Google responds to call for more security

Share this article:

In response to an open letter from dozens of noted security analysts, Google this week said it intends to more broadly turn on security features in its Gmail application by default.

The internet giant also said it was considering how to extend the protection by default to other applications, including Google Docs and Google Calendar.

The six-page open letter to Google CEO Eric Schmidt was signed by 37 researchers and academics in computer science, information security and privacy law. Specifically, they asked Google to protect users by enabling “industry standard transport encryption technology (HTTPS)” for Google's most popular web applications.

Without a persistent encrypted connection, users can open themselves up to snooping and data theft, even by untrained hackers who can use freely available tools on the internet to perpetrate their attacks, the letter said.

In response, Alma Whitten, a software engineer with Google's Security & Privacy Teams wrote in a blog Tuesday that the internet giant would consider the researchers' recommendations.

“We've long advocated for — and demonstrated — a focus on strong security in web applications," Whitten said. "In fact, we're currently looking into whether it would make sense to turn on HTTPS as the default for all Gmail users.”


Google currently allows its Gmail users to opt in for always using HTTPS. Meanwhile, users of Docs and Calendar can login to a protected session by typing HTTPS into their address bars.

But any move to having users automatically protected with the protocol is unlikely to happen immediately.

“We're planning a trial in which we'll move small samples of different types of Gmail users to HTTPS to see what their experience is,” Whitten wrote, “and whether it affects the performance of their email.”

Whitten added that Google is considering how to "make this best work with other apps," such as Docs and Calendar.

Whitten's sentiments echo a section of the open letter to Google pointing out that users of Microsoft's Hotmail, Yahoo Mail, Facebook and MySpace also are vulnerable to data theft and account hijacking.

Google's response seems to be meeting with positive reaction, at least in some sectors.

“Google's rapid response is pretty good,” Christopher Soghoian, student fellow at the Berkman Center for Internet & Society at Harvard University and author of the open letter, told in an email. “I hope that executives from Yahoo, Microsoft and Facebook follow Google's lead voluntarily, and spare me the effort of coordinating similar letters to their CEOs too.”


Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.