Google to Introduce End-to-End Gmail Web Encryption
Google is preparing to bring end-to-end encryption (E2EE) to Gmail accounts accessed via web browser—but not everyone will get to enjoy the new feature. According to an announcement from Friday, only Google Workspace users will experience new E2EE email protections when they’re swapping messages back and forth.
Now through Jan. 20, Workspace Enterprise Plus, Education Plus, and Education Standard customers are able to apply for Google’s (Google’s term for E2EE) beta. The beta period will allow Google to touch up the new security feature before the official rollout. (Google didn’t specify when this would be, but it would be surprising if E2EE didn’t make a broader introduction sometime in 2023.
(Image: Google)
The update constitutes the first time Gmail has ever incorporated E2EE. Gmail currently uses transport layer security (TLS), which secures emails while they’re in transit as long as the receiving email provider can maintain a secure connection. For the average person, TLS provides a reasonable enough level of protection; for businesses handling customer information, product development plans, and other sensitive material, however, TLS isn’t always enough. Government officials, internet service providers, and skilled hackers can still access the contents of TLS-protected communications if they’re motivated enough, presenting what’s at best an extra source of stress.
Now Gmail will join Google Drive, Google Docs, Sheets, and Slides, Google Meet, and Google Calendar (the last of which is also under E2EE beta) in offering full encryption between two or more users. Google’s Gmail E2EE beta application notes that users will need to turn on the feature once their application has gone through by accessing the administrative console. Once E2EE has been turned on, users will have to choose to encrypt individual emails by clicking the lock option in the top right corner of their draft, then clicking the “Turn On” button. Google’s client-side encryption will encrypt the body of an email and any attachments, including inline images. Email subjects, timestamps, and recipient lists won’t be encrypted.
Now Read: