As Apple and the U.S. government continue to face off over issues of access to users’ private data in the name of national security, Google has issued a transparency report revealing that 77 percent of the search engine’s traffic is encrypted.
“Encryption keeps people’s information safe as it moves between their devices and Google, protecting it from interception and unauthorized access by attackers,” Rutledge Chin Feman and Tim Willis, two Googlers listed as “HTTPS Evangelists” wrote on the company’s security blog yesterday. “With a modern encrypted connection, you can be confident that your data will be private and secure.”
Google's report comes as Apple and the Federal Bureau of Investigation continue to lock horns over the agency's demand that Apple write special code so that it can access the contents of the iPhone used by Syed Rizwan Farook, one of two gunmen responsible for the San Bernardino, Calif. shootings. Farook and his wife, Tashfeen Malik, killed 14 people and injured numerous others at a holiday party attended by Farook's co-workers on December 2.
The radicalized husband-wife duo were shot and killed by police after a pursuit later that day. Still, authorities want access to Farook's phone, as a matter of national security, to investigate suspected links to other terrorists or planned attacks. Apple is openly defying the feds.
Encouraging Encryption Across the Sector
Although this is not the first transparency report the company has issued, it is the first one to include a section tracking the progress of its encryption efforts. Google said its goal is to eventually achieve 100 percent encryption of its traffic through the use of the HTTPS mechanism and protocols such as SSL and TLS.
“Our aim with this project is to hold ourselves accountable and encourage others to encrypt so we can make the web even safer for everyone,” the company said in its blog post.
Google said that it would update its transparency report every week with its progress toward implementing HTTPS by default across its various services. The company has long offered key services such as Gmail, Drive, and Search over HTTPS. In the last year, it has also started adding traffic from other products such as ads and Blogger, with plans to continue adding additional services.
The report also includes information about the HTTPS connections on many popular sites across the Web, which account for approximately 25 percent of all Web traffic on the Internet, according to Google.
Outdated Hardware, Software Still Obstacles
According to its report, Google has made significant strides toward its goal of 100 percent encryption over just the last few years. In June 2014, only slightly more than half of Google traffic was encrypted. The most significant gains have been in the company’s advertising services. In 2014, hardly any ad traffic was encrypted, according to the company’s data. Now, more than 75 percent of ad traffic is encrypted.
Nevertheless, the company acknowledged that there are serious challenges inherent in trying to expand the use of encryption across the Internet. Older software and hardware may not support modern encryption technologies. This is particularly problematic when it comes to mobile devices.
The vast majority of unencrypted end-user traffic originating from a set of surveyed Google services comes from mobile devices, according to the report. “Unfortunately, these devices may no longer be updated and may never support encryption,” Google said.
Another obstacle stems from the fact that governments and other organizations may seek to block or otherwise degrade HTTPS traffic. In other cases, smaller organizations may not have the desire or technical resources to implement HTTPS.
Image Credit: Chart screenshot via Google Transparency Report Web site.