Generally speaking, email is pretty confidential already and it’s easy on Mac or Windows to encrypt a file before you send it along, whether it’s a photo, Word document or even a folder full of spreadsheets from the lab. But there are a lot of steps, and having email that can’t be forwarded or printed and self-destructs in a specified amount of time, well, that’s like something out of Mission: Impossible, right? Very cool.
Now the bad news: Turns out that it’s really almost impossible to completely protect communication, even if it’s encrypted with top military grade encryption. One simple reason is that if I can see it on my screen, I can capture it or even take a photo of my computer – or mobile device – screen to subsequently share it with others. Still, much of security is making things more difficult to overcome than people’s willingness to circumvent security (like having a lock on your front door while there’s a big window two steps away), and in that sense Gmail‘s new “Confidential” mail feature is pretty interesting.
First off, let’s see how to send confidential mail. It’s pretty easy. We’ll start with this simple template to our pal Jim Phelps of the IMF:
Definitely a message that deserve a self-destruct feature! Turns out that the capability is all ready to go, just hidden along the bottom row of icons in the compose window. Let’s have a closer look:
As you can see, it’s the icon with the clock superimposed on top of a padlock. A click and you can see what Confidential Email in Gmail lets you do:
The two basic features of Confidential mode in Gmail are setting an expiration date for the message and requiring a passcode (set by Google and generally using SMS text messaging to ensure the recipient is who you think they are). Easy to work with in both cases.
But what about the other side, the recipient? I asked my friend Dan from MI5 to send me a message with an expiration date sent, and here’s what I received:
Notice that the expiration – May 28, 2018 – is simple and overt. But what else can you do with the message? Obviously you can take a screenshot as the image above demonstrates!
What about printing? Here’s what appears if I try to print this particular confidential message:
That’s the same thing you’d see if you tried to forward it or reply to it but then change recipient email address. Let’s try it, though, by responding to Dan and my NSA colleague Lamar, who will undoubtedly be curious about our discussion too. The composing message looks like this, though:
Not much revealed, but what does Lamar actually see when he receives the message? This:
As you’d hope, he can’t see the original message to which I’m replying but this message has retained its expiration date, as shown on the top right (not on the bottom of the message body, however, which is a bit random).
So it’s not perfect, but if you’re worried about people reading your email messages, this could be a step towards gaining more confidentiality. Do remember that the subject is visible even if the message body isn’t, so a subject like “best indictment docs from recent raid at 123 Main Street” is probably not so good. 🙂
Disclosure: I did not, of course, involve anyone from the IMF [Impossible Mission Force, not International Monetary Fund!], MI5 or the National Security Agency. Just in case it’s not obvious. 🙂
