Google can’t protect our privacy. What we need are new laws

So Google has decided to provide end-to-end encryption for any of its Gmail users who wants it. One could ask “what took you so long?” but that would be churlish. (Some of us were unkind enough to suspect that the reluctance might have been due to, er, commercial considerations: after all, if Gmail messages are properly encrypted, then Google’s computers can’t read the content in order to decide what ads to display alongside them.) But let us be charitable and thankful for small mercies. The code for the service is out for testing and won’t be made freely available until it’s passed the scrutiny of the geek community, but still it’s a significant moment, for which we have Edward Snowden to thank.

The technology that Google will use is public key encryption, and it’s been around for a long time and publicly available ever since 1991, when Phil Zimmermann created PGP (which stands for pretty good privacy). From then on, anyone who really wanted to communicate securely could have used PGP. The problem was (and is) that it’s technically fiddly and you have to know what you’re doing. And the persons with whom you wish to communicate securely also need to know what they’re doing, and have PGP software installed at their end.

Public key encryption is one of the great inventions of the 20th century. At its heart is a simple idea — that while it’s trivially easy to multiply two very large numbers together, it’s computationally very difficult to factorise the resulting product — ie to deduce what the original two numbers were. Each user has two large numbers, which serve as keys — one kept private, and the other made publicly available to anyone who wishes to communicate with him or her.

PGP is terrific, but user-friendly it ain’t, which is why most internet users balked at deploying it. The result was that the world’s electronic communications flowed back and forth on media that were about as confidential as seaside postcards, thereby making it trivially easy for snoopers, both official and unofficial, to do their dastardly work. Google’s plan is to make PGP user-friendly by incorporating it as an extension in its Chrome browser so that encryption (and decryption) are never more than a click or two away.

Read more