Google rolls out encryption on Gmail. There are conditions though

We are all aware of end-to-end encryption, thanks to WhatsApp. Most of us also understand the importance of it in the increasingly digital age, of hacking, and leaks. Now, Google has announced that it is extending encryption services to Gmail, the one email that the majority of us use. But there are terms and conditions added. 

Wait a second, Gmail doesn't have encryption for emails and we are in 2022? Did you also think it should have been the norm ages ago? We thought so too!

None of us want our emails or messages to be read by anyone other than us and the person we send them to. For long, Gmail did not have this encryption protection and we all just had and have blind faith in the all-mighty Google. 

Google on Friday rolled out what is called client-side encryption for Gmail. Unfortunately, it hasn't yet been rolled out for personal accounts. Looks like it will take way longer than 2022 or even 2023 for that to become a reality.

So, what is client-side encryption (CSE)? First of all, it is not end-to-end encryption, like that of WhatsApp; which Google is offering. And the client-side encryption service is still in beta mode. 

• Currently, the service is only available to users of Google Workspace Enterprise Plus, Education Plus, and Education Standard, not personal accounts.
• CSE is meant for organisational use, where the company administrators can encrypt and decrypt data on Google services. 
• Employees on the organisational Gmail system can send and receive emails across various other email carriers with safe encryption. 
• It means that the service provider, like Google servers, cannot read the emails. Hence, providing protection from any hacking attempt at any level (be it during the transit of the email or at the start or end).
• However, the organisation will have the decryption key, which means only the company will be able to see all the interactions between everyone hosted on its system. 

• In comparison, end-to-end encryption works on an individual level where only the sender and the receiver can decrypt the message and no one else. 
• Currently, this service is only useful to those organisations that can generate their own decryption keys, meaning it is likely to benefit IT companies.

What will be encrypted? The email body, attachments, and inline images will be encrypted in the services. 

• However, the subject or header of the email, timestamps, or recipient list will not be encrypted. 
• Users can apply for the beta version until January 20, 2023. Also, CSE for Gmail is available only for web use and is not yet applicable to the Gmail app. Google has promised to roll out the services for their mobile apps as well in the future. 
• Other than Gmail, CSE is already available for Google Docs, sheets, slides, drive, meet and calendar in various capacities.

Other alternatives: Currently, Gmail provides its users with what's called TLS (Transport Layer Security), where your emails are secure from snooping and hacking when it is in transit. 

• But the email is prone to hacking on Google servers once the message is successfully sent and received. 
• Some alternatives to Gmail are Proton Mail, FlowCrypt, or Hushmail. For those with iPhones, you can still use Gmail with the added protection like that of Proton Mail, in the Mail app on iOS.
• Speaking of iPhone, Apple has also rolled out end-to-end encryption for iCloud backups. You can get it with the latest software update. This means that anything you back up will also remain safe from hackers. 

Remember the case of Aryan Khan, Rhea Chakraborty and the leaked WhatsApp messages? Regardless of the case, Indians were wondering how it was so easy to retrieve personal chat data when WhatsApp is said to be end-to-end encrypted. 

Of course, other than the owner of the chats giving access, there was no other way of retrieving all that data. Except, there was another way - backups! If you are in the custody of the CBI or any other high-ranking government agency, it is likely that they will retrieve your phone's backups.  

WhatsApp backups are not end-to-end encrypted and vulnerable to hacking and snooping by whatever agency. But if you are an iPhone user, you are in luck with the latest end-to-end encryption rolled out for iCloud backups.