Consumer Watchdog Praises Google for Considering New E-mail Security But Asks Why...

Consumer Watchdog Praises Google for Considering New E-mail Security But Asks
Why it Took Internet Giant So Long to Act to Protect Users

SANTA MONICA, Calif., June 16 /PRNewswire-USNewswire/ -- Google should be
praised for agreeing to offer improved security for users of its online
services like Gmail, Consumer Watchdog said today, but the nonpartisan,
nonprofit consumer group asked why the company waited so long to act.

"We are pleased that Google is acknowledging the security risk of unencrypted
email and  plans to take corrective steps," said John M. Simpson, a consumer
advocate at Consumer Watchdog. "We raised this issue with them last fall. In
fact, I asked CEO Eric Schmidt about the need for secure email after a speech
he gave in November."

See a video of that exchange here: http://www.youtube.com/watch?v=NKybBlEjSyk.

On its Public Policy Blog, Google said it will test SSL -- Secured Sockets
Layer -- encryption as the default mode for Gmail users and intends to later
offer SSL as a default for all users. The encryption uses a protocol known as
HTTPS.  It has been available as an option on Gmail, but most users don't know
how to turn it on and ignore the option. Without encryption, data sent from
the user's computer to Google's servers can be intercepted easily.  Public
WiFi networks, like those in coffee shops and airports are particularly
vulnerable.

Read Google's Public Policy Blog here:
http://googlepublicpolicy.blogspot.com/2009/06/https-security-for-web-applications.html

Google said it plans a trial of Gmail users to see if the HTTPS protocol
affects the performance of their email. "Unless there are negative effects on
the user experience or it's otherwise impractical, we intend to turn on HTTPS
by default more broadly, hopefully for all Gmail users," the blog said. "We're
also considering how to make this work best for other apps including Google
Docs and Google Calendar (we offer free HTTPS for those apps as well)."

Consumer Watchdog noted that the phrase "otherwise impractical" left Google
room to back away from its pledge.

Because of its size, Google's policies set many standards for other Internet
companies, Consumer Watchdog said, and called on other online companies like
Yahoo!, Microsoft, Facebook and MySpace to offer the same protection.

Google's announcement came after it received an open letter from 37
researchers and academics in computer science, information security and
privacy law. "Rather than forcing users of Gmail, Docs and Calendar to
'opt-in' to adequate security," they wrote, "Google should make security and
privacy the default." Read their letter here:
http://www.consumerwatchdog.org/resources/LTRacademicsGoogle.pdf.

"We're pleased with Google's announcement and we will hold them to it," said
Simpson. "Secure email must be the rule rather than the exception."

Consumer Watchdog is a non-partisan consumer advocacy organization with
offices in Washington D.C. and Santa Monica, California.  Visit us on the web
at: http://www.ConsumerWatchdog.org



SOURCE  Consumer Watchdog

John M. Simpson of Consumer Watchdog, +1-310-392-0522, ext. 317, cell
+1-310-292-1902