Ontario Privacy Commissioner on SSL and Gmail

The office of the Ontario Privacy Commissioner has released a document praising Gmail for making connection via SSL available for all communications through their website. “If You Want To Protect Your Privacy, Secure Your Gmail” [PDF] points out that when you communicate with your email server over a public wifi network, your communications are vulnerable to interception unless you encrypt them. SSL, or “secure socket layer,” is a cryptographic protocol in fairly common use — you’ll have seen it in operation if you do internet banking or make payments over the internet, and you can recognize it because the URL you communicate with is preceded by “https”.

However, the SSL cryptography in Gmail is an option and must be turned on in order to make communication with the mail server secure. Some mail servers and some email programs do not offer SSL protection, which is why Commissioner Cavoukian singled out Gmail for praise.

We’ve talked on Slaw a number of times about whether lawyers use encryption generally when sending files or data via the internet, the consensus seeming to be that few, if any, actually encrypt the text of confidential messages.

Lawyers in their offices will almost certainly connect to their firm’s email servers via a wired local area network, which is not vulnerable to interception. However, lawyers retrieving emails using wifi connections with laptops off site or home computers will face issues of vulnerability of the kind described in the Commission document and should be careful to ensure that they use an email program that offers an SSL connection (as Outlook, for example, does) and that they enable SSL.


  1. I have been using Gmail for my business since I started out a year and a half ago, and am pleased with all it can do. I thought I would have to get a different email software package, but there are so many benefits to Gmail I haven’t seen the need to move from it. This is yet one more example.