Gmail’s New Encryption Can Make Email Safer—Here’s Why You Should Use It

There's a new way to protect your Gmail from prying eyes, and experts say it's well worth taking advantage of the feature.

Google said it's adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain. End-to-end encryption is vital for any communications service because it allows only the sender and receiver(s) of messages to see the content, Jeff Wilbur, the senior director of online trust at the nonprofit Internet Society, told Lifeire in an email interview. 

"This means that the message content can be seen by bad actors or rogue employees and is subject to access by law enforcement under warrant," Wilbur added. "With end-to-end encrypted email, only the sender and recipient(s) have the key to unscramble the data, so it is safe from prying eyes of any kind."

Safer Messages

Client-side encryption (which Google calls E2EE) is already available for Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar users. Now, if you enable the new encryption, Google says data delivered as part of the email's body and attachments can not be decrypted by Google servers, however, the email header will not be encrypted.

"With Google Workspace Client-side encryption (CSE), content encryption is handled in the client's browser before any data is transmitted or stored in Drive's cloud-based storage," Google wrote on its support website. "That way, Google servers can't access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally."

In a genuine end-to-end encrypted messaging service, these two ends are the sender's and the receiver's devices—also known as device-to-device encryption, Anurag Lal, CEO of the cybersecurity company NetSfere, said in an email interview with Lifewire. He noted that this form of encryption is safer because once messages are encrypted on the sender's device, they cannot be decrypted until it reaches the receiver's device, ensuring that only the intended recipient has access to the messages. 

"While traversing the internet, a message may take several hops from server to server before reaching its final destination," he added. "True E2EE ensures that the message cannot be decrypted on any of these hops, thereby providing complete protection. It should be noted that in E2EE, the ends can refer to any two endpoints. Therefore it's essential to know what these endpoints are to understand if your messages are truly protected."

Private Data

If you aren't a Gmail user, other email services offer end-to-end encryption. Robert Andersen, CEO of data security firm Grape ID, told Lifewire over email that people can use PGP encryption to encrypt their own emails, but there are also email providers that focus on email encryption, like ProtonMail and Virtru. He also said his own company offers an "add-on" encryption service that people can add with an existing email provider.

"Sadly, implementing PGP encryption typically requires significantly more effort than most people are willing to put forth (watch online training videos)," he added. "ProtonMail is a good solution for those who don't mind changing email providers and paying a subscription."

End-to-end encryption is "essential" for emails to ensure confidentiality, Kory Fong, vice president of engineering at Private AI, told Lifewire via email. This method is the only way to be certain that just the sender and the recipient can view all the information contained within that email. 

"So even the email provider that controls the servers can't see what's in the messages," he added. "Generally, email services like Gmail will encrypt your email in transit, but Google itself can still access the content and even give access to third parties, but won't without explicit consent."

Fong said that ProtonMail is the most well-known provider that offers end-to-end email encryption, even in its free tier. "The company uses asymmetric, zero-access encryption, meaning even ProtonMail itself can't read what's in your emails," he added.

Another approach for extra privacy-conscious users is to share a public key with other parties and encrypt their mail with the private key by default. "Software like GPG Suite and other GPG plugins make this easy to use," Fong said.

Whichever option you choose, E2EE for email is important because email is the gateway to your entire online identity and data, Andersen said. 

"Email provides centralized access to all of your online accounts, and your 26,000+ tracked digital profile attributes could easily get in the wrong hands leading to hundreds of types of fraud and scams," he added.