Why use email encryption?

This page describes some reasons why email encryption is good and should be used by everyone. It is not about how encryption works technically.

What is encryption?

Encryption is a mechanism that ensures that only the correct recipient of a message is able to read it. When I send a message to Thomas, it is encrypted, that means it is changed in a way that nobody can read it. Only Thomas is able to change it back to the original message (decrypt it), and will then be able to read it.

The mechanism used for this nowadays is called public key cryptography. It eliminates the need to exchange a secret key that makes many traditional encryption schemes much less secure.

It is secure

Have you ever put an envelope around a letter?

Using encryption is a bit like using an envelope. You get the message and you know it has not been read by anybody. (The only difference is that encryption is actually secure; most people could open an envelope and close it with simple technical help. This is not feasible with proper encryption.)

Sending an unencrypted email is much less secure than sending a postcard. Like a postcard, anyone who can get a hold of an email can read it, copy it, and even change the content. An email usually passes through a large number of computers and other network nodes. At all times can it be read by the people who are in charge of these computers and network equipment.
But unlike a postcard, emails can easily be both automatically stored and also screened for certain types of content, which makes them very easy to harvest as a source of information.

Encryption makes sure only the addressee of the email is able to read it. Good encryption (like GPG) is so secure that it would not be possible for an attacker to read a message not addressed to him even if he had access to today’s largest computers for his attack. In fact, a properly encrypted message will not be readable for many years (even decades) to come, unless one is in the possession of the decryption key.

So basically, encryption is not at all about sending secret messages (even though it can be used for it), but about putting envelopes around your messages.

Do you respect your correspondent’s privacy?

Maybe you do not care about your own privacy (even though you should). But any email you send contains information about the person(s) you send it to. So if you are sending unencrypted (insecure) email, you might very well be revealing information about your correspondent. Your correspondent may not like this! What is public information for you may be personal for other people.

It is easy to use secure email

Using a plugin for your email program (Microsoft Outlook, Mozilla Thunderbird, etc.), using encryption becomes very easy. Properly set up, you do not even notice that emails are encrypted during everyday usage.

It can verify the sender and the correctness of the message

One of the uses of public-key cryptography is signing. Signing a message enables the recipient to verify that it is really coming from the sender it seems to be coming from. Signing also ensures that the message has not been changed on its way.

Do you know who is interested in your mail now? In 10 years?

I administrate the email server for a webhosting company. We have both business and private customers. As the administrator, it is very easy for me to read all their mail. With the knowledge gained I could probably ruin businesses and relationships. Some of it could probably be sold profitably.

You may trust your government now, but times are changing quickly today. With laws on the way (in the EU and Germany) that will force providers to store customer emails for several years, now is the time to make sure that their content could never be turned against you, or your correspondents.

Links

Leave a Reply

Your email address will not be published. Required fields are marked *