Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Op-ed—A plea to Google: Protect our e-mail privacy

Lisa Brownlee lmbscholarly2 at
Mon Dec 17 02:25:04 PST 2012

Good luck w that! Peeing in wind but tysvm for trying!

On Sun, Dec 16, 2012 at 12:44 PM, Rebecca MacKinnon <
rebecca.mackinnon at> wrote:

> Op-ed—A plea to Google: Protect our e-mail privacy Rolling out strong
> encryption for Gmail would be a win-win situation for Google.
> by Julian Sanchez <>
>  - Dec 15 2012, 11:50am EST
> We recently learned that even the director of the CIA, David Petraeus, can’t
> seem to secure his private e-mail conversations properly<>
> , and over the past month tech commentators have responded to that
> discovery with a familiar litany of depressing advice: Privacy doesn’t
> exist online, e-mail is as public as a postcard, and don’t say anything on
> the Internet you wouldn’t want to read in the newspaper. Civil
> libertarians, meanwhile, have urged the need for legal reforms—such as a
> proposal just approved by the Senate Judiciary Committee to require police
> to get a warrant before obtaining e-mails or personal files stored in the
> cloud, which Congress is likely to consider next year.
> Yet politics, as we all know, moves much more slowly than technology. The
> courts aren’t much better: It was only in 2010 that a federal appeals court
> first ruled that the Fourth Amendment does, in fact, apply to e-mail, while
> the status of other types of digital records remains murky. Yet there is
> one company in an ideal position to dramatically increase e-mail privacy
> for hundreds of millions of users overnight, offering protection from
> malicious hackers as well as nosy governments—the same company, ironically,
> from which the FBI obtained Petraeus’ e-mail: Google.
> Back in the 1990s, so-called Cypherpunks waged a successful battle to
> loosen regulations on strong encryption software, dreaming of the day when
> the everyday communications of ordinary Internet users were protected by
> unbreakable digital locks. That vision has been only partly realized: We
> now have a vibrant and growing digital economy made possible by the routine
> encryption of commercial traffic, but routine encryption of e-mail contents
> is still largely seen as the province of geeks and paranoids, too arcane
> for the average user.
> One reason is that encryption, like the telephone or e-mail itself, is
> what economists call a network good: Its value to the individual user
> depends crucially on how many *other* people are using it. An e-mail
> account isn’t much use if you’re the only person you know who’s got one,
> and spending time figuring out how to use a suite of encryption tools only
> make sense if the people you want to write are using compatible tools.
> Moreover, encrypted communication requires a trustworthy repository of
> public keys, tied to individuals’ identities or e-mail addresses, so that
> only the true intended recipient of an encrypted message can unlock it with
> their private key.
> 425 million and counting
> Google is in an ideal position to overcome these difficulties, and finally
> make strong e-mail encryption a mass phenomenon. Their Gmail service—the
> one David Petraeus was using to exchange steamy messages with his
> biographer and lover, Paula Broadwell—has some 425 million active users by
> last count. Many of those users access the service through a Web interface,
> which Google can change and update for all users simultaneously. That means
> we could all wake up tomorrow to find a handy new “Encrypt Message” button
> included in the familiar Gmail interface we’re already using. Meanwhile,
> Google (along with Facebook) has rapidly become a kind of universal
> Internet identity provider, with the Google Account used as a key not only
> to access Google’s own myriad offerings, but many other independent online
> services as well.
> Because truly strong encryption is “end to end”—meaning the end-users
> generate, store, and have sole access to their own private encryption
> keys—a robust content encryption system may require users to have
> appropriate client software installed on their own machines. Here, too,
> Google is well positioned to provide a solution: They already make a
> widely-used browser, Chrome, and a popular operating system for mobile
> devices, Android, which could be updated with the necessary functionality
> built-in, eliminating the need for a separate browser plug-in.
> Though it often takes flak from privacy advocates, Google has a history of
> taking steps to advance user privacy: In 2010, the company activated
> HTTPS as the default protocol for Gmail users<>
> , ensuring that traffic between Google’s servers and the end-user would be
> automatically encrypted. (Facebook, another popular privacy whipping boy, followed
> suit only this year<>
> .) It also offers two-factor authentication, which helps guard against
> hackers by requiring a special code, sent by SMS to the user’s cell phone,
> whenever someone logs in from an unrecognized device. Yet because Google
> itself ultimately holds the keys to each account, these safeguards aren’t
> much use if the company’s own systems are compromised—as has already
> occurred<>
>  in a series of recent attacks<>
>  targeting Chinese dissidents—or when a government (whether that of the
