Gmail hit the news on Friday when Google announced it is extending client-side encryption — already available on Google Drive, Google Docs and other products — to its email service.
Users of Google Workspace Enterprise Plus, Education Plus and Education Standard customers are being invited to apply for the beta.
Why should they bother? Because “client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers,” Google says. “Customers retain control over encryption keys and the identity service to access those keys.”
Observers note that Google’s announcement comes only days after Apple announced new security measures. (The Google post contains an apparent typographical error — it says users have until January 20, 2022 to apply for the beta. The actual date is January 20, 2023).
"Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs," it says.
End users are advised to do the following: “To add client-side encryption to any message, click the lock icon and select additional encryption, and compose your message and add attachments as normal.”
The impact on email marketing is not yet clear — it would seem that few brands send emails that would need to be encrypted.
But the move could foster compliance in the face of galloping privacy concerns.
Moreover, transactional emails with personal information can easily be encrypted.
Encryption is not yet being extended to individual account holders.
Google notes that “Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities, Google states. “Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs.
How does it work? “You can use your own encryption keys to encrypt your organization's data, in addition to using the default encryption that Google Workspace provides,” Google advises Workspace users.
It continues: “With Google Workspace Client-side encryption (CSE), content encryption is handled in the client's browser before any data is transmitted or stored in Google's cloud-based storage. That way, Google servers can't access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally”.
Client-side encryption had also previously been offered to Sheets, and Slides, Google Meet, and Google Calendar (beta).