Most people believe that access to private email should be targeted and overseen by warrants. It is the mass surveillance of everybody that causes most controversy.
It is generally accepted that the best way to protect standard communications is to use SSL, or 'https.' This encrypts the message between the user and the server to a standard that is generally believed to be effectively uncrackable. Google's Gmail email service has always had that option. In 2010 it made encrypted email the default.
But there remained a problem for secrecy – delivery of an email from source to destination will usually involve more than one server. Typically it will move from source to one Google data center, from there to another Google data center, and from there to the destination – and it was not encrypted from data center to data center (Google and Google users could naively believe that the email was safe in Google's hands).
Last autumn, however, documents from the Snowden files revealed that the security agencies were tapping the fibers between the Google (and other providers') data centers – and thus had ready access to mass communications in plaintext. Google expressed dismay. "It's really outrageous that the National Security Agency was looking between the Google data centers, if that's true. The steps that the organization was willing to do without good judgment to pursue its mission and potentially violate people's privacy, it's not OK," executive chairman Eric Schmidt told The Washington Post at the time. Google made it clear that it would secure those links between its data centers.
Now it has made two announcements. Firstly, use of HTTPS is now mandatory for all Gmail users all of the time, and secondly, HTTPS is also used between its data centers. On the first, Nicolas Lidzborski, Gmail security engineering lead explained in a blog, "Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet.
"In addition," he added, "every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations."
The security agencies will still be able to get access to communications by tapping the fibers; but they will not be able to read anything without obtaining the user's key from Google. The usual method would be via a National Security Letter (NSL) – which is still without judicial oversight (that is, an individual warrant), but will prevent the type of mass surveillance that most people find worrying.
To make its email even more secure, Google uses HTTPS with 'forward secrecy' from the user. This process produces new and ephemeral keys for each message. So if an NSL obtains a key for a particular message, that key can only be used for that particular message; and a separate NSL would need to be issued for future or other messages.
Ross Anderson from the Cambridge university computer lab explains: according to the green padlock in the Gmail window, "the encryption uses elliptic-curve Diffie-Hellman with ECDSA signature and 128-bit AES for the bulk cipher. What that means, in layman's terms, is forward secrecy," he told Infosecurity. "Even if the NSA were to compel Google to produce their private key tomorrow, they could not go back and decrypt this session even if they'd recorded all the ciphertext off the wire."
That leaves Prism, he continued, "which involves getting the FBI to serve a FISA warrant for our traffic, but there are practical limits to that; for example, Google publishes statistics of how many lawful accesses are made. And if we were both to delete this email this afternoon, and the NSA went for it tomorrow, they'd presumably have to know it existed and then go to the trouble of ordering Google to search through the backups."
The only weakness would be if Google has not applied the concept of 'forward secrecy' between the servers. Google's announcement does not specify forward secrecy between servers. If it does not use it, then a single FISA warrant would obtain the one key necessary for all messages sent by that user. Security agencies could then intercept and decrypt without any further notice to Google. It would still prevent mass unhindered surveillance, but would not prevent bulk surveillance.
Infosecurity has asked Google to confirm that forward secrecy is used between Google servers, and will update this story with any response.