After tests launched in December, client-side email encryption is extended to many more accounts. But the general public does not (yet?) have access to it.
After the tests, place to the general deployment. In a blog post published on February 28, 2023, Google announces that the functionality to encrypt client-side email directly on Gmail is now available for all eligible accounts. However, this does not concern all Internet users with a webmail mailbox.
Here, it is individuals with access to the Enterprise Plus, Education Plus and Education Standard versions, as part of Google Workspace, who are concerned – the same profiles as those in the test launched from December. In short, the option is aimed at organizations that use Google’s productivity tools (including Gmail, Calendar, Drive, Meet, etc.) for their activities.
Encryption in transit, at rest and also on the client side
With client-side encryption, it is the Internet users themselves who manage the encryption and decryption operations, as well as the cryptographic keys. In this context, even Google is not able to know what these emails contain, which provides an additional layer of security and confidentiality. The Mountain View firm does not have access to the keys.
This security is in addition to the measures that Google already offers routinely, with encryption in transit (i.e. encryption while the mail travels on the net) and encryption at rest (encryption on Google’s servers ). In both cases, it is Google that provides security here, by generating and managing the corresponding keys.
It is currently unclear whether Google is ever planning to extend this client-side encryption to everyone. This option requires prior configuration which could be an obstacle for people who have no particular ease with the computer tool. It is true that the step to be taken to encrypt your emails from end to end is a bit high.
Still, that’s the point of the story. Google has, since 2010, made sure to regularly improve Gmail’s security for data encryption — in transit, at rest, and, perhaps one day, end-to-end. In 2014, the company was already considering this option, after Edward Snowden’s revelations about mass surveillance and the activities of the NSA.
On the instant messaging side, end-to-end encryption is much more widespread. WhatsApp and Signal offer it by default. Telegram or Messenger, optional. Even Google got into it with Messages, since 2021.
Subscribe to Numerama on Google News to not miss any news!