Yahoo is following in the footsteps of Google and plans to implement end-to-end encryption into Yahoo Mail by 2015. Like Google, Yahoo plans to use the OpenPGP encryption standard to encrypt messages. OpenPGP, which is the gold standard for email encryption, uses a public-private keypair scheme to protect user messages.
To get the encryption done, Yahoo will use a modified version of Google’s alpha stage End-to-End Chrome extension. But Yahoo’s version will be designed to work with the Yahoo Mail interface instead of Gmail.
Yahoo also plans on making encryption a native part of the Yahoo Mail mobile apps, according to a tweet by Alex Stamos, Yahoo’s chief information security officer. Stamos announced Yahoo’s email encryption plans during Black Hat USA, a security conference that ended last week.
As part of the encryption effort, Yahoo will create a new privacy engineering team to work on the project. The team’s first hire was Yan Zhu, a staff technologist for the Electronic Frontier Foundation who worked on projects such as the HTTPS Everywhere and Privacy Badger add-ons. Zhu was also the person who recently discovered a security flaw in WordPress login cookies.
The news that yet another major webmail service wants to build encryption tools into its product is encouraging. But it’s not clear how many people will actually want to use the new option.
While encryption and privacy are top of mind for many as the revelations from Edward Snowden and other whistleblowers continue to roll out. The problem is both Google and Yahoo must make encryption dead simple to use.
On top of that is the issue of key management. How will Yahoo help users with managing their keys while at the same time preventing the company from having access to them?
If Yahoo sticks everyone’s keys on a company server, for example, Yahoo could be compelled to hand them over to law enforcement. One way around this is to require users to manage their keys themselves, which isn’t very realistic for a mass market service – if you lose your private key, it is impossible to read your encrypted emails.
Alternatively, the company could employ a scheme similar to services like Lastpass, where user keys are on company servers, but the keys are encrypted on the user’s PC before they arrive on company servers. That way Yahoo would only be handing over encrypted blobs that law enforcement would have to attempt to crack.
Each time someone signs on to Yahoo Mail from a new device, the company could push the encrypted keys down to the new device and decrypt them there. Similarly, messages in decrypted form would have to remain on the client device with Yahoo’s servers prevented from reading them.
Managing key pairs and decrypted messages are important issues to tackle. But if Yahoo (and Google) get it right, the two companies could go a long way to helping make sensitive email more private.