The New Gmail: Emails (and Ediscovery) May Self-Destruct in 3…2…1

Gmail, eager to win over more business clients from industry leader Microsoft, has a host of new features — but don’t let them lull you into a false sense of security.

While Gmail has 1.4 billion accounts, only 4 million of those are paid G Suite business accounts. By contrast, Microsoft’s Office 365 has 120 million commercial users.

To enhance its business competitiveness, Gmail began a staggered rollout of its redesign starting on April 25, 2018. Most of the new features aim to enhance productivity and minimize email distractions. For example, users can snooze emails to a future date and time. The new Gmail will also “nudge” users to respond to emails that have been ignored.

Confidential Mode

The new Gmail will also have — though it’s not enabled yet — a “confidential mode” offering integrated rights management (IRM) features similar to those that Microsoft has offered since 2007. In the new confidential mode, users will be able to:

  • set emails to automatically expire after a defined period;
  • revoke previously sent emails;
  • set permissions limiting recipients’ ability to forward, print, or download emails or to copy text from them; and
  • require two-factor authentication, requiring that the recipient enter a code sent via text message before opening the email.

Google states that these features will be effective regardless of whether the recipient email is a Gmail account.

Don’t take these protections too seriously, though. There’s nothing to stop a recipient from grabbing a screen-capture of an email or calling everyone in the office over to read it. Security experts have also raised concerns that these confidential mode emails will train users to click on embedded links — setting them up for phishing scams.

As far as ediscovery of self-destructing emails is concerned, it’s unclear whether Google’s servers will retain copies of these emails even after they’ve “expired.” Watch out for third-party subpoenas of email information directly from Google. In general, expect ediscovery issues around these time-limited messages to track with other ephemeral communications such as Snapchat and Wickr.

The Bottom Line

If you want an email you’re sending to self-destruct, think about whether you need to reduce that thought to writing in the first place. Yes, you may need to share information that is confidential, time-sensitive, or restricted. But once written, words have a way of coming back to haunt us.

Don’t rely on a technological tool to save you from the necessity of applying common sense.