Viewing a single comment thread. View all comments

uhoreg t1_j0qs6mx wrote

Google calls it "Client-side encryption" and distinguishes it from "end-to-end encryption". It works differently from what most people would expect from end-to-end encryption. From their support entry:

> How is CSE different from end-to-end (e2e) encryption? > > With end-to-end encryption (e2e), encryption and decryption always occur on the source and destination devices (such as on mobile phones for instant messaging). Encryption keys are generated on the client, so as an administrator, you don't have control over the keys on the clients and who can use them. In addition, you don't have visibility into which content users have encrypted. > > With client-side encryption (CSE), encryption and decryption also always occur on the source and destination devices, which in this case are the clients' browsers. However, with CSE, clients use encryption keys that are generated and stored in a cloud-based key management service, so you can control the keys and who has access to them. For example, you can revoke a user's access to keys, even if that user generated them. Also, with CSE, you can monitor users' encrypted files.

(emphasis added)

One main practical difference is that organization admins seem to have access to the keys, and so can read everything.

205

The-Brit t1_j0qv9zj wrote

>One main practical difference is that organization admins seem to have access to the keys, and so can read everything.

A handy government back door then? If so, why bother?

62

beef-o-lipso t1_j0r0f3r wrote

Pretty sure CSE is limited to the paid Gmail for business and not the free consumer Gmail.

Businesses use key escrow so that they can recover emails sent through their system. Usually for things like recovery of data, or to comply with regatory requirements such as the US SEC requiring covered financial companies storing all communications.

Businesses doing key escrow should be storing only the keys used for encryption and not the private keys for signing emails and other things.

81

cowmonaut t1_j0r334h wrote

You are correct, CSE is a feature of Enterprise/Education versions of Gmail.

31

Pomnom t1_j0smyhr wrote

That's no difference than current situation? Assuming that google encrypt all Gmail data anyway and the key is accessible to the org administrator should they ever need to assess the emails

3

beinghumanishard1 t1_j0w0sma wrote

Dude what are you talking about? Its not a back door, it’s just access for business owner to manage their organizations emails. If you don’t have this feature no business what would use it, otherwise their employees could send emails the business cannot audit.

1

BamBam-BamBam t1_j0rs6el wrote

So it's end-to-end encryption with key escrow.

EDIT: so there are some interesting comments below, and some important distinctions made.

54

palox3 t1_j0tvtep wrote

end-to-several_ends encryption :)

18

pittaxx t1_j0u0o65 wrote

Hardly end to end at all, if Google can read them, and it seems they can.

(Yeah, I know that you are technically correct, but it's not an arrangement that people would generally put in the same category as e2e.)

7

chiron_cat t1_j0wpghm wrote

So it's totally not encrypted because Google can still read everything

2

[deleted] t1_j0r1bag wrote

[deleted]

−7

cowmonaut t1_j0r2tap wrote

No. Your employer gave you a key to your office, but they can take it away when you get fired.

This is a feature for Enterprise/Education versions of Gmail, not the publicly available service.

28