Email encryption: Now more necessary

When considering controlling your communications, it would be folly not to consider arguably our most common form of communication, the humble email, and how important email encryption is.

A Radicati Group Inc email study states

Our email tells a lot about us as we tend to not only use it for business communications but also for our personal communications.

If you are using an email service such as Gmail, then it is generally understood that Google algorithms reads all of your email for multiple reasons including, scanning for viruses, identifying material such as copyrighted material, pornography (child), illegal activities, and of course to target ads to you.

According to Microsoft, as reported by the  The Daily Mail website Google snoops on your email.(2)

• It warns Google reads every email sent by users, scanning for key words
• Internet giant then tailors adverts based on the contents of emails
• Google: 'No humans read emails - and we don't use sensitive information'

 

Following the revelations by Edward Snowden commencing in June 2013, it appears that the various governments including those of the "five eyes" are sweeping and storing all forms of internet communications including email through a number of programs including PRISM.

There are plenty of reasons to want to keep your email content private, both commercial and personal, however in reality not many of us can be bothered because its "too hard" or "not convenient". It is this apathy and laziness that both government and corporate institutions rely upon to continue their ability to gather enormous amounts of information.

The reality is that email encryption is not that difficult and is getting easier and easier. Encrypting your email makes it more difficult for your information to be intercepted and used against you.

When considering encrypting email there is a question that is continually asked: "Which email should I encrypt". The simple answer to this question is, EVERYTHING.

Some "advisors" suggest that you should only encrypt that information which should be kept confidential. The obvious problem with this approach is if a "bad actor" wants to figure out which information in your email is important they merely scan for the encrypted email, ignoring or putting a lower priority on non encrypted email. Further there could be considered a potential advantage to the bad actor by decrypting the specific file.

However if ALL email is encrypted then the bad actor has no idea what email contains and therefore wastes resources in decrypting innocuous email. This makes the bad actors attack a lot less attractive than a targeted attack.

If email is encrypted then should a bad actor end up with access to the email, they can't read or access the email without the key. If John Podesta and Hillary Clinton had encrypted his email, a lot of the email scandal would have been kept secret. But then again if your email password is password you probably are not very security conscious, despite the content of the email and the position that you hold. Click on the above links to full access to the Wikileaks document set (and see for yourself what is there)

It never ceases to amaze me how corporations and governments transmit sensitive emails including billing and account information via unencrypted email. This in itself continues to be a prime source of information for bad actors including the notorious phishing emails. These could be immediately eliminated if the institution simply encrypted communications to you using an encryption key to communications with you. Any email that then came to you from the institution that was not encrypted could be reasonably considered suspect. Problem solved.

Email Encryption

So how hard is it to encrypt your email. Well this depends on the device you are using as each has its own process.

There are a number of good articles on how to go about setting up your systems for encryption and include:

How to Encrypt Your Email

The main components are creating an encryption key, finding public keys, integrating into your apps.

To create and manage your keys you will need software.

There are a number of software applications that you can use depending on your device and platform

OpenGPG -  OpenPGP is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.

They provide software for the majority of platforms with varying degrees of integration.

The MacOS product integrates well however there is a general lag between major upgrades of the operating system. Key creation is very easy and there is a good plugin for Apple Mail (although it is affected by upgrades)

The iOS interface is a little clunky due to the way that iOS traditionally works, however is becoming easier with the functionality of split screens. Typically you need to copy the message into the OpenGP app which then decrypts the information for you. There may be a 3rd party email app that integrates more easily however I am yet to find it.

The Android interface is a much easier experience than the iOS device. Using K9 email, you can select to encrypt or sign your email from inside the App. The integration with multiple "keyboards" make it easier to encrypt/decrypt messages on the fly.

Create

To create your key, open up the app and key in your email address as well as your passphrase. Make the passphrase secure as this is what is used to unlock your key. You will be given the option to export your key. Select yes as this exports your key to a public key server making it possible for other people to find your details and send you encrypted mail.

Integrate

After installing the application it is now possible to encrypt your files as well as your communications using your key. Standard files that should be encrypted include anything to do with your identity, banking, health or personal affairs. Should your computer become compromised or stolen, then you can be safe in the knowledge your files are encrypted.

Any files that you store in the cloud should also be encrypted. This makes it difficult for third parties to gain access to the files

With the plethora of news daily of some new hack or email compromise it is irresponsible not to protect your communications.

Had government officials used the most basic of encryption then the leaking of the DNC emails, the hacking of the DNC servers, or the data on Hillary's server would all still be secure and the public would be none the wiser.

Your communications are your business. Take back control.

To find out more and receive updates please register for our newsletter

 

 

(1) The Radicati Group Inc: Email Market, 2017-2021 -  http://www.radicati.com/wp/wp-content/uploads/2017/01/Email-Statistics-Report-2017-2021-Executive-Summary.pdf

(2) Daily Mail - 5 Nov 2013 - http://www.dailymail.co.uk/sciencetech/article-2487660/Google-snoops-email-uses-private-details-sell-adverts-Microsoft-claims.html

(3) The Podesta Emails - https://wikileaks.org/podesta-emails/

(4) Hillary Clinton Email Archive - https://wikileaks.org/clinton-emails/