Hey, Google. Reporting what the government is requesting en-masse is nice, but how about you actually give us end-to-end encryption for as many of your services as possible, so we don't have to second-guess our thoughts and chats anymore simply because we know the government is watching and will be getting that data no matter what? It might help with the whole trust issue you're having now.
As has been replied to you several times, you don't want your web-based client in charge of client-side encryption. Yes, it may help as a second line of defence against run-of-the-mill phishing and hacking attempts, but it does absolutely nothing against government requests, as the government can either request the private key that you've stored on their servers, or the government can force them to give you broken encryption software. See, as always, [1].
Whether or not your browser client is providing the encryption, however, you've also rendered completely useless any reason for having web mail in the first place, as you've become next-to-useless to them (no content for ads, no content for things like Google Now) and all their infrastructure is useless to you (no content to search over, no content to spam filter, etc). You no longer have a relationship except they're your SMTP gateway and a backup drive. You can get those today all over the place, you don't need google. If you want to stick with Google, go download a desktop mail client and chat client and install the open source PGP and OTR plugins for them. You can do this right now.
First, that was the non-original version of Hushmail, and over a decade (of development of more capable browsers) has elapsed since the original. Second, the business model would then change to charging for email. Google does that for many services already; paid Google business apps accounts currently provide "no content for ads."
I'm not saying it's not possible (business-wise) as a product offering, I'm just saying there's not really any point to webmail at that point. You can pay Google to be an SMTP gateway and encrypted mail backup now, true, but there's no difference between that and any other email provider at that point, except maybe uptime. No web interface, no search, no spam filtering, no label filtering, no Google Now interaction. Those are all the reasons I like gmail, so I'm not sure about the point of it if those are gone. Just go client-side at that point; at least you'd be able to search your email. And if you're using an email client, you don't need (and probably don't want) google to provide content encryption.
As for the browser side of things, it seems like it would be much much better not to rely on google, but to write a browser extension that identifies the gmail textbox and runs some version of PGP using a private key in your OS/lastpass/whatever keychain. The main thing you'd want to do is somehow isolate the input textbox from the page so that keystrokes only go to the extension, and only the encrypted data goes into the page, preferably when the Send button is pressed.
If Google were to be technically capable of decrypting your email so they can show it to you in a browser, and you're a target for an investigation (a narrow one or an overly broad NSA one), why on earth would the court order/warrant not demand that they decrypt your email to show them, too?
All of these are good points. You make a strong argument that there might be little need for a web interface.
A few other thoughts, though:
- You could still do spam filtering, of course. If it scores highly as spam and the user trusts the spam filtering, it could be deleted or moved into a likely spam folder. (I'm assuming plaintext email is encrypted automatically right away.)
- If the encryption is handled on the client side, Google would NOT be technically capable of decrypting your mail. They would not be able to comply with a court order demanding they decrypt your mail. This is what the original version of Hushmail did, before they added the flawed later version that was exploited by FedGov in, if I recally properly, precisely the way you describe.
Maybe Google has a business relationship with the NSA. It's likely the reason Google hasn't added encryption and never will - the boss doesn't want it.
I don't get it when people keep repeating something like this. Google pushed a lot for adding TSL/SSL encryption between Google's servers and the client, to the point of inventing several performance improvements in TSL start-up. However they sure don't encrypt inside the client [note] and then sends it as a blob to server to storage, mostly because that's not really how webapps can work (for practical "can work" values). For example this wouldn't allow you to full-text-search all your own emails in gmail.
Moreover this would mean significant performance regression every time you would open up any Google web app, because the client would have to decrypt all data, without much help from indexes.
[note] Even encrypting and decrypting in the client would only help so much. It is likely they could be ordered to splice they data while in the client for any person of interest.
Cloud web apps simply requires a legal system that respects peoples' data.
