Google will now let business account users try end-to-end encryption (E2EE) for email, which will prevent even Google from seeing the contents of messages. It’s just like sending an E2EE message in WhatsApp, Signal, or iMessage in this regard. Despite the insecure nature of email in general, end-to-end encrypted mail is perfectly secure and a real boon to security. The problem is nobody uses it. “[Implementing] and using encryption can be challenging for some people, especially those who are not technically savvy. Encrypted email requires the use of digital certificates and keys, which can be confusing and intimidating to some users. This can make it difficult to achieve widespread adoption of encrypted email, even if it is technically possible,” technology advisor Stéphane Paquet told Lifewire via email.
Gmail Encryption
Once this feature is enabled, users of business accounts can click a padlock icon when composing an email, and it will be locked up tight until the recipient opens it. The feature will also come to Google’s iOS and Android apps. If you encrypt a message, you won’t be able to use Gmail’s Smart Compose, emoji, or a signature. Importantly, this is what’s called “client-side encryption,” meaning the admin of the account has the keys, not Google. There are already various encrypted email services, like ProtonMail, and all have the same problem: both the sender and the recipient must use the same service. It’s also possible to roll your own encrypted email over any email service, but again, the recipient must be set up to receive it. But this time, it might actually stick because Gmail is so big. It’s one thing convincing all your contacts to switch to ProtonMail, for example, but if they’re already using Gmail anyway, then theoretically, they don’t have to do anything to receive and read your email. Note that this is currently only available for business users, which makes sense as the business IT admin person can set this up for all users, keeping those juicy internal business emails secret. It may or may not come to private users’ accounts in the future, but if it does, you probably won’t want to bother.
Open Email
Email’s strength and weakness are that it’s open. Open in the nerdy software sense, in that anyone can build an email app or service, and they’re all interoperable. But also open like a door. While the connection between your email service and your computer might be encrypted, your email is not. It’s just a plain old message, viewable to anyone along the way. Think of it more like a postcard that can be read by the folks who collect, sort, and deliver it rather than a sealed letter they can’t see. If I encrypt an email with, say, Gmail, and send it to you, then how will you decrypt it? If you’re using a non-Gmail email address, you’ll have a useless lump of data in your inbox. Multiply this by the number of people you communicate with, and you’ll see the extent of the problem. Unless everybody uses the same encryption method and has it installed and enabled, everything grinds to an insecure halt. Also, even if you do successfully send an encrypted email, chances are it’ll end up decrypted and stored somewhere in a backup or on a non-secure computer. Which is fine. IMessage, Signal, etc., can be locked down because the vendor owns the whole chain. But the downside is you can’t send a Signal message to a WhatsApp user. The messages are in privately-owned silos, unlike email, which is distributed and open. “However, it’s strongly advised to NOT send sensitive information via email for this very reason. If sensitive information must be transmitted, it should be done over a secure messenger like Signal, Session, or Threema. WhatsApp does not fall into this category, as WhatsApp’s definition of end-to-end encryption may be fundamentally flawed,” Ashley Simmons, founder of avoidthehack, told Lifewire via email. In the end, I’ll take email as it is. I like that nobody can take it away from you and that it’s so flexible. You just have to remember it’s totally insecure and to never send sensitive information. If you do need to communicate securely, pick Signal, iMessage, or whatever encrypted messaging app your co-communicator uses. It’s either that or try to convince every email user in the world to set up encryption.