data is a significant component of their revenue stream. Google makes noise about protecting data in transit even between their data centers, but we need clarity on what happens when that data is at rest.
End-to-End reads like Google is closing the gaps, but this is not my first rodeo. I went to the fine print on the Google site. The product is a Google Chrome extension and will therefore require Chrome on both ends. Given that Chrome represents 40%-45% of browser usage (depends on where you pull the stats) that leaves a lot of gaps. End-to-End only enables the encryption of the email body, and not attachments. I find most sensitive data resides in attachments so I consider this a significant gap. Since mobile versions of Chrome do not support extensions, End-to-End is not supported on mobile devices.
The unanswered question is whether Google will still have access to the message body to scan for advertising purposes. Based on what I have read in the available information, the answer for that is no. I assume that Google is willing to trade what they would lose in encrypted data to retain customers in the Google ecosystem by appearing to be concerned with their email privacy. Google may also see End-to-End driving broader adoption of Chrome. More to the point is the sentiment found in a quote from the Google Online Security blog post:
“We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection.”
Google is basically betting that most people won’t use the encryption. They get the best of both worlds: the appearance of being security conscious for customers while losing minimal access to scan emails for advertising information.
Encryption may be marketing window dressing to Google, but encryption is clearly gaining momentum as the world is rapidly reacting to the three megatrends of mobility, cloud and social media. These forces have obliterated the notion of perimeter-based security as data increasingly travels and resides on untrusted networks and devices. If one can no longer rely on the security of networks, devices or applications, then securing information at the data level is a prudent and logical step. Encryption makes perfect sense.
Encryption is not hard, but encryption done well requires discipline and an understanding of how data moves. Conversely, encryption done poorly provides a false sense of security. For example, data must be encrypted at the point of origin or you are guaranteed that unprotected copies of the data will be spun off, no matter its ultimate destination.
Sharing data by definition makes the person on the other end an owner of the data unless there is some form of control applied. For example, once a recipient decrypts a message sent using End-to-End, what keeps that person from forwarding the message in unencrypted form? If the email is confidential enough to encrypt, might it also be advisable to allow the recipient to view the message but deny the right to print, copy or save the content?
The bottom line is simple: encryption is a useful tool for securing sensitive information. Subsequently, you will hear the term in increasing frequency, often with a healthy covering of hype. Google End-to-End is just the encryption silver bullet du jour and a good exercise in separating myth from reality.
The lessons are clear: beware of large ecosystem vendors bearing gifts, read the details carefully for the numerous caveats and exceptions and take a holistic view of encryption.