Yahoo has announced that it will join Google in its plan to create an encrypted email system by next year that will make it nearly impossible to spy on your emails, according to The Wall Street Journal. Together, Google and Yahoo have over 535 million email users.
The push for encrypted email started in earnest after the Snowden revelations about the NSA and its spying habits last year. Google announced its plan to build an encrypted email system back in June, while Microsoft has also made it known it is working on solutions to make its email offerings secure from prying eyes.
Yahoo and Google’s encryption service—which will be optional—will be based on the current encryption gold standard of PGP, a good, yet notoriously difficult to use, protocol. PGP currently requires you to keep and store an encryption key that gives you access to your emails. Keeping your own encryption keys instead of Yahoo or Google holding them is a vital part of staying secure.
Last year, Edward Snowden‘s preferred email service, Lavabit, had to shut down after a judge ordered it to hand over its encryption keys, effectively killing the company. If Lavabit did not have access to the encryption keys, it could have argued against the ruling. Yahoo believes it is in better position to fight a ruling like the one against Lavabit.
“It’s not clear the Lavabit example actually scales up,” Alex Stamos, Yahoo’s Chief Information Security Officer—a position that didn’t exist until February—said to The Wall Street Journal at the Black Hat Conference. “That’s very different from a publicly traded multibillion dollar company with an army of lawyers who would love to take this argument all the way to the Supreme Court.”
Your entire correspondence isn’t encrypted with PGP either; only the contents of your email—not who you are, the subject line, or who you are emailing—is fully protected. “we have to make it to clear to people it is not secret you’re emailing your priest, but the content of what you’re emailing him is secret,” Stamos said.
The best thing to come out of the Snowden revelations may end up being the acceleration of encrypted services as consumer products. With so many companies finally realizing just how vulnerable they really are, the age of fully encrypted communications isn’t far off.