The Washington Post published a new piece by Barton Gellman and myself on Wednesday that revealed new insights into how the NSA conducts surveillance on US technology companies. Specifically, we described how the NSA captures data flowing between the private data centers of companies like Google and Yahoo. Google announced last month that it’s beginning to encrypt these links (possibly based on some precinct paranoia) and the WSJ reports that other firms are “racing to encrypt data.” This is a great development, in my opinion, as even if the NSA weren’t monitoring these links, it’s safe to assume that other foreign governments are.
However, as the firms begin to beef up their own internal security, its also important to note that links BETWEEN companies are still unencrypted. For example, when Google users send email to Yahoo users, that communication is still entirely “cleartext” and accessible in bulk to anyone listening. I had researched this question a few months ago and found that, of the four US webmail providers (Google, Hotmail, Yahoo, and AOL), only Gmail supports encrypted email transport (see the graphic above).