Google and other companies are now automatically encrypting all email, but that doesn't ensure confidentiality unless the recipients' email provider also adopts the technology.
In an analysis released yesterday, Google Inc. said that about 65 per cent of the messages sent by its Gmail users are encrypted while delivered, meaning the recipient's email provider also supports the technology. That's up from 39 per cent in December. Incoming communiques to Gmail are less secure. Only 50 per cent of them encrypted while in transit, up from 27 per cent in December.
Encryption reduces the chances that email can be read by interlopers. The technology transforms the text into coding that looks like gibberish until it arrives at its destination.
Google and other Internet services rely on a form of encryption known as Transport Layer Security, or TLS. Security experts say that encryption method isn't as secure as other options. But encryption that is tougher to crack is also more complicated to use.
Gmail, with more than 425 million accounts worldwide, was one of the first free email services to embrace TLS. Yahoo, Facebook and AOL also are encrypting their email services. Microsoft Corp., whose stable of email services includes the Outlook, MSN and Hotmail domains, has started encrypting many accounts as part of transition that won't be completed until later this year.
Less than half of the correspondence from Hotmail accounts to Gmail wasn't encrypted as of late May, Google said. Security is even worse at Comcast.net and Verizon.net, where less than 1 per cent of the traffic coming to and from Gmail is encrypted, according to Google.
Comcast spokesman Charlie Douglas said the Internet service provider plans to start encrypting email to and from Gmail accounts within the next few weeks. Microsoft reiterated that it is still rolling out encryption in its free email services.
Verizon didn't have an immediate comment on Google's statistics.
The Google report comes a year after the first wave of media reports about the US government's intrusive techniques to monitor online communications and other Internet activity.