Gmail announces email encryption, for some users
On Friday, 18 December, Google announced that client-side encryption for Gmail was now available in a beta-testing format. Which is great news, but the majority of its 1.8 billion users are likely to be disappointed. The clue is where that announcement was made: the Google Workspace official updates feed.
Who can use the new Gmail encryption feature?
You can only apply to sign up for the email encryption beta if you are a user of Google Workspace Enterprise Plus, Education Plus or Education Standard. All other types of Google Workspace accounts are not eligible to get client-side encryption, according to the Google posting. Nor, sadly, are users of personal Gmail accounts. The Gmail client-side encryption (CSE) feature will also only work with web browsers, like most of the other Google Workspace services that are CSE-enabled.
There is no indication when or even if the eligibility criteria will change.
Is Gmail getting end-to-end encryption?
It’s also important to note that the Google statement doesn’t once mention end-to-end encryption (E2EE) but, rather, refers to client-side encryption. A Google Workspace help page states that this means “content encryption is handled in the client’s browser before any data is transmitted or stored in Google’s cloud-based storage.” This is not the same thing as most people think of as end-to-end encryption, where the encryption/decryption keys are only known to the sender and recipient. With the Google implementation, the client-side decryption keys are created by a cloud-based key management service, with a choice of six partner organizations at the moment.
As Google has stated, “using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers.” This is, undoubtedly, a good thing, as is the fact that organizations retain control over their encryption keys and have a range of identity service providers to choose from. However, while Google servers won’t be able to decrypt the data and access your encrypted email content, the organization administrator will be able to. This doesn’t mean that Google’s CSE implementation is bad, but organizations and users should be aware that it does mean something different from the end-to-end encryption people might be expecting.
Gmail encryption beta applications being accepted in coming weeks
Google’s client-side encryption is already an option, web browser only, for Workspace users of Google Drive, Google Meet, and Google Calendar. Google has said that it expects to start accepting applications for the Gmail encryption beta and enabling the service “over the next several weeks.” Once accepted, admins will have to enable the feature by using the following settings for both domain and group levels: Admin console | Security | Access and data control | Client-side encryption.
Gmail encryption for the rest of us
Mailvelope brings Gmail encryption to everyone
Meanwhile, ordinary Gmail users who don’t qualify for the client-side encryption beta can use ‘confidential mode’ which offers some privacy measures, although not an encryption feature as such. What it does do is add expiry dates after which the message can’t be read, as well as SMS-delivered codes required to open an email. Confidential mode can also disable the option for the recipient to forward, download, copy or print the message. For end-to-end encryption, you can use an OpenPGP browser plug-in such as Mailvelope which makes the privacy process as painless as possible.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
