Watch out for Gmail’s new Confidential Mode

It’s easy and useful, but Google’s new ‘secure email’ is neither secure nor email.

Gmail
Cairo (Creative Commons BY or BY-SA)

Most email can either be secure or easy to use. You can have one but not both.

That’s why people are so excited about a new feature in Google’s Gmail. It’s called Confidential Mode, and it’s an easy way to make email more private.

Confidential Mode lets you add an “expiration date” to emails. Once that date arrives, the email is no longer viewable by the recipient.

Messages marked as Confidential can’t be copied, forwarded, printed or downloaded.

And you can revoke access at any time.

Sounds great, right? Well, not so fast. There are a lot of “gotchas” in the new Confidential Mode that you need to know about.

But first, here’s how to get and use it.

How to use Confidential Mode

First, make sure you get the new Gmail, which I highly recommend.

Venerable Gmail is now turbocharged by a list of handy features, including the ability to “snooze” emails, A.I. that “nudges” you to follow up on specific emails, and even SmartReply, which uses neural networking to give you three options for one-click replies — a feature that used to exist only on mobile but now lives in the browser version as well.

The new Gmail will even pre-emptively suggest when you might want to unsubscribe from newsletters or other subscribed content, based on its observations about what you open and what you don’t.

A feature called Hover Actions lets you gain access to options for handling an email before you even open it. You can archive, delete, snooze and do other things right there in the inbox by simply hovering your mouse pointer over the line.

Google Calendar, Keep and a to-do list called Tasks can be viewed on the right side of the inbox, if you like.

A Google Plus-like feature called Plus Mentions lets you cc: people from inside the body of the message. Just add a plus sign and start typing the person’s name. A dropdown menu of people will appear. Select a name, and it will be auto-completed in the email and also added to the cc: field.

The new Gmail has more great features as well. It’s the best version of Gmail ever by far.

To get it, click on the “gear” settings icon near the upper-right corner. The first menu item should be “Try the new Gmail.” Choose that option. (If you’ve already got it, you’ll see “Go back to classic Gmail.”)

Here’s how to use Confidential Mode. Click on the “Compose” button in the upper-left corner. You can write your email as you normally would, then click on the small icon at the bottom right that shows a clock in front of a lock. Here you can set the expiration for one day, five years or any of several durations in between, and also optionally choose to require an SMS passcode.

If you do choose the SMS passcode option, you’ll be prompted for the recipient’s phone number. The recipient will get the passcode, which remains valid only for five minutes.

Best of all, any email sent using Confidential Mode can be revoked at any time, regardless of what the expiration date was. Just open the email in the “Sent” folder and click “Remove access.” If you’d like to make it available again, choose “Renew access.”

Confidential Mode is great, but don’t get lulled into a false sense of security. It’s more private than regular email (which isn’t saying much). But it’s not as private as other forms of communication. And it certainly isn’t secure.

Why Google’s new secure email is neither secure nor email

Confidential Mode works by storing your email in a secure space on Google servers in the cloud.

When both sender and recipient use Gmail, the email appears normal. But recipients who do not use Gmail get a link for viewing the email in a browser.

The messages you send or receive via Confidential Mode are not actually email. The link is an email, but the message is an email-looking page on the internet that’s password-protected.

Emails containing the link can, in fact, be forwarded, but only the intended recipient can successfully open the link.

When someone gets one of these forwarded mails, they’re prompted for their Google login username and password to determine whether or not they’re the intended recipient.

This is problematic, because it invites link-baiting phishing attacks, which could con people into revealing their login information.

An easy-to-imagine phishing attack would say that a Confidential Mode email has been forwarded and can be seen by clicking on the provided link. Once the victim arrives on the linked page, a Google-like login page requests a Gmail email address and password. Once those are entered, the phishers can capture the information they need to compromise their victim’s Google account.

Good email encryption systems encrypt email on one end and decrypt it on the other, making it inaccessible even to the mail provider. The sender is in control until it’s sent, after which time the recipient is in control.

Google’s Confidential Mode does the opposite. Google itself has possession and control of the email at all times and grants or revokes access based on the choices of the sender.

In other words, Gmail Confidential Mode stores emails on Google’s servers, which are accessed via a URL link in an unencrypted message. And if you choose the more-secure passcode option, Google will also gain access to the recipient’s phone number.

Google hasn’t announced, nor do its privacy policies state, that emails and phone numbers will be deleted from Google servers after expiration. The safe assumption is that Google retains them indefinitely.

Google says Gmail Confidential email can’t be copied, forwarded, printed or downloaded, which isn’t exactly true. It’s easy to take a screenshot or photo of the email, which copies it, and that copy can be forwarded, printed or downloaded.

Also: Confidential Mode doesn’t work with attachments. If you attach something to the message and try to send using Confidential Mode, you’ll be prompted to choose between the attachment and Confidential Mode.

What about compliance?

Gmail Confidential Mode also raises a sticky set of issues around data retention compliance.

Enterprise employees using regular consumer Gmail may run afoul of requirements for the retention of company email.

Gmail in G Suite, on the other hand, enables compliance, but at the expense of user privacy. The company can use Google Vault to view emails, even after expiration.

So in an enterprise environment, standard Gmail breaks the law, while G Suite Gmail breaks the privacy.

What to make of Confidential Mode

Don’t think of Confidential Mode as secure email that’s easy at long last. Instead, think of it as a very easy way to maintain a little more control over the email you send.

Confidential Mode is more private than regular email, but it’s not secure.

I recommend that you use it, but knowingly and with caution.

Enterprise mobility 2018: UEM is the next step
  
Shop Tech Products at Amazon