Ephemeral Gmail Is Still Missing the Point
Half Measures Still Get Us Nowhere
By Chris Howell, Wickr CTO
It has been a tumultuous year for data protection. From end users to policy makers across the world, we seem to be asking all the right questions to reclaim our privacy. Yet, in the absence of business incentive to change, half measures are the best we are getting out of the global data companies.
Take Google’s latest addition of confidential and ephemeral messaging mode in Gmail. On its face, it’s a laudable step forward, and one that could perhaps restore some faith in email, a method of communication that has been virtually abandoned by anyone seeking meaningful security. In reality, it delivers something that is at best a superficial data control feature and at worst misleading security assurance for users whose personal and business data require real protection.
What drives the worst case? The problem is, from what is known about the implementation at the moment, there seems to be large gap between what these features appear to do and what they actually do to secure user data, and this gap is likely lost on the average user.
For instance, it appears that senders can now require a recipient to enter a passcode to view their message. You would think this means that the message’s confidentiality is ensured from the time you click send to the time the recipient enters the passcode — but it doesn’t. Google manages the passcode, which in very large and important ways practically defeats the purpose of having it in the first place.
Senders can also now limit the time their messages are viewable by recipients. You would think this means you send the message, the recipient reads it, and not so long later — it’s gone, but it isn’t. In fact, virtually nothing has changed. The message sits in the same place (i.e., Google servers), for the same amount of time (i.e., indefinitely) that it would have if you sent any other email. Only the recipient’s access to the message appears to be revoked, which doesn’t mean much because the sender’s access is unaffected.
As evident from countless breaches, including the 2016 Presidential campaign incidents, email is a very risky place to share valuable information. Most email providers still process and attempt to protect our content server-side — some to monetize user messages, some to enable AI-powered spam filters. What happens to data is largely outside of users’ control or even awareness.
Having watched our industry attempt to solve security issues for nearly two decades, it is clear that short-term fixes and half measures are the default. Companies keep adding duct taped seatbelts to technology moving at incredible speed when what we really need are the state-of-the-art airbags designed to protect by default.
Clearly, it may take even larger security incidents than what we have seen to date to set off a large-scale shift in how our data is protected by service providers. With changes like the new features in Gmail, my concern is that the average user can’t distinguish between what they are and what they appear to be. The false sense of security they provide might just be worse than having no security at all. Mostly, I’m concerned to see the important security promise implemented with half measures. The problem with half measures for security features is that they end up a lot like rope guardrails on a mountain pass — they look like they’re there to keep you on the road, but all they really do is mark the spot where you drive off the cliff.
