Google to Introduce End-to-End Gmail Web Encryption

Google to Introduce End-to-End Gmail Web Encryption

Google is preparing to bring end-to-end encryption (E2EE) to Gmail accounts accessed via web browser—but not everyone will get to enjoy the new feature. According to an announcement from Friday, only Google Workspace users will experience new E2EE email protections when they’re swapping messages back and forth.

Now through Jan. 20, Workspace Enterprise Plus, Education Plus, and Education Standard customers are able to apply for Google’s client-side encryption (Google’s term for E2EE) beta. The beta period will allow Google to touch up the new security feature before the official rollout. (Google didn’t specify when this would be, but it would be surprising if E2EE didn’t make a broader introduction sometime in 2023.) It’s unknown whether Google will eventually bring E2EE to personal Gmail accounts or to its remaining business and nonprofit customers.

Google to Introduce End-to-End Gmail Web Encryption

The update constitutes the first time Gmail has ever incorporated E2EE. Gmail currently uses transport layer security (TLS), which secures emails while they’re in transit as long as the receiving email provider can maintain a secure connection. For the average person, TLS provides a reasonable enough level of protection; for businesses handling customer information, product development plans, and other sensitive material, however, TLS isn’t always enough. Government officials, internet service providers, and skilled hackers can still access the contents of TLS-protected communications if they’re motivated enough, presenting what’s at best an extra source of stress.

Now Gmail will join Google Drive, Google Docs, Sheets, and Slides, Google Meet, and Google Calendar (the last of which is also under E2EE beta) in offering full encryption between two or more users. Google’s Gmail E2EE beta application page notes that users will need to turn on the feature once their application has gone through by accessing the administrative console. Once E2EE has been turned on, users will have to choose to encrypt individual emails by clicking the lock option in the top right corner of their draft, then clicking the “Turn On” button. Google’s client-side encryption will encrypt the body of an email and any attachments, including inline images. Email subjects, timestamps, and recipient lists won’t be encrypted.

Continue reading

Australia Becomes First Western Nation to Ban Secure Encryption
Australia Becomes First Western Nation to Ban Secure Encryption

Australia now requires tech companies to build mandatory backdoors into their products, to be accessed at government demand, with no judicial review.

The CIA Secretly Ran One of the World’s Largest Encryption Firms for Decades
The CIA Secretly Ran One of the World’s Largest Encryption Firms for Decades

Most of Crypto AG's 62 customers never suspected anything was amiss, but a new report from The Washington Post and German broadcaster ZDF reveals that Crypto AG was actually owned by the CIA and West German intelligence (BND).