March 2, 2023

Google has added an additional layer of security to Gmail and Calendar services by introducing client-side encryption. This means that when you send an email or create a calendar event, the information is encrypted on your device before being sent to Google’s servers. This way, even if the data is intercepted during transmission, no one will be able to read it.

End-to-end encryption is provided by this new feature to protect user data from potential data breaches and unauthorized access. It is important to note, however, that this feature is not enabled by default and must be activated manually by the user.

Data is encrypted on the client device before being sent to Google (via HTTPS). Only on an endpoint machine with the same key as the sender can the data be decrypted. This provides an additional benefit because the data will be rendered unreadable by any malicious Google insiders or hackers who manage to compromise Google servers.

Client-side encryption, abbreviated as CSE, was already available for Google Drive, Docs, Slides, Sheets, and Meet for users of Google Workspace, which the company sells to businesses. Google will begin rolling it out to Gmail and Calendar Workspace customers on Tuesday.

Client-side encryption is a catch-all term for any type of encryption used on data before it is sent from a user device to a server. In contrast, with server-side encryption, the client device sends the data to a central server, which then encrypts it while it is stored using keys in its possession.

While client-side encryption adds an extra layer of security, it may limit some Gmail and Calendar features. Searching for specific emails or events, for example, may be difficult because the data is encrypted on the user’s device. It may also be incompatible with third-party apps that require access to unencrypted data.

The sources for this piece include an article in ArsTechnica.