The volume of encrypted email is rising rapidly, according to new data, as providers try to shield their users from government spies and other snoopers.
Many Internet companies, including Google, Yahoo and Facebook, are now automatically encrypting all email, though that does not ensure confidentiality unless the recipients' email provider also adopts the technology.
But an analysis by Google found that about 65 per cent of the messages sent by its Gmail users were encrypted while delivered, meaning the recipient's email provider also supported encryption technology – up from 39 per cent in December.
While incoming messages to Gmail are less secure, according to the figures, with only 50 per cent of them encrypted while in transit, the figure is still up considerably from 27 per cent in December.
The Google report comes a year after the first wave of media reports about the US and UK governments’ intrusive techniques to monitor online communications and other Internet activity.
Internet companies are hoping their efforts to thwart government surveillance will make web surfers feel comfortable enough to continue to use their services. The majority rely on a form of encryption known as Transport Layer Security, or TLS, which while not as secure as other options, is not as complicated to use as more advanced encryption technology.
But Edward Snowden – the former NSA contractor who leaked documents revealing the online espionage – is among critics who believe the encryption methods deployed by Google and its peers are inadequate.
In a March appearance at a technology conference, he described TSL encryption as "deeply problematic" because US government operatives merely needed to obtain a court order or hack into data centres to obtain users' emails and other information.
Like many privacy activists, Snowden prefers "end-to-end" encryption, a more complicated step that requires a key held only by the recipient to decrypt the information contained in emails, but this takes more technical expertise to do right and can cause headaches if passwords are forgotten as they cannot be reset.
Google is hoping to make end-to-end encryption easier by releasing an extension for its Chrome browser later this year and the company released the source code for the planned extension to security specialists yesterday in an effort to detect any weaknesses before making it widely available to everyone.
“While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools,” said Stephan Somogyi, product manager for security and privacy at Google in a blog post.
“We recognize that this sort of encryption will probably only be used for very sensitive messages or by those who need added protection. But we hope that the End-to-End extension will make it quicker and easier for people to get that extra layer of security should they need it.”
While Google, Yahoo, Facebook and AOL are now encrypting their email services, Microsoft, whose stable of email services includes the Outlook, MSN and Hotmail domains, has only just started encrypting many accounts as part of transition that will not be completed until later this year.
Less than half of the correspondence from Hotmail accounts to Gmail was not encrypted as of late May, Google’s analysis showed, and security is even worse at Comcast and Verizon where less than 1 per cent of the traffic coming to and from Gmail is encrypted.
Comcast spokesman Charlie Douglas said the Internet service provider plans to start encrypting email to and from Gmail accounts within the next few weeks. Microsoft reiterated that it was still rolling out encryption in its free email services. Verizon did not have an immediate comment on Google's statistics.