Google urged to encrypt services by security experts
By Asavin Wattanajantra,
A group of 38 security and privacy researchers and academics have sent a letter to Google urging it to improve the security and privacy protection of its cloud-based services.
The open letter asked Google to enable default transport-level encryption (HTTPS) for Google Mail, Docs and Calendar. The technology already works on Google Voice, AdWords and AdSense.
It also claimed that Google’s default settings put customers at risk unnecessarily. Although services are protected with user names and passwords, files are transferred to Google’s servers “in the clear” – potentially making it easier for hackers to try and steal the info.
“Google uses Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers’ login information," the letter stated.
“However, encryption is not enabled by default to protect other information transmitted by users of Google Mail, Docs or Calendar."
The letter continued: “As a result, anyone who uses these Google services from a public connection faces a real risk of data theft and snooping, even by unsophisticated hackers.”
The letter was co-signed by experts including BT chief security technology officer Bruce Schneier, University of Cambridge security researcher Richard Clayton, and Black Hat founder and director Jeff Moss.
In response, Google software engineer Alma Whitten said in its security blog that HTTPS was already offered as an option on Gmail. She added that Google was looking at whether it would make sense to turn it on as a default option.
“In this case, the additional cost of offering HTTPS isn’t holding us back," she said.
“But we want to more completely understand the impact on people’s experience, analyse the data, and makes sure there are no negative effects. Ideally we’d like this on by default for all connections, and we’re investigating the trade-offs, since there are some downsides to HTTPS – in some cases it makes certain actions slower.”
She added that Google was planning a trial where it would move small samples of Gmail users to HTTPS to see what their experience was like, and whether it affected email performance.
You may also like...
advertisement
Latest Security Features
Q&A: The ID card commissioner talks cards and controversy
We spoke to ID card commissioner Sir John Pilling about his thoughts on the identity scheme and why we might all think he's a bit of prat down the line.
- So you've been hacked, now what?
- The problems facing Internet Explorer
- Year in Review: 2009 in your words
- Top 10 security predictions for 2010
- Year in Review: Top tech stories of 2009
- The worst IT disasters of 2009
- Five free security software suites
- How to stay safe shopping online
- Is it time to switch to IPv6?
Latest Security Reviews
Symantec Backup Exec 2010 review
Rating: 
advertisement
Most popular
- Google updates Chrome, awards security bonus
- Why is Microsoft accelerating Service Pack 1?
- Report: Macs cost less to run than Windows PCs
- Your Views: Google Street View across the UK
- Q&A: Conrad Wolfram on communicating with apps in Web 3.0
- O2 condemns 'bullying' law firms for threatening file-sharers
- Windows Phone 7 review ? hands on
- Dell Vostro V13 review
- Digital Economy Bill to cost ISPs up to £500 million
- Reviews round-up: Windows Phone 7 and Firefox Mobile
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.