CSE is similar to the end-to-end encryption (E2EE) already utilized by platforms like Signal, Zoom, and WhatsApp to quell data privacy, cybersecurity, and regulatory concerns. The key difference between CSE and E2EE is the latter does not involve an administrator and does not transmit encryption or decryption keys to a third-party cloud-based key management service. For now, Google has said CSE is only available for enterprise beta testers until Jan. 20, 2023, for Google’s Workspace Drive, Calendar, and Meet as well as Education Plus and Education standard services. The development might mean that CSE will come to personal Gmail accounts in the future.
CSE for Workspace Services Available to Beta Testers
Google explained that CSE technology locks user data in the browser before it touches the Google cloud. “With Google Workspace Client-side encryption (CSE), content encryption is handled in the client’s browser before any data is transmitted or stored in Google’s cloud-based storage. That way, Google servers can’t access your encryption keys and decrypt your data.” However, CSE will be communicating with Google’s partner key management services FlowCrypt, Fortanix, FutureX, Stormshield, Thales, and Virtru. CSE will ensure that email bodies, as well as attachments, cannot be read by Google’s servers. “Customers retain control over encryption keys and the identity service to access those keys,” Google said. Although, Google did not say whether data such as email headers, recipient lists, and subject line text will be covered by CSE. Google added that CSE is already available for Google Workplace Drive, Docs, Sheets, Slides, Meet, and Calendar in its beta version. The service will not be available for Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, Nonprofits, legacy G Suite Basic and Business customers.
How Workspace Beta Testers Can Enable CSE
Once Workspace users join Google’s beta testing program, they can enable CSE via the Admin console. In the console, users must select “Security” followed by “Access and data control” and finally enable “Client-side encryption,” which is disabled by default. To add the feature to enterprise Gmail, users can click the lock icon when composing a message and then select additional encryption. The race for end-to-end encryption will undoubtedly resolve long-standing regulatory burdens on the tech industry, not to mention give users a better sense of privacy and cybersecurity. This month, Apple revealed a host of new security features to protect users’ privacy involving contact key verification. Meanwhile, Twitter’s CEO Elon Musk has been calling for end-to-end encryption on direct messages since April, while Meta delayed E2EE to 2023 for its apps. While personal Gmail account users cannot yet benefit from CSE, you can still fine-tune your Google privacy through our guide to Google Privacy Settings, or even take a look at the best alternatives to Google’s services while you wait.