Are You Encrypting Your Email?
Interest in email encryption has skyrocketed since Ed Snowden revealed the NSA’s widespread surveillance of electronic communications. Here is the low-down on email encryption, and some methods of doing it.
How To Encrypt Your Email Messages
Unencrypted email is a sitting duck for eavesdroppers; your message is sent in plain text that anyone who intercepts it can read. Email bounces from one server to another, often many times, on its way from sender to receiver. Administrators at any of these relay points can read any email they choose (although they’re usually too busy). Search warrants or national security letters can force email service providers to open their stored copies of your email to the government.
Encryption is essential if you want any assurance of privacy. There are three things that need to be encrypted to protect your email fully.
First, the connection between you and your email server should be encrypted. For Webmail users (Gmail, Yahoo, Outlook.com, AOL, etc.) this is done for you automatically. When you're logged in, you’ll see “https” instead of “http” in your browser’s address bar, and a lock icon that indicates you have a secure encrypted connection.
Desktop email clients such as Outlook, Thunderbird, and Eudora can secure connections to email servers using SSL/TLS, too, if the server supports it. Consult your Internet Service Provider or your email program's help files for details on how to enable secure connections.
The Next Step
Second, each email message should be encrypted before it is sent to protect its contents against prying eyes while it resides on other people’s servers, including your email service provider. This is important because even though your email travels over a secure, encrypted connection, it's stored in plain (non-encrypted) text once it arrives. If your email service provider (or the recipient's) is served with a court order to give up your mail, it should be able to hand over only a file of encrypted gibberish. The email service provider should not have the key that decrypts your encrypted email.
However, sender and receiver must have digital certificates and they must know each other’s public encryption keys before they can exchange encrypted email. Yes, that sounds kind of geeky. In the past, setting up encryption has been a challenge for most users so it hasn’t gotten done. Now there are services that make using encryption easy.
Virtru provides add-ons and apps that do the heavy lifting of email encryption. It supports Internet Explorer, Firefox, Chrome, and Safari browsers; iOS and Android devices; and Outlook and Mac Mail desktop mail clients. Once installed, Virtu lets you encrypt any email you choose before it is sent. Virtru never sees your email’s contents and your email service provider never gets the key that decrypts your mail. However, recipients do not need the Virtru software or a public key; they just have to verify their identities once by registering with Virtru or using Oauth or OpenID and their Google, Yahoo, or Microsoft account.
Virtru’s basic end-to-end email encryption (including attachments) is free. It comes with a 14-day trial of the Premium features including the ability to revoke/cancel an email after it’s sent, control of forwarding, setting of email expiration dates, and more. If you want these features they cost $2/month after the trial ends.
Protonmail goes beyond Virtru to provide email service as well as encryption of email. Like Virtru, Protonmail cannot decrypt any of its users email. Better still, Protonmail provides email servers that are beyond the reach of the NSA and other governments’ spies. Protonmail’s servers are in Switzerland, where strong privacy laws keep all governments out of email and other personal electronic data.
EncryptFree is another option that works much like an online translator. Write your message text. Copy and paste it into the online form. Enter a password of your choosing and click “Encrypt.” Copy the encrypted text generated by EncryptFree and paste into your email form and send it. Communicate the password to the recipient by some means other than email. (I personally prefer to send the lid of a Snapple bottle by carrier pigeon, with the understanding that the message inscribed on the underside is our secret decryption password. Shhh, don't tell the NSA...) The recipient can use the password and EncryptFree to decrypt your message. Yes, it’s a hassle, but it works with any email app.
What About Your Locally Stored Email?
Third, email stored on your local device should be encrypted in case the device is lost, stolen, or accessed without your permission. If you're on a mobile dewvice, Apple iOS has supported device encryption for years, and Android does too. Windows users can encrypt their hard drives using TrueCrypt or the built-in Bitlocker utility. Filelocker is the Mac OS X equivalent.
Some (perhaps most) users feel that encrypting email is not necessary or just too much trouble. If you feel that way, I'm not trying to change your mind. But for those who feel the need to be more proactive about email privacy, here are the tools you can use.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 29 Jan 2015
|For Fun: Buy Bob a Snickers.|
Geekly Update - 28 January 2015
The Top Twenty
Time to Start Encrypting Your Stuff?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Are You Encrypting Your Email? (Posted: 29 Jan 2015)
Copyright © 2005 - Bob Rankin - All Rights Reserved