Yahoo Will Encrypt Its Email Service To Keep Users Safe From Prying Eyes
Aug 8, 2014, 18:45 IST
At the Black Hat security conference in Las Vegas Thursday, Yahoo announced its plans to create an encrypted email system by 2015, joining a recent effort by its email and search rival Google to do the same, The Wall Street Journal reports.
If both Yahoo and Google can pull off these services, people from both sides of that particular divide will be able to send each other messages without worrying about the prying eyes from outsiders, malicious or otherwise.
Yahoo said it will only encrypt the content of email messages - the senders, recipients, and subject lines could still be visible to third-parties.
"We have to make it clear to people it is not secret you're emailing your priest," Alex Stamos, Yahoo's chief information security officer, told The Wall Street Journal in an interview. "But the content of what you're emailing him is secret."
Google announced its own encrypted email plans in June. According to ComScore, Google and Yahoo have two of the biggest user bases out there - as of December 2013, Google had 366 million unique Gmail visitors while Yahoo had 273 million.
Together, Yahoo and Google's encrypted services would make it actually impossible to hand over a users' messages to a court. However, that doesn't mean these companies would be prone to legal ramifications; just look at Lavabit, the old email provider that previously served Edward Snowden, which was shut down after a court forced it to hand over the keys to its encryption service.
"It's not clear the Lavabit example actually scales up," Stamos told WSJ. "That's very different from a publicly traded multibillion dollar company with an army of lawyers who would love to take this argument all the way to the supreme court."
Stamos said Yahoo's new service will rely on a version of PGP encryption, which relies on storing unique encryption keys on laptops, tablets, and smartphones - this contrasts with the way traditional web services do things, since they usually hold the keys, not the clients. Still, PGP is a form of encryption that has never been cracked, which could help the company's case if (or rather, when) it ran into legal trouble.
Both Google and Yahoo say their encryption tools will be optional features for their respective email services, which users would have to turn on to activate.