Google introduces end-to-end encryption for Gmail

End-to-end encryption is something we generally take for granted. Concerns around data privacy and security have steadily grown over the years, as the world becomes increasingly interconnected. After Meta offered end-to-end encryption on WhatsApp back in 2016, and Apple having recently introduced end-to-end encryption on iCloud, Google has jumped on the bandwagon. It has now introduced what it calls “end-to-end encryption” for Gmail on the web.

What can the encryption do and who can use it?

The update, which is currently in its beta stage, is available to workspace users with Enterprise Plus, Education Standard, and Education Plus accounts. They can fill out an application to test the feature though Google’s support center. Once initiated, no sensitive information in the form of email bodies, attachments and inline images can be decrypted by Google’s servers. However, Google will not encrypt the header of the email, including subject, timestamps, and recipients list.

ALSO READ: How to send confidential mails on Gmail?

The applications for the same, as per support center, will be open until 23rd January. Once access is given, users will be able to turn on/ off the encryption via a padlock button on the side while drafting their email. Once enabled, it will disable features like signatures, emojis and, smart compose among others. The new client-side encryption will make user unreadable to any third person, even Google itself, meaning all sensitive data of users in the email with attachments will be more secure.

Is it really “end-to-end”?

It is important to note here, what Google is offering is client-side encryption (CSE). Encryption in this is not end-to end in the traditional sense. CSE is primarily meant for organisational use. That means, employees on an organisational Google suite system can send and receive emails across various other email carriers with safe encryption. However, the emails won’t be completely encrypted.

The system’s administrators can encrypt and decrypt data on Google services as they will have access to decryption keys. Your company therefore will be able to monitor all interactions between everyone hosted on its system. CSE only guarantees protection against a hack during the transit of an email. As a result, in its current form, CSE is only useful to those organisations that can generate their own decryption keys.