Ever since former National Security Agency contractor Edward Snowden began leaking government documents, it’s become clear that our email is not safe from the U.S. government’s alarmingly robust surveillance system. So clear, in fact, that Snowden called on technologists to develop more sophisticated encryption systems when he appeared before an audience via livestream at Austin’s South by Southwest festival in March.
Today, Google took a step toward answering that call, releasing the source code for a new Chrome browser extension that will make it much easier for you to encrypt your email. The tool, dubbed End-to-End, uses something called OpenPGP (an industry standard for encryption) that will allow you to protect your email from the time it leaves your browser to when it’s decrypted by your intended recipient. Shortly after Google’s announcement, the nation’s largest Internet provider, Comcast, announced that it, too, would begin scrambling its customers emails.
But email encryption is still by no means a mainstream product. End-to-End will require that both you and the person you’re communicating with are using End-to-End, or some other kind of encryption tool. Comcast has yet to announce a similar tool that’s accessible to the public, but a company spokesman told the Wall Street Journal that it’s testing encryption and would begin rolling it out for customer emails “within a matter of weeks.”
Below, a complete guide to understanding what the heck this whole thing is about and why you might want to use it.
What does it mean to encrypt an email?
Basically, it means you’re adding an extra layer of security that protects the content of your email from being read by anyone for which it’s not intended. Encryption is meant to protect your messages as they move from Point A to Point B, so no one — not even your email provider — can see their content.
How does it work?
There are a variety of different methods you can use to encrypt an email. But let’s focus specifically on OpenPGP, which is what Google has chosen to power its End-to-End tool.
PGP is short for Pretty Good Privacy. PGP was developed by a guy named Phil Zimmermann in 1991. It uses a series of steps to secure data before it’s sent out to another person. Think of it as using a series of personalized, impossible-to-duplicate keys that can only be used in one particular circumstance and never again.
It’s called OpenPGP because, like many other security algorithms (including SSL, which had a major flaw that became known as theHeartBleed bug), nobody owns it. It’s mostly run by something called the OpenPGP Working Group, which fields volunteers and works with companies to keep the email encryption methods safe and up to date.
How do I use it?
You can’t use it quite yet, as Google just released the End-to-End extension code today, so that other developers can test it, evaluate it, and suss out any bugs that might make it less secure.
Email encryption tools have been around for a while, but none are truly consumer friendly. They often require that anyone who uses them have a good amount of technical knowledge. They also require some preparation from both you and your recipient. In other words, ensuring that your emails are truly safe from spying involves more than simply clicking Send.
Google hasn’t officially premiered this tool in the Chrome store, so there’s no way for us to give you a full rundown of how to use it. But wecan tell you that, in order for it to work, the person receiving your encrypted email will also have to be using End-to-End or another encryption service like GnuPG or Mailvelope with similar PGP functionality to open it. If someone uses an older version of an encryption service, or none at all, then the recipient would just get an email full of gibberish code.