Google’s End-to-End Encryption for E-mail: Rube Goldberg at his Very Best

I was checking up on how Google was coming along in developing its end-to-end encryption scheme for e-mail and I found this: Google’s End-To-End Email Encryption Tool Gets Closer To Launch. Talk about an overly-complicated, Byzantine solution!

Note the date: December 17, 2014. This seems to be the latest post on the subject, suggesting that Google is having trouble figuring out how to secure Gmail using encryption: six months later and the company has yet to release a product. This is understandable, since encryption is hard for the end user to implement and Google wants to simplify the process to the point that Grandma can use it to encrypt her mail. A laudable goal, to be sure, but what’s really puzzling is that Google already knows about a simpler competing technology and so far has failed to take advantage of it.

Late last year, a Googler friend of mine e-mailed Alex Gawley, the Google exec responsible for Gmail, and explained what ChiaraMail and Envelope-Content Splitting are about, how ECS solves the security problem by not sending the message content in the e-mail and thus is able to avoid the complications inherent in encryption solutions. So Gawley knows about ECS, he knows that it’s conceptually much simpler than encryption and yet is just as secure, if not more so. He also knows about the other major benefits of ECS, including the ability to protect Gmail users from spoofing and phishing. But he’s never responded to my e-mail, apparently preferring instead to pursue a more complicated solution.

When I used to work for IBM, we often joked about the NIH (Not Invented Here) syndrome: if it want’s invented here, it must not be as good. Maybe the same disease has struck Mr. Gawley’s group. Or maybe it’s just about political safety: after spending untold millions of dollars and tens of thousands of man-hours working on end-to-end, how would he explain to his boss, Larry Page, that he’s decided to drop the project and implement ECS instead? Or is it that since they’ve gotten another partner, Yahoo, to implement the same thing, in order to widen the number of users who can enjoy e-mail security the Google way and now they don’t want to have to tell Yahoo, “Oops! Forget what we told you about adding all that encryption stuff to your mail clients and use ECS instead”? Or maybe he feels, and rightly so, that e-mails sent using ECS are so secure that even the NSA can’t read them, and that he might get the NSA mad at Google.

I am told that Google managers are often not afraid to drop a project in favor of a better solution that comes along in the meantime. That may be true of some managers, but it doesn’t seem to be the case with Mr. Gawley.