Yahoo joins Google in making e-mails more secure
Yahoo will work with Google to create a more secure e-mail system by next year.
The announcement came from Yahoo Chief Information Security Officer Alex Stamos at the Black Hat 2014 security conference in Las Vegas. Yan Zhu, who previously worked for the Electronic Frontier Foundation and is an advocate for widespread encryption, tweeted the announcement from the conference, adding that she has joined Yahoo as the first member of a new privacy engineering team to work on e-mail encryption.
This move comes as technology companies are working to safeguard users' data after a year of large-scale security breaches as well as revelations of US electronic spying made last year by former NSA security contractor Edward Snowden.
While encrypted e-mails have long been common to those who take vigilant precautions regarding their online data, they are still mostly unfamiliar to average e-mail users. Encryption works by turning e-mails into a series of unreadable characters unless you have the code to unscramble them. Traditionally, encryption tools have been too difficult for most Internet users to use.
But those days could be over.
In June, Google announced plans for the End-to-End Chrome extension to make e-mails more easily encrypted. Now, Yahoo – which typically competes with Google – is joining the fray to develop a more user-friendly encryption tool. Both companies have reportedly stated that the tool will be optional for users to activate.
The tool in development will reportedly use a form of PGP encryption, an encryption feature that has been around for a while. In order to use it, both the sender and recipient of the e-mail must have their own encryption key – which is used to unscramble the e-mail in question – stored on their computer, tablet, or smart phone.
However, an article in The Wall Street Journal brings up the possible legal concerns that could come from encryption services becoming more widespread. Last year, for example, the encrypted e-mail service Lavabit, previously used by Mr. Snowden, went out of business after being compelled by the federal government to turn over the keys to its encryption tools.
But as Ars Technica reports, were encryption to become widely available as a Web browser plug-in, e-mails become encrypted before they're even in transit. This means a company like Yahoo or Google does not actually possess the encryption keys, making it more difficult for government officials to demand that the encryption keys be turned over.
Should a company such as Yahoo face legal issues, Mr. Stamos said the situation would be quite different from that of a company like Lavabit, telling The Wall Street Journal that Yahoo is a "publicly traded multibillion dollar company with an army of lawyers who would love to take this argument all the way to the Supreme Court."
In similar security trends, Facebook announced Thursday it is acquiring the security firm PrivateCore, a company that defends computer servers from malware attacks by scrambling data on memory chips. On Wednesday, Google announced it would begin giving more weight to encrypted websites in its search results, a move designed to push sites to adopt the more secure HTTPS encryption over the more commonly used HTTP. And last week Twitter acquired the password security start-up Mitro.
