Google encrypts Gmail between data centers

[techbeck]

Google just announced that as of today, Gmail is more secure than ever before. And the company isn't hiding the fact that it's actively trying to stop the government from spying on your email activity. Google says that Gmail will now use a secure HTTPS connection whenever you check or send email, regardless of where you're accessing Gmail from ? be it your home network or public Wi-Fi ? or what device you're using. Google made HTTPS encryption the default for its users back in 2010, but it's continually making improvements wherever possible to keep out prying eyes.

 

As an added barrier between you and the NSA, Google is making another change: every single email message Gmail users send or receive will now be encrypted as it moves internally between the company's data centers. That would seem to defeat a popular strategy of the NSA, which involves the agency intercepting email messages as they move between data centers and servers. Google says this change became "a top priority after last summer?s revelations" from former NSA contractor Edward Snowden.

 

"Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail?s servers ? no matter if you're using public WiFi or logging in from your computer, phone or tablet," said Nicolas Lidzborski, who leads Gmail's security engineering. "As you go about your day reading, writing, and checking messages, there are tons of security measures running behind the scenes to keep your email safe, secure, and there whenever you need it."

 

http://www.theverge.com/2014/3/20/5530072/google-encrypts-gmail-between-data-centers-to-keep-out-nsa

 

What Google's site says....

 

Posted by Nicolas Lidzborski, Gmail Security Engineering Lead

Cross-posted on the Official Google Blog

Your email is important to you, and making sure it stays safe and always available is important to us. As you go about your day reading, writing, and checking messages, there are tons of security measures running behind the scenes to keep your email safe, secure, and there whenever you need it.

Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail?s servers?no matter if you're using public WiFi or logging in from your computer, phone or tablet.

In addition, every single email message you send or receive?100% of them?is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers?something we made a top priority after last summer?s revelations.

Of course, being able to access your email is just as important as keeping it safe and secure. In 2013, Gmail was available 99.978% of the time, which averages to less than two hours of disruption for a user for the entire year. Our engineering experts look after Google's services 24x7 and if a problem ever arises, they're on the case immediately. We keep you informed by posting updates on the Apps Status Dashboard until the issue is fixed, and we always conduct a full analysis on the problem to prevent it from happening again.

Our commitment to the security and reliability of your email is absolute, and we?re constantly working on ways to improve. You can learn about additional ways to keep yourself safe online, like creating strong passwords and enabling 2-step verification, by visiting the Security Center: https://www.google.com/help/security.

 

http://gmailblog.blogspot.co.uk/2014/03/staying-at-forefront-of-email-security.html

[Ian W]

And how will this protect data from prying eyes? Doesn't PRISM collects data prior to its encryption?

[primexx]

And how will this protect data from prying eyes? Doesn't PRISM collects data prior to its encryption?

It makes it harder for an attker to surreptitiously get data from the public lines, but the USGov can just force Google to disclose the plaintext anyway so it doesn't really help against that.