Hacker News new | ask | show | jobs
by resfirestar 1207 days ago
The feature is meant for especially sensitive documents, you wouldn’t want it turned on for everything in the organization because it limits useful features like search and printing. More mature products like Azure Information Protection let you require encryption for certain documents based on policy, but that doesn’t seem to be part of what Google is announcing here.
1 comments
JoshTriplett 1207 days ago
> you wouldn’t want it turned on for everything in the organization because it limits useful features like search and printing

Some organizations would want to prioritize encryption over search/printing. (Also, there's no reason search and printing couldn't work with encryption.)

link
killjoywashere 1207 days ago
It's more of an issue that people have to interact with vendors outside their direct ecosystem, who maintain different email systems. I can have all the PKI infrastructure I want, if my contracting officer has to coordinate payment of a $10M or $100M deliverable with a foreign company with different laws around encryption, I may have no choice but to send some things unencrypted until we can mutually agree on certain processes.
link
prophesi 1207 days ago
At the very least, I can confirm that ProtonMail and Apple's Mail clients let you search through the message contents of encrypted email. I'm sure there's a performance hit, and admins wouldn't be able to search through the encrypted emails of their Workspace users, but that's a much more reasonable tradeoff.
link
londons_explore 1207 days ago
I'd be interested to know the implementation... Most search-over-encrypted-documents implementations either don't scale well (eg. require the client to do all the indexing and upload the encrypted index), or have reduced privacy (allowing the server to infer which words are in which document).
link
JoshTriplett 1207 days ago
> require the client to do all the indexing and upload the encrypted index

Or just require the client to do the indexing and the searching, and not upload the index anywhere.

link
prophesi 1207 days ago
Yep. Not sure how Apple/Proton implement it, but that's exactly what Tutanota does. https://tutanota.com/blog/posts/first-search-encrypted-data
link
londons_explore 1207 days ago
And when you log in from a new device...? Do you now need to wait days while 1000,000 emails from the last decade are all downloaded and indexed?
link
prophesi 1206 days ago
That's an issue with or without client-side encryption. Even with IMAP, you have to download the message before its contents can be searched. While subject/sender/recipient can be searched instantly with IMAP, regardless of encryption.
link
pseudalopex 1203 days ago
Maybe if you have that many emails and 3G only and can't load a backup for some reason.
link