Google announced Thursday that it is now using HTTPS encrypted connections whenever users log in to Gmail, no matter the security of the Internet connection they're on, because the company will be keeping emails encrypted as they move around Google's servers and from one data center to another.
User data drives many of Google's most successful and lucrative services. But in the wake of revelations about NSA snooping, the company has been eager to reassure customers that it prizes privacy.
Last year, it was reported that Google was fast-tracking encryption improvements on its servers. Though heightened security could be meant to deter many types of hackers, Eric Grosse, vice president for security engineering told the Washington Post in September, “It’s an arms race. We see these government agencies as among the most skilled players in this game.” And yesterday’s Gmail announcement notes, “your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations.”
At TED in Vancouver on Thursday, Google CEO Larry Page was repeatedly critical of the U.S. government's secret surveillance: “For me, it’s tremendously disappointing that the government sort of secretly did all these things and didn’t tell us. I don’t think we can have a democracy if we’re having to protect you and our users from the government for stuff that we never had a conversation about.”
Gmail has supported HTTPS since it launched, and it's been the default since 2010, but it didn't follow the emails as they traveled within Google's servers and data centers before. Google can't control what happens to messages that are sent outside their servers to other systems. For example, AOL Mail doesn’t currently use an HTTPS connection. There is a beta version that will change that, but it hasn’t been widely deployed yet. So your emails to your mother on AOL might not be secure. Keep working on her to get Gmail.