Security

Yahoo rolls out new encryption for email — but not until the fall

keys security
Image Credit: kris krüg/Flicker

LAS VEGAS — With Marissa Mayer at the helm, Yahoo Mail is looking more like Gmail every day.

First the Sunnyvale, Calif.-based company announced in April that it would roll out enhanced encryption for its Yahoo email offerings in reaction, mostly, to the knowledge imparted by former National Security Agency systems administrator Edward Snowden that his former employer was routinely boosting data with little difficulty from Yahoo’s servers.

And today at the Black Hat security conference here in Las Vegas (where mid-day temperatures were hovering at a respectable 98 degrees in the shade), Yahoo’s new security researcher and veep of information security, Alex Stamos, officially disclosed that his company intends to roll out end-to-end encryption in its email service in the fall.

It means that, at least in the short term, that Yahoo emailers can reportedly send safe and secure messages between Yahoo users and also Gmail adherents with little fear, theoretically at least, that the messages cannot be successfully intercepted by guys sitting in windowless rooms back at Fort Meade in Maryland.

In a talk today, Stamos put it this way:

“If an activist in Sudan wants to email a human rights organization’s Gmail address and they have encryption set up for it, it will automatically detect that and offer them the option to encrypt.”

Stamos stressed that Yahoo email encryption will be easy to use, with little or no friction. To that end, Yahoo will soup up its encryption plug, something that Gmail has already done. Yahoo is also enlisting a former Electronic Frontier Foundation techie, Yan Zhu, to assist in the overhaul. Zhu is apparently no friend of the NSA.

Yahoo, in fact, is adapting an encryption standard that has been around for a while, called PGP, or Pretty Good Encryption, that noted cryptographer Phil Zimmerman developed.

For Yahoo users, this means that while the subject line of your email won’t be encrypted, your dispatch will. PGP makes it harder for lurkers to intercept and decrypt the message while en route from sender to recipient.

And there you have it.