
In my latest Compuschmooze™ column in the Jewish Community Voice of Southern New Jersey, “Encryption tools have drawbacks, but will keep your emails private,” I talk about how people forget that email is very insecure, and suggest some ways you can make it more secure and private.
The article is no longer available on the Voice website, so we’re reproducing it here. Some of the references are long-outdated and companies no long offer products like the paid version of PGP.
One of the most surprising lessons to come out of the Gen. Petraeus scandal is how vulnerable our email messages can be if someone wants to read it.
Most of us forget that the Internet relays email from one computer on the worldwide network to another, many times over before it gets to its destination. Depending on the way each computer is set up, copies of those emails could be sitting there long after the recipient has read the message.
The only way to discourage people who are trying to read your email is to use some kind of scrambling system. The problem with encryption is that most kinds are difficult for ordinary email users to manage because you need to keep track of encryption keys and passwords for all your secret email recipients.
The best known encryption tool, Pretty Good Privacy (PGP) has just this problem. You need to obtain encryption keys from your friends and family (they all need to install and learn how to use PGP too) and then select the correct one when encoding a message. And you need to be prepared to cut and paste a lot, because PGP doesn’t work seamlessly inside your email system. PGP has gone through a number of owners over the past two decades since its invention. It’s currently a product of Symantec, which makes Norton Utilities. It’s a little pricey for most people (about $150, at http://bit.ly/RC5Iai) but it will manage keys and automatically secure messages in Outlook. (2024 Editor’s note: OpenPGP.org offers a free version in Windows and Apple iOS.)
There are solutions that take the key management burden away from users, but for noncommercial users, most have fees associated with them.
Many services, like Voltage SecureMail (voltage.com) and ZixMail (zixcorp.com) store secure email on servers, in “the cloud,” so that in order to retrieve a secure email, you log into a website. Voltage SecureMail uses the website approach for sending messages too. ZixMail works within Microsoft Outlook, so you just type your message normally, and when you send it, Outlook connects with the ZixMail servers to obtain encryption information and to notify recipients there is a secure message for them. If they are ZixMail customers, they just receive the secure message in their email software. If they are not, they get a message with a link that lets them log into the ZixMail cloud server. Many doctors and healthcare companies use this kind of system, to comply with privacy regulations.
Trend Micro (http://bit.ly/RC6cgp) also offers an Encryption for Email Client plugin that works with Outlook, but all your recipients must use the same system.
The free implementation of PGP known as GnuPG, or GNU Privacy Guard, is intended mainly for advanced computer users. You’ll need to install and configure several pieces of software on your computer, and again, you will only be able to have secure email with other people using GnuPG or PGP. I’ve had limited success with GnuPG, and frankly, very few people I know actually think about this level of security for email.
The problem, of course, is that if you decide you do want more security for your email and start encrypting your messages, they will stand out like a flashing beacon to anyone who might be spying on your Internet connection. It would be as though everyone sent their mail on postcards, and you started using envelopes. It’s easier to spot when few people do it.
Write me – encrypted or otherwise — at [email protected]. If you want to try PGP, you can obtain my public key here.
# # # #
Be the first to comment