Skip to Content

A Simple Plan to Impede the NSA Is Taking Hold

More e-mail providers are using encryption, meaning messages can’t be intercepted and read by the NSA or hackers.

A year after revelations first emerged from former National Security Agency contractor Edward Snowden about mass Internet surveillance, more e-mail providers are adopting encryption, a simple change that could make it harder for spy agencies to vacuum up huge numbers of communications in transit.

In an analysis released this week, Google said 65 percent of the messages sent by Gmail users are encrypted when delivered, meaning the recipient’s provider also supports the encryption needed to establish a secure connection for transmission of the message. (Establishing a secure communication channel requires both e-mail providers to exchange encryption keys beforehand. Even if an e-mail provider tries to encrypt messages by default, messages will be sent in the clear to providers that do not support encryption.) Gmail has more than 425 million accounts worldwide and was an early adopter of e-mail encryption.

Only 50 percent of incoming messages are encrypted, Google says, but that’s up from 27 percent on December 11, 2013. And the numbers could get even better as more providers offer encryption by default to their customers. Charlie Davis, a Comcast spokesman, says the Internet service provider is working on it and plans to “gradually ramp up encryption with Gmail in the coming weeks.”

There are still significant gaps: less than 1 percent of traffic to and from Gmail from Comcast and Verizon is currently encrypted, and fewer than half of e-mails from Hotmail accounts to Gmail are encrypted.

What’s more, messages are protected only in transit—there’s nothing to stop the NSA from reading them if it gains access to an e-mail provider’s servers. Even here, though, the tide may be turning: on Tuesday Google released draft source code of a tool, called End-to-End, that would secure a message from the moment it leaves one browser to the moment it arrives at another—meaning even e-mail providers couldn’t read them as they travel between two people, because they wouldn’t have the keys needed to decrypt those messages.

Stephen Farrell, a computer scientist at Trinity College in Dublin and a member of the Internet Engineering Task Force, the group of engineers who maintain and upgrade the Internet’s protocols, says the Google data shows progress. “More e-mail is being encrypted between mail servers,” he says. “One would hope that’s a general, and good, trend.”

Embarrassed by Snowden’s revelations, many Silicon Valley giants are advertising increased use of encryption. Last month, Facebook reported that about 58 percent of the notification e-mails it sent out were encrypted from its systems to recipients’ e-mail providers.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.