Nearly three years have passed since Google announced it would offer an end-to-end encryption add-on for Gmail, a potentially massive shift in the privacy options of a piece of software used by more than a billion people. It still hasn't materialized. And while Google insists its encryption plugin isn't vaporware, the company's latest move has left critics with the distinct impression that Gmail's end-to-end encrypted future looks cloudy at best—if not altogether evaporated.

Last Friday, Google quietly announced that E2EMail, an extension for Chrome that would seamlessly encrypt and decrypt Gmail messages, was no longer a Google effort. Instead, the company has invited the outside developer community to adopt the project's open-source code. Google was careful to emphasize in a blog post describing the change that it hasn't given up work on its email encryption tool. But cryptographers and members of the privacy community see the move as confirmation that Google has officially backburnered a critical privacy and security initiative.

"The real message is that they're not actively developing this as a Google project anymore," says Matthew Green, a cryptographer and computer scientist at Johns Hopkin University who has closely studied tech firms' messaging encryption products. Green notes that after close to three years, he's happy to see any code come out of Google's Gmail encryption work. But it's hardly the finished email-encrypting plugin that Google had promised. "It's definitely a bit of a disappointment, given how much hype Google generated around this project at one point, to see that they're not pursuing this as a core feature of Gmail," Green says.

Signs of Vapor

When Google first announced in June of 2014 that it would build an encryption tool for Gmail—then known as "End-to-End"—the move was seen as part of Google's dramatic response to the NSA surveillance revealed by leaker Edward Snowden. But the project's failure to emerge from a "research" phase—even as communications like Apple's iMessage, Facebook Messenger, Facebook-owned WhatsApp, and even Viber offer end-to-end encryption to their hundreds of millions or billions of users—has disillusioned the privacy community. Commenters on the project's Github page have asked for more than a year if Google has abandoned the encryption extension.

Google's decision to hand E2Email over to open-source developers only cements that perception. "If I had to place a bet, I’d say it’s a telltale sign the project isn’t going anywhere," says web security researcher Jeremiah Grossman, chief of security strategy at security firm Sentinel One. "This is a way for them to get their work out there but to absolve themselves of future obligations."

Green, who has spoken to Google engineers about the project, says the End-to-End initiative never received the staffing necessary to push it forward. Today, he says, the total attention Google devotes to the project equates to a fraction of a single full-time staffer. "The upshot is that Google won't be doing much more on end-to-end encryption," Green says.

Baby Steps

Google's own security engineers, meanwhile, say that they've hardly abandoned their encryption push. But making email encryption easy, argues Google privacy and security product manager Stephan Somogyi, is far harder than it might seem to the public. Unlike WhatsApp or Facebook Messenger, Gmail's End-to-End project sought to bolt encryption onto email, an old protocol that still has to interoperate with billions of clients outside of Google's control. And Somogyi points out that his engineers have also had to build and refine an entirely new library of crypto code in javascript, a necessary stepping stone for secure web-based encryption tools, and one widely believed to be unworkable a few years ago.

More recently, he says, the team has focused on the larger problem of key management—the tricky task of securely distributing, tracking, and looking up the unique encryption keys that allow users to decrypt encrypted messages and prove their identities. That problem has for decades dogged PGP, the encryption scheme Google bases its Gmail encryption project on. Google's engineers are now working to solve it with a project called Key Transparency, along with researchers at Princeton, Yahoo, and Open Whisper Systems.

"The magic needs to happen in key distribution and key discovery, and we’ve been quiet for so long because we’ve been working on that hard stuff," says Somogyi. But he makes no promises that more rigorous approach will produce actual, working encryption tools for Gmail any time soon. "Even once Key Transparency is out the door, there’s other hard stuff to work on."

The decision to open-source the Gmail encryption plug-in project, Somogyi says, was a recognition that outside developers might want to put out a quicker fix rather than solve the underlying problems his engineers have focused on. "We’re very much playing the long game," Somogyi says. "The reason we want to put this into the open source community is precisely because everyone cares about this so much. We don't want everyone waiting for Google to get something done."

Encryption Vs. Data Mining

Despite those efforts, however, Google hasn't kept up with its competitors on end-to-end encrypted messaging. Its only serious effort in the last year was to offer opt-in end-to-end encryption in its Allo messenger, a new service with an infinitesimal fraction of the user base of existing chat platforms like Google Hangouts and Gchat.

As Gmail's long-awaited end-to-end encryption features have failed to appear, critics have speculated about Google's motives. Does it want to avoid the clashes with the US government that WhatsApp and Apple faced down when their encryption has stymied law enforcement? Or does a company so focused on big data analysis not want to relinquish its ability to mine emails in the service of highly targeted ads and services? The Allo voice assistant, for instance, doesn't function when users have encryption enabled. The entire notion of end-to-end encryption, after all, is that no one but the people communicating can decrypt messages, not even the service hosting those communications.

Google's Somogyi argues that advertising doesn't figure into his team's encryption decisions. But he concedes that for services like Gmail's spam and malware filtering, end-to-end encryption makes data mining far more difficult. He describes the balance Google seeks diplomatically: "Where we can provide added value to the user by having machine-based systems look at the data, we’re absolutely going to do that," Somogyi said. "At every opportunity that we have to protect users’ data from unauthorized access we absolutely, vigorously pursue that."

Ideally, the tradeoffs between services that mine someone's communications and their privacy should be left to the users themselves, says Somogyi. "What’s important ultimately is that the user has a choice," he says.

That choice, for Gmail users, has been a long time coming. Until the E2Email project comes to fruition—if it ever does—the existing decision for users is starker: Share your secrets over Gmail, or send them over one of the many end-to-end encrypted messaging services that's far better engineered to protect them.

Updated 2/28/2017 1:10pm EST to clarify that while Gmail does use some forms of encryption, it doesn't offer end-to-end encryption that ensures only the people communicating can decrypt messages.