> United States or some nastier regime) comes knocking with a subpoena.
> So why hasn't it already rolled out strong encryption for end users? Well,
> because Google isn’t a charity: It's a business that is able to provide an
> incredible array of free services because they can profit from serving up
> highly targeted ads, enabled by sophisticated analysis of all the data
> their users generate. As “grandfather of the Internet” Vint Cerf, now
> Google’s Chief Internet Evangelist, explained to privacy activist Chris
> Soghoian at a panel last year<>
> , “we couldn't run our system if everything in it were encrypted because
> then we wouldn't know which ads to show you.” In other words, if your
> e-mails are secured with a lock that Google itself can’t open, then it
> can’t scan your e-mails for keywords in order to show you ads for Parisian
> restaurants when you’re writing your friends about an upcoming trip to
> France.
> Fair enough: Nobody expects Google to blow up the business model that
> makes possible all the cool free stuff it offers. But precisely because it
> has expanded into such a wide range of integrated services, Google is
> hardly dependent on keyword analysis of e-mail to target ads: It can still
> use all the information gleaned from users’ search histories, social or
> location profiles, and favorite YouTube videos. Moreover, even the most
> privacy-conscious Gmail users are hardly likely to encrypt “everything”:
> The vast majority of nonsensitive messages would probably still be sent in
> the clear. Meanwhile, Google would garner enormous goodwill from privacy
> advocates, reams of free press coverage, and an attractive new selling
> point, not only for Gmail  but for Chrome and Android as well. Encryption
> would likely be a particularly appealing feature for Google’s paying
> enterprise customers, whose messages may contain information that is not
> only private but highly valuable. At the very least, it’s worth running the
> numbers again to see whether offering strong encryption might now be a net
> boon to the company’s bottom line.
> Backdoors to come?
> There is, finally, a powerful *political* reason to introduce strong
> end-to-end encryption now, beyond the obvious benefits for individual
> users. The FBI, which fears that its digital wiretaps will “go dark” as
> encrypted communications become more popular, has been quietly but
> vigorously promoting<>
>  an update to the Communications Assistance for Law Enforcement Act to
> cover providers of online communication services like Google and Skype.
> Just as phone companies have to build wiretap capability into their
> networks, they want Skype and Google to build in centralized backdoors for
> law enforcement: Strong end-to-end encryption would be out, as companies
> would be required to hold copies of the keys to all “secure” communications
> for police convenience. This myopic move would drastically reduce the
> security of everyone’s communications in the name of making it a bit easier
> to spy on a tiny handful of criminals. It’s also unlikely to do much good:
> If criminals know that Google can’t offer truly secure communications,
> there’s no way to stop them from simply employing their own unbreakable
> encryption.
> The government could still obtain the encrypted e-mails from Google, of
> course, but would need to get the key from the user in order to actually
> read them—but that's no greater burden than police have historically faced
> with an individual's private papers.
> While civil libertarians and privacy advocates are sure to resist any such
> proposal, the average Internet user, with little direct experience of truly
> secure communications, may not see what the fuss is about. It’s an iron law
> of politics: Because people are loss-averse, taking away something people
> already have and value can be all but impossible—while preventing them from
> getting it in the first place is far easier. By rolling out e-mail
> encryption now, Google can ensure that ordinary users see myopic efforts to
> regulate secure communications infrastructure as something that affects *
> all* of our privacy and security—not just that of faceless crooks or
> terrorists.
> Google has already transformed our daily lives in an astonishing variety
> of ways—from how we find information online to how we find a restaurant in
> a new city—but it has also been cast, from time to time, as a privacy
> villain in the process. Now it has an opportunity to transform how the
> public views the privacy of e-mail communications—while burnishing its own
> reputation in the process.
> --
> Rebecca MacKinnon
> Author, Consent of the Networked <>
> Co-founder, Global Voices <>
> Senior Fellow, New America Foundation <>
> Twitter: @rmack <>
> Office: +1-202-596-3343
> --
> Unsubscribe, change to digest, or change password at:


Lisa M. Brownlee, Esq.
Skype:  lisa.m.brownlee
lmbscholarly2 at
lmbcontacts at
Author's website at West Thomson
About my Law Journal Press
Facebook: Lisa M

Author of:

Intellectual Property Due Diligence in Corporate Transactions: Investment,
Risk Assessment and Management (West Thomson Reuters)

Assets & Finance: Audits and Valuation of Intellectual Property (West
Thomson Reuters)

Federal Acquisition Regulations: Intellectual Property and Related Rights
(Law Journal Press)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list