Gmail users have long enjoyed some e-mail protections. In 2010, Google made a secure connection between Web browsers and Google's own servers the default, so that when users hit "send," attackers couldn't snoop on the message as it traveled from their computer to Google's network. Now, that encryption will also apply to the links between Google's data centers, meaning that so long as Google is in possession of the e-mail, it will be traveling securely. A Google spokesperson tells me this change is a result of a wider effort to secure the links between company data centers — a move it announced in the early backlash against the NSA.
But even with all those measures, it still doesn't mean that your e-mail is completely private.
For instance, Google routinely serves you ads based on what's in your messages. To do that, it has to be able to understand them. That means somebody — if not a human, then at least a machine — has access to the text of your Gmails. Encryption here doesn't mean your note to Mom turns into gobbledygook nobody can read.
Another key point is that as soon as your e-mails leave Google's network, they lose the protections that Google applied to them. It's like leaving your castle and embarking on a journey that involves dark roads where your horse-drawn carriage can be waylaid and searched by ruffians en route.
At the risk of taking that metaphor too far, two friendly castles could agree to communicate by underground tunnels instead of carriage, which would make their messages much more secure.. The problem is, not every e-mail provider has agreed to support the technology that's required.
So, to make absolutely sure that your e-mails are fully shielded — even if your recipient is using a different e-mail service — encrypt your e-mail yourself, and make sure your friends do, too. It's easier to set up than you think.