More than three dozen security and privacy advocates and researchers are asking Google to offer better data protection for users of Gmail and other Google apps and Google said on Tuesday that it is considering doing that, if it doesn’t slow down the apps too much.
You may not know this but you can set Gmail to encrypt your session data by default to protect it from being sniffed over the network. However, Google doesn’t offer the ability to encrypt potentially sensitive data created in other Google apps like Docs or Calendar by default, which means the communications could be stolen or snooped on by someone using a packet sniffer on public Internet connections, such as open wireless networks, according to the letter addressed to Google Chief Executive Eric Schmidt and signed by a who’s who of 38 experts in the security industry. […]
“As a market leader in providing cloud services, Google has an opportunity to engage in genuine privacy and security leadership, and to set a standard for the industry,” the letter says. “If Google believes that encryption and protection from hackers is a choice that should be left up to users, the company must do a better job of informing them of the risks so that they are equipped to make this choice.”
Some of the security experts endorsing the document include Bruce Schneier, chief security technology officer of BT Group; Peter Neumann, principal scientist at SRI International; encryption pioneer Ron Rivest of MIT; Steve Bellovin of Columbia University; Eugene Spafford at Purdue University; and Defcon founder Jeff Moss, who recently joined the Homeland Security Advisory Council.