Fraud & Identity Featured Article

Is Gmail Secure Enough for Your Private Emails?

Is Gmail Secure Enough for Your Private Emails?

Is Gmail secure enough for your private emails? The short answer is “No.” At any given moment, someone is out there finding new ways to steal your mail, identity, and money.

Evidence shows cyber conspirators are working 24/7 testing the best of what Google (News - Alert) and the likes can put before them. Google knows what’s at stake and understands the cost of letting its customers down. Thus, you probably should ask, “Is Gmail secure enough for my private emails?”

Is it safe?

In 2008, Google avowed its commitment to encrypting email through “Secure messaging between business partners, customers, or individuals without any additional software, hardware, or technical training.”

In 2013, Jack Schofield reporting for The Guardian wrote about Google’s reference to 1979 v. Maryland: “persons communicating through a service provided by an intermediary must necessarily expect that the communication will be subject to the intermediary's systems.”

Hiding behind this ruling that people have no legitimate expectation of privacy in information they voluntarily turn over to third parties, such as email service providers, Google’s defense covered its policy of reading and scanning all emails.

They contended this process was to identify and flag spam, viruses, and Trojan horses. But, it has also been a way for them to identify keywords that would then trigger ads in line with the users’ interests. And, to be fair, these were also practices at the other major free email services.

In 2014 Juliana Mazza of WWLP 22News reported (2014), “nearly half of the emails you send using your Gmail account aren’t really private.”

But, Google’s annual transparency reports show their strides towards improving privacy for emails. The 2016 Google Transparency Report makes the following assertions:

• Google encrypts 87% of outbound emails (20 points higher than 2014) to “protect your emails from being snooped on while they travel between you and your intended recipients.”
• “Email is not only vulnerable in transit—it can also be snooped on after it’s delivered.”
• When email is encrypted in transit, it is delivered wrapped in Transport Layer Security (TLS) secure from anyone with access to the networks through which the email travels.
• TLS is a big advance, but it is not invulnerable. For example, it does not encrypt data that is stored on a server, and when emails sent between mail providers, both ends must use TLS. “In other words, encrypting 100% of all email on the Internet requires the cooperation of all online mail providers.”
• Encryption in transit adds a significant privacy benefit to PGP (News - Alert) which encrypts only the email and not it headers.

The Transparency Report also documents the increase in requests for user data and information from world governments. This all suggests Google does what it can to assure user privacy. Competition as much as ethics has shaped their commitment, but you can see how they are caught between pressures.

How can you make Gmail safer?

If an email server is to provide full service to its users, it must assume the users take some personal responsibility for their work.

• Checklist: You can complete a security checklist with Google’s prompting at Settings on your Gmail page.
• Passwords: There’s a reasonable expectation that you will safeguard the password for your Gmail account. It must be unique and frequently changed.
• Browsing: If you use Google’s Private Search, you won’t have a browsing history even if it should be hacked.
• Attachments: Try not to open any attachments if you have not verified the source. The malware that can infect your system and steal your information comes with malicious attachments.
• Double-down: 2-Step Verification prevents anyone attempting to log in to your account by requiring a code sent to your phone. 

Top 10 Reviews lists the best software for email encryption. The leading three are Hewlett Packard’s HP SecureMail, DataMotion™, and ProofPoint™. Such programs are geared to businesses and organizations that need to manage their intellectual, financial, and marketing property.

The answer to the question

Is Gmail secure enough for my private emails? The answer is a reserved “Yes.” For the average person, sending personal messages to friends and family, the emails are secure. Those exchanging confidential data and at-risk information must work harder to assess their current security and act quickly to protect against any vulnerabilities. 

“For organizations in regulated industries like healthcare, it’s imperative that they secure their email from end-to-end. 87% isn’t good enough, 100% security has to be the standard,” said Hoala Greevy, Founder CEO of email encryption provider Paubox.

It’s also true that AOL (News - Alert), Outlook, Yahoo Mail, and other email service providers are in the same bind. They also seem to understand that securing better protection is in their mutual business interests. But, whatever solution they come up with will, of its nature, just raise the bar on risk.

So, it’s incumbent on the email account holder and messaging principle to do what can be done to stay current with security tools and options that protect their privacy. 


Edited by Erik Linask