If you use Gmail for business and regularly send messages with sensitive information, did you know it may not be safe?
Google now says 40 to 50 percent of Gmail sent to recipients on another email provider aren’t encrypted end-to-end. This means there’s no way to guarantee that only the recipient of your emails sees your message.
In a post on the official Google Blog, technical lead for the Gmail Delivery Team Brandon Long explains:
“Gmail has always supported encryption in transit by using Transport Layer Security (TLS), and will automatically encrypt your incoming and outgoing emails if it can. The important thing is that both sides of an email exchange need to support encryption for it to work; Gmail can’t do it alone.”
Fortunately, Google is planning a new feature the company says will make sure only the people you email are reading your messages…when it’s ready.
Called simply End-to-End, this Chrome extension will eventually let those using Gmail get extra protection for their messages. On the Google Online Security Blog, Security and Privacy Product Manager Stephan Somogyi writes:
“End-to-end” encryption means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.”
Though Somogyi says end to end encryption in email has been around for some time, he adds that the Gmail version should require less technical know-how to use.
Google says the new Gmail End-to-End encryption extension is still in its alpha phase and must be thoroughly tested by the Google community before being available for download in the Chrome Web Store.
Once the Google team feels it is ready for “prime time” however, Somogyi says it should be able to send and receive encrypted messages through any Web-based email provider, not just Gmail.
Google Photo via Shutterstock
Aside from a security risk, I have always wondered if Google reads our messages. I know some people try to game the system by hiring people and the conversation usually happens in the e-mail. I had a client who felt apprehensive uploading a file on Google docs because of this. I don’t know if it can happen though.
It’s a step in the right direction and I’m excited to get it. However, it won’t do much to comfort people when they continue to see ads in their Gmail that show Google obviously parsed (“read” to most people) their email.
I’m skeptical about why Google mentioned non-encrypted emails – including the percentage; their timing in bringing the topic up.