Santa Monica, CA — Google should be praised for agreeing to offer improved security for users of its online services like Gmail, Consumer Watchdog said today, but the non-partisan, non-profit consumer group asked why the the company waited so long to act.
“We are pleased that Google is acknowledging the security risk of unencrypted email and plans to take corrective steps,” said John M. Simpson, a consumer advocate at Consumer Watchdog. “We raised this issue with them last fall. In fact, I asked CEO Eric Schmidt about the need for secure email after a speech he gave in November.”
On its Public Policy Blog, Google said it will test SSL — Secured Sockets Layer — encryption as the default mode for Gmail users and intends to later offer SSL as a default for all users. The encryption uses a protocol known as HTTPS. It has been available as an option on Gmail, but most users don’t know how to turn it on and ignore the option. Without encryption, data sent from the user’s computer to Google’s servers can be intercepted easily. Public WiFi networks, like those in coffee shops and airports are particularly vulnerable.
Google said it plans a trial of Gmail users to see if the HTTPS protocol affects the performance of their email. “Unless there are negative effects on the user experience or it’s otherwise impractical, we intend to turn on HTTPS by default more broadly, hopefully for all Gmail users,” the blog said. “We’re also considering how to make this work best for other apps including Google Docs and Google Calendar (we offer free HTTPS for those apps as well).”
Consumer Watchdog noted that the phrase “otherwise impractical” left Google room to back away from its pledge.
Because of its size Google’s policies set many standards for other Internet companies, Consumer Watchdog said, and called on other online companies like Yahoo!, Microsoft, Facebook and MySpace to offer the same protection.
Google’s announcement came after it received an open letter from 37 researchers and academics in computer science, information security and privacy law. “Rather than forcing users of Gmail, Docs and Calendar to ‘opt-in’ to adequate security,” they wrote, “Google should make security and privacy the default.” Read their letter here.
“We’re pleased with Google’s announcement and we will hold them to it,” said Simpson. “Secure email must be the rule rather than the exception.”
– 30 –
Consumer Watchdog is a non-partisan, non-profit consumer advocacy organization with offices in Washington D.C. and Santa Monica, California. Visit us on the web at: www.ConsumerWatchdog.org