The original poster, Rob Cameron, just makes a vague reference to some vendors requiring encryption. A topic that's been discussed here recently is a set of requirements from Fidelity about how notaries handle information. Here's a quote:
"Encryption of data during transit: end-to-end encryption via the most current transport layer security (TLS) protocol version(s) available"
So if the requirement is merely some sort of encryption, if both sender and recipient access Google with a web browser, you're going to be using transport level security (TLS). You can tell by the little padlock next to the URL in your browser. The email will go from the sender's browser to Google protected by TLS. It will go among various Google systems, which I expect are protected. Then it will go from Google to the recipient's browser Protected by TLS. So it's encrypted, but it isn't end-to-end protected. A court could order Google to release it, and they'd probably have to.
End-to-end encryption means encryption keys are set up that are not under Google's control, and the email is encrypted inside the sender's browser before it even gets to Google. So if a government agency wanted to read it, they couldn't just deal with Google, they'd have to go after the service that provides the encryption key. I don't know how hard that would be. Somehow the encryption key service also provides the key to the recipient. |