Do mere mortals need secure email?

The more I learn about the NSA spying into emails and all other information I have to think if we really need to move to a secure way of communication.  The problem with email is that the only way to have secure communication is if both endpoints encrypt the information going out and decrypt once the information is at the other endpoint.  You can achieve this, like in most corporations, when you control both endpoints and the system in between.

When I email a colleague in my company, we have an encrypted conversation, and there is no information that is leaked.  When I email a client we cannot have a secure conversation, so everything, yes EVERYTHING is in plain text.  Quotes, special rates, etc are all visible; IF you have the capabilities to monitor either side of the communication pipeline.  So it is not easy, but doable as proven my the NSA and Edward Snowden.

gpgmail-received I don’t believe that my conversations require national security, but wouldn’t it be nice to know that you have some level of security.  Right not the only way to have this is using PGP and encryption mechanism.  I can tell you that is not that complicated, but requires that your recipients also have it configured.  If you don’t have it configured what you get is gibberish.

But even if there is a solution the question still remains, do we need secure email?  If you think, well maybe for the secret stuff we need it.  Then it would be really easy to identify when you had secrets.

So even if nothing that we communicate through email is secret, by encrypting it we allow for the opportunity to transfer information that would require it.  This means that everyone needs to configure encryption in your email; and this means that we give up web mail.

Webmail even if it was encrypted from server to server, if you see it not encrypted on a website means that when it traveled from the server to your computer it was visible.  We currently have technology that encrypts such technology, but as demonstrated by Lavabit, a company that was compelled to give up their keys and rather than surrender them closed its doors, companies can open that door.

I have decided to use an email address that I only use encrypted communications and as PGP becomes more ubiquitous I’ll transfer more of my communications to that.  You can find my PGP key and contact information in the Contact Me section.



Leave a Reply