PGP Gmail Encryption Helps Privacy More Than SSSL/TLS: User Password-Only Decrypt Most Secure but Also Hurts Google Ad Business
Google is improving PGP (Pretty Good Privacy) Encryption to ensure the privacy of user accounts. An employee from Google was reported by VentureBeat as saying that Google is finding ways to enhance the function of PGP with Gmail. If successful, the added functionality should allow users a significantly improved level of security for their information and prevent unauthorized third parties from peeking at email content.
However, VentureBeat was not confident about total security, since ensuring only the sender and recipient can see the email's contents could hurt Google's reputation among both users and advertising clients. From a security point of view, end-to-end encryption for Gmail where only the user's password can decrypt one's email inbox and no one else can read the contents would be easily the most secure.
The problem is that it would prevent Google's ad services from scanning emails for context clues that the company uses to guide its Gmail ads. Without a way around their own security measures, Google could only show generic advertisements rather than targeted ads automatically guided by the context of email contents, likely badly hurting their lucrative ad business. In addition, such ironclad security would depend entirely on a user's ability to keep track of their password. If it was lost, Google could not reset the password, likely frustrating many users. For both these reasons, any security update will likely leave open a way for Google to access at least some parts of a user's private information. This raises questions about how comprehensive their security improvements will be, since any additional method to read an email's contents provides another route hackers (whether criminal, governmental, or both) might be able to exploit to spy on email contents.
Although PGP in Gmail is still in its exploratory stage, it is not surprising that it will soon be implemented judging from the loud protests against the tapping of internet traffic by the NSA, which was revealed last year by Edward Snowden. Users are less likely to trust Google's email service if they do not feel it protects them from spying such as this.
SSSL/TLS is currently used by Google to transmit data through Gmail; this encryption is not as secure as PGP. Created in the early 90s by Phil Zimmerman, PGP is the most popular application of public key cryptography. It was not widely accepted even if there are open source versions available and offered free.