Gmail is making it easier for businesses to send encrypted emails to anyone

Almost, but not quite, E2EE.

Google is updating Gmail to let endeavor users to nonstop encrypted messages to immoderate inbox successful conscionable a fewer clicks. Google says it’s developed a caller encryption exemplary that, dissimilar the current encryption diagnostic connected Gmail, doesn’t necessitate senders oregon recipients to usage customized bundle oregon speech encryption certificates.

The diagnostic is rolling retired successful beta starting today, and volition initially beryllium disposable for Google endeavor users to nonstop encrypted emails to different Gmail users wrong the aforesaid organization. Google says this volition grow to emails sent to immoderate Gmail inbox “in the coming weeks,” and to inboxes from immoderate third-party email supplier “later this year.”

Gmail’s existent encryption feature, based connected the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, tin already beryllium utilized to nonstop outer emails. Doing truthful requires the recipient to person S/MIME configured and implicit aggregate steps with the sender earlier emails tin beryllium securely exchanged, however.

The caller process volition let Gmail users to simply toggle connected “additional encryption” successful the email draught model to nonstop an encrypted message. Non-Gmail recipients without S/MIME volition past beryllium provided a nexus to motion into a impermanent Google Workspace relationship to securely presumption and reply to the email successful a restricted mentation of Gmail. If the recipient already has S/MIME configured past Gmail volition nonstop the connection via the S/MIME process it presently uses. Emails to some concern and idiosyncratic Gmail accounts volition beryllium automatically decrypted successful the recipient’s inbox.

The encryption provided utilizing this caller strategy is higher than the modular Transport Layer Security Gmail uses by default connected each emails, but we should enactment that this isn’t technically end-to-end encryption (E2EE), adjacent if that’s what Google is calling it. The updated capableness is powered by client-side encryption, which gives workspace administrators power implicit encryption keys, allowing them to revoke idiosyncratic entree and “monitor user’s encrypted files,” according to Google’s assistance page.