What is Client-Side Encryption (CSE)?
Client-side encryption involves encrypting data on the client side (i.e., on the user’s device) before it is sent to the server. Therefore, by encrypting the data on the user’s device before it leaves, CSE makes it much harder for anyone to intercept and read the contents of the email. Google allows users to keep control over their encryption keys and the identity service to access those keys. However, CSE has some limitations. It does not encrypt the email header, including the subject, timestamps, and recipient list. Additionally, CSE does not support certain features, such as Smart Compose, confidential mode, multi-send, and emojis. Currently, CSE is only available on the mobile app for iOS and Android devices. Google has already implemented CSE for several of its other services, including Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (in beta). Therefore, the expansion to Gmail was the logical next step, as emails are a critical communication tool for many businesses and organizations.
To use CSE, end-users can click the new padlock icon next to the Cc and Bcc tags in any message sent through Gmail, both internally and externally. This will bring up a new window with a “Turn on” button, which will allow users to enable the feature and send sensitive data in the body and attachments with additional protection.