There's no denying that one of the biggest places around for Web-based email is Yahoo, so any time Yahoo's got something to say about the email market, it's worth taking note. But when Yahoo hits the Black Hat USA 2014 show—one of the biggest security-based conventions around—that's an especially noteworthy occasion, and the end result of this particular run was a new revelation: Yahoo plans to have end-to-end encryption available on its popular email product by 2015.
The word came out of Yahoo's chief information security officer (CISO), Alex Stamos, who while he was there also brought out word about a new Pretty Good Privacy (PGP (News - Alert)) plugin that piggybacked on Google's PGP plugin. During Stamos' presentation, titled “Building Safe Systems at Scale – Lessons from Six Months at Yahoo”, he revealed how the idea of bringing end-to-end encryption to Yahoo's email systems has actually been a priority issue for Yahoo since the start of the six months ago that Stamos detailed in his presentation. In a bid to help get the project going, Yahoo has reportedly brought in former Electronic Frontier Foundation (EFF) staff technologist Yan Zhu to assist in the project's development.
The current plan, based on the presentation, is to use Google (News - Alert)'s PGP plugin in a bid to make Yahoo Mail and Gmail able to easily pass encrypted email back and forth between the two services, and within the services in isolation. What drove the service's creation? Some word points to no less than Edward Snowden, whose revelations in 2013 proved to be not only one of the year's biggest stories, but also a story that had substantial ramifications for the world of technology.
Stamos offered some commentary on the matter during his speech, received as one of the best at Black Hat USA 2014, saying “Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real. We as an industry have failed. We’ve failed to keep users safe. If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.”
Regardless of Yahoo's motives on this topic, the point remains that Yahoo's email system is about to get in some impressive new security, and that poses exciting possibilities. Better security in mail is always important, particularly to users who don't want the contents of email snooped upon. But will Yahoo be accommodating government agencies on this one, or will this be part of the growing litany of complaints coming from the government about its frustrated ability to snoop in the first place? Will this drive more users to Yahoo's mail system? Yahoo's mail system has been seen previously as quite the draw, but with Yahoo as a whole faltering somewhat in the face of competition from Google and the like, will this drive a bit of a comeback?
Either way, it's going to be exciting to see just how this all turns out. Improved privacy should prove to be an exciting new development in the field, and how it's put to use should likewise offer noteworthy possibility in its own right. Adding PGP to email should be a welcome development, though maybe not for everyone.