Google
has
announced
the
general
availability
of
client-side
encryption
(CSE)
for
Gmail
and
Calendar,
months
after
piloting
the
feature
in
late
2022.
The
data
privacy
controls
enable
“even
more
organizations
to
become
arbiters
of
their
own
data
and
the
sole
party
deciding
who
has
access
to
it,”
Google’s
Ganesh
Chilakapati
and
Andy
Wen
said.
To
that
end,
users
can
send
and
receive
emails
or
create
meeting
events
within
their
organizations
or
to
other
external
parties
in
a
manner
that’s
encrypted
“before
it
reaches
Google
servers.”
The
company
is
also
making
available
a
decrypter
tool
in
beta
for
Windows
to
decrypt
client-side
encrypted
files
and
emails
exported
via
its
Data
Export
tool
or
Google
Vault.
macOS
and
Linux
versions
of
the
decrypter
are
expected
to
be
released
in
the
future.
The
development
follows
the
rollout
of
CSE
to
other
products
such
as
Google
Drive,
Docs,
Slides,
Sheets,
and
Meet.
The
solution,
the
tech
behemoth
said,
is
aimed
at
reducing
the
“burden
of
compliance”
for
enterprises
and
public
sector
organizations,
ensuring
that
no
third-party,
including
Google,
can
access
confidential
data.
The
feature
is
globally
available
to
Workspace
Enterprise
Plus,
Education
Standard,
and
Education
Plus
customers.
It
does
not
extend
to
personal
Google
Accounts.
It
once
again
bears
repeating
that
client-side
encryption
is
different
from
end-to-end
encryption
(E2EE),
as
Google
Workspace
users
with
super
administrator
privileges
can
toggle
the
setting
on/off
and
have
control
over
the
encryption
keys
created.
It’s
also
different
from
Pretty
Good
Privacy
(PGP),
which
also
provides
the
benefits
of
CSE
via
public-key
cryptography
but
requires
users
to
exchange
keys
with
each
party
first
before
sending
an
email.
To
add
to
the
complexity,
it
passes
the
burden
of
creating
and
managing
the
keys
to
the
users.
The
integration
of
CSE
to
Gmail
is
the
newest
addition
after
Google
launched
a
confidential
mode
to
help
protect
sensitive
information
from
unauthorized
access
when
sending
messages
and
attachments.
About Author
