Does Gmail’s ‘Confidential Mode’ Offer a False Sense of Security?
July 24, 2018
Throughout July, Google has continued rolling out its Gmail and G Suite refresh to its paid users. The updates include many new and intuitive features to Google’s interface, including an automated “smart reply” option (similar to LinkedIn messaging’s predictive replies) and reminders to reply to emails that are a few days old.
Also included in the Gmail refresh is a feature called “Confidential mode,” which Google claims will protect sensitive information by allowing you to set limits on what the recipient of your email can do with it. This includes setting a self-destruct date, requiring a passcode and removing the option to have your email forwarded.
Confidentiality is paramount to professional communicators, and while embargoes are hard to enforce, Google’s new Confidential mode positions Gmail as a top tier security safeguard. The problem with these new security features, says leading digital digital privacy nonprofit the Electronic Frontier Foundation, is that they offer users brittle security measures that can easily be breached.
“At best, the new mode might create expectations that it fails to meet around security and privacy in Gmail,” writes the EFF. “And at worst, Confidential mode will push users further into Google’s own walled garden while giving them what we believe are misleading assurances of privacy and security.”
The EFF reminds us that, even in this mode, your Gmail messages are not end-to-end encrypted, a standard of secure correspondence wherein the system encrypts correspondence for everyone but the sender and recipient. This means that Confidential mode emails are still not shielded from Google itself.
In place of end-to-end encryption, Google uses a much less secure process called “Information Rights Management”(IRM) that was developed by Microsoft more than a decade ago. On top of this, there is nothing in Google’s new interface preventing users from taking a screenshot of a message before it expires.
Expiring emails still stick around for a while in your “sent” folder, too, meaning they don’t really expire at all. “This Google ‘feature’ eliminates one of the key security properties of ephemeral messaging: an assurance that in the normal course of business, an expired message will be irretrievable by either party,” writes the EFF. “Because messages sent with Confidential mode are still retrievable—by the sender and by Google—after the ‘expiration date,’ we think that calling them expired is misleading.”
As more of our online activity is expedited with new automation and machine learning tools, communicators would do well to remember that not all new products and services we’re being pitched deliver on their stated goals. While paid customers still have plenty of solid reasons to continue using Google’s Gmail and G Suite products, Confidential mode has a long way to go before it delivers on the secure solutions it promises.
Follow Justin: @Joffaloff