There are so many different types of email service, how can you tell if yours is secure?
A good rule of thumb is that if someone else provides the service, it’s not secure…even if encryption is involved (unless of course, you control the encryption). This includes: employers; internet service providers; encrypted email service providers; wireless service providers; and the like.
Why are they not secure? Because someone else owns and has access to the server on which your email resides.
Your employer for example, has the ability and legal right to monitor anything and everything you do with company sanctioned services – like phone and email – and/or using company sanctioned equipment – whether it’s a desktop computer, a laptop computer, or a smartphone. This includes your personal email that you access using the internet connection in your office, or using the BlackBerry device issued by your company.
If you use the email account that comes with your internet or data service, your service provider owns and has access to the server where your information is stored.
Encrypted email services, like Hushmail, are accessed using a web browser, and traditionally use server-side encryption. This means that the email is encrypted for transmission from your account to your recipients, but reside in the mailbox in plaintext. In some cases client-side encryption is available, which means that the email is encrypted at the browser level by a piece of code supplemented by the service provider – which means that they control the encryption, and technically can access the data in plaintext. Ultimately the service provider stores your emails, controls the encryption, and keeps your keys….all on their server(s).
Servers require administration, and encryption servers are no different. They require updating, configuring, and general management. Someone has to perform these tasks, and in order to be able to perform these tasks successfully, this someone needs unrestricted access to all areas of the server and any services, applications, and data it hosts. This someone it generally referred to as an IT Admin.
Some of my closest friends are IT Admins, so what I am about to say is not intended to offend anyone, but only reiterate a fact that may or may not be well known: IT Admins snoop, and many admit to doing so. The fact that these habits have been exposed has done nothing to thwart them. In fact, a follow up survey revealed that the trend continues.
So what can you do to protect yourself from prying eyes? For starters, don’t use resources issued by your employer to take care of personal business. However, if your employer issued you a BlackBerry smartphone, you have an option: “eCrypt One on One” encryption software for BlackBerry smartphones encrypts your emails right on your handheld so that it remains encrypted even when it is stored on the server. So whether it’s an employer monitoring, an IT admin snooping, a service provider prying, or a hacker intruding, the contents of your emails remain private, available only to you and the person you emailed.