Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

A year after revelations first emerged from former National Security Agency contractor Edward Snowden about mass Internet surveillance, more e-mail providers are adopting encryption, a simple change that could make it harder for spy agencies to vacuum up huge numbers of communications in transit.

In an analysis released this week, Google said 65 percent of the messages sent by Gmail users are encrypted when delivered, meaning the recipient’s provider also supports the encryption needed to establish a secure connection for transmission of the message. (Establishing a secure communication channel requires both e-mail providers to exchange encryption keys beforehand. Even if an e-mail provider tries to encrypt messages by default, messages will be sent in the clear to providers that do not support encryption.) Gmail has more than 425 million accounts worldwide and was an early adopter of e-mail encryption.

Only 50 percent of incoming messages are encrypted, Google says, but that’s up from 27 percent on December 11, 2013. And the numbers could get even better as more providers offer encryption by default to their customers. Charlie Davis, a Comcast spokesman, says the Internet service provider is working on it and plans to “gradually ramp up encryption with Gmail in the coming weeks.”

There are still significant gaps: less than 1 percent of traffic to and from Gmail from Comcast and Verizon is currently encrypted, and fewer than half of e-mails from Hotmail accounts to Gmail are encrypted.

What’s more, messages are protected only in transit—there’s nothing to stop the NSA from reading them if it gains access to an e-mail provider’s servers. Even here, though, the tide may be turning: on Tuesday Google released draft source code of a tool, called End-to-End, that would secure a message from the moment it leaves one browser to the moment it arrives at another—meaning even e-mail providers couldn’t read them as they travel between two people, because they wouldn’t have the keys needed to decrypt those messages.

Stephen Farrell, a computer scientist at Trinity College in Dublin and a member of the Internet Engineering Task Force, the group of engineers who maintain and upgrade the Internet’s protocols, says the Google data shows progress. “More e-mail is being encrypted between mail servers,” he says. “One would hope that’s a general, and good, trend.”

Embarrassed by Snowden’s revelations, many Silicon Valley giants are advertising increased use of encryption. Last month, Facebook reported that about 58 percent of the notification e-mails it sent out were encrypted from its systems to recipients’ e-mail providers.

Hear more from Google at EmTech 2014.

Register today

5 comments. Share your thoughts »

Tagged: Computing, Communications, Web, Mobile, Google, Facebook, encryption, Verizon, Comcast, IETF

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me