Many Email Providers Make Surveillance Too Easy

Billions of supposedly private e-mail messages a day flow through unsecured links, where they can be snared in digital dragnets operated by the National Security Agency and other intelligence services.

Recent revelations about NSA surveillance -- including a top-secret document discussing "collection of communications on fiber cables and infrastructure as data flows past" -- have highlighted the ease with which government eavesdroppers can exploit the Internet's infrastructure. Another classified document, which the Guardian published Thursday, mentions network-based surveillance of Hotmail servers.

Over the last decade or so, Web mail providers began to turn on encryption to armor the connections between users' computers and Gmail, Yahoo Mail, Hotmail and other services. That form of protection against surveillance, which typically appears in a Web browser as an "https" connection accompanied by a padlock image, is viewed as generally secure and is used by banks as well. Google has offered it since 2004, and Yahoo finally followed suit this year.

But during the next step, when those e-mail messages are transferred from one company's servers to another's, they're rarely encrypted.