I was chatting with a friend the other day, a CTO of a sizable financial services firm, when the subject of Google’s trustworthiness came up. He said he trusted Gmail to be secure because, “Google doesn’t read your email.” Being a paranoid tech guy, I challenged his assertion.
That Google has the ability to read your email should be beyond dispute. Google’s servers have access to all your messages in plaintext form. They render your email for display in your browser. They index all your information to be able to search it. Everything you store or process on Google servers is available to them.
The G Suite Agreement makes all this abundantly clear:

  • Google may transfer, store and process Customer Data in the United States or any other country in which Google or its agents maintain facilities. By using the Services, Customer consents to this transfer, processing and storage of Customer Data.

My friend may have been confused by Google’s promise not to display advertising to a paying G Suite customer:

  • Google will not process Customer Data for Advertising purposes or serve Advertising in the Services.

Make no mistake, Google can and does read your email. And this should cause concerns about security and privacy.
Security. Because Googles servers have access to all of your organization’s emails, an attacker that’s able to penetrate these servers can also get all of your data. No software platform is perfect, and it’s certainly plausible that an attacker can penetrate even Google’s defenses. And G Suite can be managed by administrators, who also can access all your data. So if your administrator is compromised, you’re at risk.
Privacy. Google is known to collect vast amounts of data about each user, and there’s no reason to believe G Suite services are exempt. There may be unintended consequences of this data collection. For example, a judge may issue a subpoena to Google to divulge customer emails, and Google would have no choice but to comply. The owner of this data might not even know about it. But if the data in question were a physical document, the subpoena would be delivered to its owner, who would have the opportunity to object to the data collection if it were unwarranted.
End-to-end encryption would address many of these security and privacy issues. If G Suite data were encrypted on clients and servers were merely repositories of encrypted data, then Google itself wouldn’t be able to read your messages. Facebook’s WhatsApp works this way. As he puts it, “Nobody, not even Facebook, should be able to see your private messages.”
Google’s “Don’t Be Evil” motto isn’t enough to cause you to trust Google.

I’m a paranoid tech guy. I care a lot about privacy and information security. I also happen to work at PreVeil, which uses end-to-end encryption with no central point of attack to secure email and files. You can reach me at [email protected].