“The idea is that it doesn’t matter, at any time and in any way Gmail never has a real key. Never,” Google Work Space Product Manager, Julian Duplent told ARS. “And we never have a disciplined content. It’s just happening on this user’s device.”
Now, about whether it forms the real E2EE, it is not at least likely under strict definitions that are commonly used. For cleansers, E2EE means that only the sender and the recipient have the necessary means to encrypt and discontinue the message. This is not the case here, because the key to the people inside the Bob organization who has deployed and managed the KACL is the real custody of the key.
In other words, the original encryption and discipline process is on the closing user devices, not on the organization’s server or anywhere between it. This is the part that Google says is E2EE. The keys, however, are administered by the Chapter Organization. Admins with full access can print communication at any time.
The method of making it all possible is what Google calls CSE, short for Client side encryption. It provides a simple programming interface that smooth the process. So far, CSE has worked with S/Mime only. What is new here is a procedure for securing a balance key between Bob’s organization and Alice, or wants to email another chapter.
The new feature is of possible importance to organizations that must comply with strict rules and regulations to make the expiry of the end. This is definitely not a suitable fit for users or anyone who wants the only control over their sent messages. Privacy supporters, note.