UPDATE (May 7, 2018): Phishing Risks in Gmail’s New “Confidential Mode”
– – –
I’m a fan of Google’s new Gmail — after switching over I’ve never felt the need to switch back to classic Gmail, not even once ( “My Initial Impressions of Google’s New Gmail User Interface” – https://lauren.vortex.com/2018/04/25/my-initial-impressions-of-googles-new-gmail-user-interface).
An aspect of the new Gmail that has been getting a lot of attention relates to the various features associated with Gmail’s new “confidential” mode, which includes mechanisms that can enable some user-specified limits (with various provisos regarding their effectiveness in assorted scenarios) on how Gmail messages are handled locally and by recipients, including a kind of “email expiration” system, among other features. A good summary of confidential mode functions is at: https://mashable.com/2018/04/27/new-gmail-expiring-emails-confidential-mode on the “Mashable” site.
The features of confidential mode come with various positive attributes and a number of limitations, but for some users may also be something else — they may be ILLEGAL for them to actually use!
It doesn’t take rocket science to see why.
Many people who use Gmail (and/or correspond with persons who use Gmail) work in fields or for organizations that have legally-mandated data retention requirements — and these often include all email communications.
And it’s important to note that we’re not talking only about the Gmail users themselves. A non-Gmail user receiving a confidential mode email from a Gmail user would apparently only receive a link to the actual message on Google’s servers — and that message could vanish later depending on the Gmail user’s settings (the recipients would have no control over this). Yeah, users could always screenshot or photograph these messages, but the legal implications of suddenly vanishing messages are not necessarily particularly subtle ones.
While Gmail users in most instances have always had the ability to delete their own copies of emails, the ability to suddenly withdraw access to a sent email by a recipient on both Gmail or non-Gmail systems will be new to most users, and the complex ramifications of using such features may not be obvious to many of them.
It is imperative that both users of regular Gmail and Google’s paid G Suite offerings are adequately warned by Google regarding the potential legal pitfalls of using confidential mode. I’d suggest “in your face” warnings at least the first time that users attempt to use associated features.
Many independent professionals who may be subject to legal restrictions in these contexts use regular Gmail. The situation is even more complicated with G Suite. Its users include both businesses large and small, and all manner of other organizations including significant numbers of government users — any of whom may be using their own domain names for G Suite emails.
It will be critical that G Suite users and account administrators aren’t only directly warned about the implications of using these confidential mode features, but that administrators also have the means to restrict the use of these features by any or all of the users associated with those accounts.
This is definitely an area where proactive educational and technical steps by Google now could potentially avoid a lot of hassle — or much worse — for a significant number of their users down the line.
–Lauren–