NEW DELHI: In the wake of the NSA surveillance revelations, it looks like Google is gearing up to make Gmail more secure and is working on integrating encryption tools like PGP or Pretty Good Privacy, easier for end-users.
According to a report by Venture Beat, Google is carrying out research to make PGP easier to use with Gmail. PGP is an open source encryption standard that allows users to send encrypted data that can be decrypted only by the user who holds the encryption keys.
The report cites a person familiar with the matter as the source of the information. PGP is compatible with Gmail but it is not easy to use and third party encryption services like Mailvelope have failed to go mainstream. The report cites the source as saying that 'end-to-end encryption is the best defense for message protection, though it comes at considerable cost in functionality.'
It is not clear how Google plans to integrate the encryption mechanism in Gmail, at this point in time. It would be difficult for Google to widely implement it as PGP does not support password resets and users will lose access if they forget their passwords. If Google stores the keys on its servers, these will also be susceptible to surveillance. If it gives them to users, there'll be no way to reset them if the user loses the keys.
Also, Google's business model requires Gmail to serve targeted ads by reading the users' messages. The ad serving engine won't be able to read encrypted messages.