The-Brit t1_j0qv9zj wrote on December 18, 2022 at 7:06 PM

Reply to comment by uhoreg in Google introduces end-to-end encryption for Gmail on the web by psychothumbs

>One main practical difference is that organization admins seem to have access to the keys, and so can read everything.

A handy government back door then? If so, why bother?

beef-o-lipso t1_j0r0f3r wrote on December 18, 2022 at 7:39 PM

Pretty sure CSE is limited to the paid Gmail for business and not the free consumer Gmail.

Businesses use key escrow so that they can recover emails sent through their system. Usually for things like recovery of data, or to comply with regatory requirements such as the US SEC requiring covered financial companies storing all communications.

Businesses doing key escrow should be storing only the keys used for encryption and not the private keys for signing emails and other things.

cowmonaut t1_j0r334h wrote on December 18, 2022 at 7:57 PM

You are correct, CSE is a feature of Enterprise/Education versions of Gmail.

Pomnom t1_j0smyhr wrote on December 19, 2022 at 2:41 AM

That's no difference than current situation? Assuming that google encrypt all Gmail data anyway and the key is accessible to the org administrator should they ever need to assess the emails

beinghumanishard1 t1_j0w0sma wrote on December 19, 2022 at 9:00 PM

Dude what are you talking about? Its not a back door, it’s just access for business owner to manage their organizations emails. If you don’t have this feature no business what would use it, otherwise their employees could send emails the business cannot audit.