In an effort to protect its users’ privacy, Google recently decided to encrypt all information sent through Gmail, including email messages to and from our university CatMail accounts.
Google posted on its official blog that “last summer’s revelations” of extensive National Security Agency surveillance led it to amp up security. From now on, Gmail will use an HTTPS-only connection, which will encrypt messages sent or received through the email provider.
HTTPS has been optional for Google for a few years now. By switching to a default HTTPS connection, Gmail now protects information that is sent via your cell phone (as well as through laptops and tablets) and even over public Wi-Fi. It’s almost the best thing Google could do right now to increase security for all of its users.
Michele Norin, the UA’s Chief Information Officer, agrees.
“I think it’s a positive step that they’ve taken,” she said. “I have a personal Gmail account, and I think it helps ensure the privacy of the folks using the system. For the average user, that is a positive thing because most of us are pretty mobile.”
Gmail’s switch to HTTPS-only makes me feel better about the information I send online. However, there are still holes in the grand scheme of Internet privacy. Google has been using user content to better target ads. This means that it obviously still has access to user information despite the encryption, though outsiders may not.
And, unfortunately, email sent to or from a non-Gmail provider, like Hotmail or Yahoo, will not automatically be encrypted on the other end, because other companies aren’t all switching to HTTPS.
But encryption does slow down third-party access: The NSA can only search through messages and other information from email providers with permission, based on reasonable suspicion that a person in question is involved with a terrorist group. Google’s HTTPS-only default therefore keeps the NSA from pulling information from Gmail without a legitimate reason, at least through the methods that Google anticipates.
Not all email providers seem as committed to protecting privacy. Although Microsoft has criticized the NSA’s spying in the past, it has — rather hypocritically — admitted to breaking into users’ Hotmail information.
To stop a software leak in 2012, Microsoft accessed a blogger’s Hotmail account and instant messages. Instead of going through the channels to seek a warrant, it decided to rifle through what it deemed as its property, since it provided the mode of communication in the first place.
Microsoft got approval from the company’s lawyers to carry out its search, but that’s not enough justification. The company argued that a user tacitly agrees to potential “review,” or invasion of privacy, in exchange for use of its email and instant messaging systems.
After being criticized for its decisions, Microsoft recently announced that it will change its policies about accessing user information in the future. Still, it’s been more than a decade since I’ve had an account, and Microsoft’s mindset definitely makes me think twice about using Hotmail again.
We have no way of knowing what kind of relationship Google and the NSA really have, or whether Google is more motivated by the desire to protect its own privacy and autonomy than our own. But default encryption is a million times better than Microsoft’s current selective advocacy for personal privacy.
In the end, personal security is a personal responsibility. If you care about privacy, it’s important to be smart about what services you use and to know how your information is used by those services. If you don’t agree with a company’s policy, avoid giving it your information.
For optimal security, Google should continue working toward more transparency for customers and less for the NSA, but we should also take charge of protecting ourselves, and exercise caution — even if we’re only sending out something as silly as cat pictures.
— Miki Jennings is a journalism and linguistics senior. Follow her @DailyWildcat.
