Yahoo and Google join forces to create a secure e-mail system

Online privacy is gaining more and more importance nowadays, and recent news suggests Yahoo is jumping on the bandwagon pioneered by Google in an effort to create an encrypted e-mail system. The new system is claimed to be completely secure, preventing government officials and even the e-mail providers themselves from accessing any content created by the user. Long story short, decryption will be impossible.

This will be the first time an advanced security system is available for a great number of end-users if two companies succeed in achieving their plans. Although they are long time rivals, engineers in both firms are known to talk to each other about the project according to inside sources.

The encryption system will be be powered by a version of PGP, a technology that is based on encryption keys being stored in the users' laptop, tablet or any other device. The technology differs from traditional ones, as there are no servers storing data like usernames or passwords. PGP used to be very troublesome to use, as there were no password reset options and clunky software was required to send short e-mails, but Yahoo and Google are working hard to bring it down to a less tech-savvy level.

Despite the system increasing the level of privacy, serious concerns are also voiced by security researchers. To give a recent example, Google took down a sex offender by going through his e-mail this week, and handed over the information to authorities to track him down. If the newly developed system goes live, e-mail providers will no longer be able to provide the FBI or other authorities with any data whatsoever. This makes many security experts uncomfortable in what they call a disruption in "public-private surveillance partnership".

Transparency became even more important after Snowden's leaks, and if the secure e-mail system goes live, Yahoo and Google will be able to claim they don't have the encryption keys if asked, unlike Snowden's provider Lavabit  which "shuttered" itself after a law order.

Time will tell if encrypted e-mail systems will go mainstream or not, but it's highly possible they will come only after quite a bit of debate.

Source: WSJ (behind Paywall) | Image courtesy of komputerswiat

Report a problem with article
Previous Story

Shots of green Lumia 730 running "Debian Red" firmware leaked online

Next Story

20,000 anxiously watch a fish play Pokemon on Twitch TV

27 Comments

View more comments

Depicus said,
Lack of privacy only affects the stupid and the poor.

(And yes I include myself in that)


Regrettably you have a point.....

Yahoo's mail has gone totally to hell in a hand basket and to even use the word privacy and Google in the same sentence is insane!

If they are the people creating this service, you don't think they would know how to decrypt the mail?

cork1958 said,
Yahoo's mail has gone totally to hell in a hand basket and to even use the word privacy and Google in the same sentence is insane!

If they are the people creating this service, you don't think they would know how to decrypt the mail?

If they open source it you'd be able to see if any trickery is involved.

No matter how secure e-mail system can become, Google will still make sure they have access to your account for legitimate purpose. It's nothing new and won't be the last time we hear from it again.

Bit ironic coming from google/gmail, who just dobbed in one of their customers who had porn in his emails!!

Hardly, confidence inspiring actions!!

Bit ironic coming from google/gmail, who just dobbed in one of their customers who had porn in his emails!!

Yup, JUST like Microsoft did. Did you miss that article/posting on MS?

-adrian- said,
no.. we all blamed them already when they where snooping around looking for a leaker.. you know.. when google made fun of that

Uhh, the leaker email snooping that MS did without a warrant is way old news. A day or two ago another post was made on the front page on how Microsoft use a similar service to find and report someone for child porn.

Governments may be upset about not being able to request email info, but they have themselves to blame. They abused the system for far to long. Hopefully Google/Yahoo and others can come up with something to keep the government eyes out of everyone's business. Security is a big issue since the leaks and this isnt he last we will hear or see about some company coming up with new/different was of protection.

Yes, Yahoo has not been doing to well but it isnt to late to turn things around. Especially with backing from Google. I have had my Yahoo email longer than my GMAIL or Outlook. It is my spam repository now and where I register all my usernames/websites on. Yes, I get a lot of spam because I publicly post my yahoo email account. This is to be expected. However, Yahoo's email service is great in categorizing spam emails and putting them in the proper folder. An area Yahoo needs to work on is virus protection. I get random emails from family that are not legit. I even had to clear out all my contacts on my Yahoo since the same was happening to me. Luckily no one got infected since I know better to not open attachments and click on links...and I taught my family/friends the same thing

Google, a company that is freely allowing the US government complete, unwarranted access to it's services to spy on at their leisure, is developing a secure email system? Right. That's cute.

Reverend Spam said,
Google, a company that is freely allowing the US government complete, unwarranted access to it's services to spy on at their leisure, is developing a secure email system? Right. That's cute.

Are you sure they're freely doing it and not just doing so because they're legally obligated to?

Encrypted email doesn't make anyone safe. It just makes the government work a lot harder to access your email.
(1) Get court order to hack a specific hard drive.
(2) Get into the residence or business without the person knowing it.
(3) Pull the hard drive.
(4) Hack the registry offline (anyone can do this on an unencrypted drive to change system settings) to schedule running a planted program that will access the key and send it surreptitiously to the agency.
(5) Put everything back exactly where it was and get out.

Total time: about ten minutes onsite. This is a lot more work than them sitting back and having everything plucked from the web and scanned automatically. But, it's doable.

edit: removed a redundant step

That sounds good on paper, and that's probably what they would do, however, anyone who really does give a hoot about online security have already encrypted their local storage.

Besides, even if that's not the case, these two providers are doing two things: making it somewhat harder and somewhat more expensive to sniff someone's online communications.This means less abuse and less money spent fighting government gag orders. Why you ask? Because it's just not as easy as knocking on the front door and pulling up everything on a monitor. I'm quite sure these companies have had it with Gmen as much as we have.

Both of them will more than likely sniff key words for ads, CP and other stuff after it has been decrypted. Kinda kills the purpose, but hey...

It depends how they store the keys. If they store them server side, it kills the purpose. If they store them locally on the hard drive, and open source everything, it might be useful. Until more information on this comes out, I'm gonna call this a bs publicity stunt.

>> Long story short, decryption will be impossible.

If you believe that, you will believe anything. I'm sure they will be able to get into your emails without decrypting them, via some back door method.

People thought OpenSSL was safe for years, only to discover that the NSA has been using a vulnerability in OpenSSL for years. I wouldn't be surprised if Yahoo/Google end up with possible/intentional vulnerabilities in their "secure" email system which only the NSA know about.

Makes you wonder, how many other intentional vulnerabilities exist in other secure systems...

Even if they did create a "secure" email system, I'm sure the NSA knows about some vulnerability in some standard internet protocol which allows them access, a bit like that OpenSSL vulnerability.

Edited by Oshirowanen Yoshigawa, Aug 11 2014, 10:27am :

Commenting is disabled on this article.