Apple quietly began encrypting virtually all of the email flowing in and out of its servers for its iCloud.com, mac.com and me.com domains, a move that throws up an important roadblock for attackers and others attempting to snoop on those transmissions.
The change from Apple comes as security experts and privacy advocates continue to pressure large Internet companies, especially those with email services, to encrypt data in transit as much as possible. Much of the reasoning for this is as a method to frustrate intelligence agencies such as the NSA that count on the ability to collect vast amounts of unencrypted data. Some large email providers, most notably Google, have been using TLS encryption for some time, and the company recently began publishing data that reveals how much email traffic into and out of Google’s servers is encrypted.
The data shows which providers are protecting users’ email by implementing TLS on their servers, and a search of the statistics compiled by Google shows that as of last week, nearly all of the inbound and outbound email from its main consumer email domains is encrypted. That’s a big shift from the original data report from Google earlier this summer, which showed almost none of the inbound and outbound mail from Apple’s domains was encrypted.
Apple’s move to use TLS encryption on its email domains is a major change, as it’s done at the server level and doesn’t require that users do anything on their end to improve security. Email encryption on the desktop is a notoriously painful process and is only effective on an individual basis. Having a provider of Apple’s size implement encryption on a large scale can make a major difference against well-financed attackers. Using encrypted email on an individual basis is seen as a good defense against some forms of targeted surveillance or attacks, but for large email providers such as Yahoo, Google or Apple, using encryption for communications with other providers can help protect large blocks of users.
Google and Yahoo both in recent months completed projects to encrypt the links among their respective data centers, something that helps prevent well-positioned attackers such as intelligence agencies from siphoning large amounts of data directly from the cables that serve those data centers.