Email Encyrption

Useful information from EFF.org:

 

The act of using email stores data on your machines, transmits data over the network, and stores data on third party machines.

Locally Stored Data

The usual measures apply to managing the copies of emails (both sent and received) that are kept on your own machines. Encrypt your drives and decide upon and follow an appropriate data deletion policy.

Data on the Wire

Email usually travels through a number of separate hops between the sender and receiver. This diagram illustrates the typical steps messages might travel through, the transmission protocols used for those steps, and the available types of encryption for those steps.

graphic from eff.org

End-to-End Encryption of Specific Emails

Encrypting emails all the way from the sender to the receiver has historically been difficult, although the tools for achieving this kind of end-to-end encryption are getting better and easier to use. Pretty Good Privacy (PGP) and its free cousin GNU Privacy Guard (GnuPG) are the standard tools for doing this. Both of these programs can provide protection for your email in transit and also protect your stored data. Major email clients such as Microsoft Outlook and Mozilla Thunderbird can be configured to work smoothly with encryption software, making it a simple matter of clicking a button to sign, verify, encrypt and decrypt email messages.

The great thing about end-to-end encryption is that it ensures that the contents of your emails will be protected not only against interception on the wire, but also against some of the threats to the contents of copies of your emails stored on your machine or third party machines.

There are two catches with GnuPG/PGP. The first is that they only work if the other parties you are corresponding with also use them. Inevitably, many of the people you exchange email with will not use GPG/PGP, though it can be deployed amongst your friends or within an organization.

The second catch is that you need to find and verify public keys for the people you are sending email to, to ensure that eavesdroppers cannot trick you into using the wrong key. This trickery is known as a “man in the middle” attack.

Probably the easiest way to start using GnuPG is to use Mozilla Thunderbird with the Enigmail plugin. You can find the quick start guide for installing and configuring Enigmail here.

Server-to-Server Encrypted Transit

After you press “send”, emails are typically relayed along a chain of SMTP mail servers before reaching their destination. You can use your mail client to look at the headers of any email you’ve received to see the chain of servers the message traveled along. In most cases, messages are passed between mail servers without encryption. But there is a standard called SMTP over TLS which allows encryption when the sending and receiving servers for a given hop of the chain support it.

If you or your organization operates a mail server, you should ensure that it supports TLS encryption when talking to other mail servers. Consult the documentation for your SMTP server software to find out how to enable TLS.

Client-to-Mail Server Encryption

If you use POP or IMAP to fetch your email, make sure it is encrypted POP or IMAP. If your mail server doesn’t support the encrypted version of that protocol, get your service provider or systems administrator to fix that.

If you use a webmail service, ensure that you only access it using HTTPS rather than HTTP. Hushmail.com is a webmail service provider that always uses HTTPS, and also offers some end-to-end encryption facilities (though they are not immune to warrants).

Many webmail service providers only use HTTPS for the login page, and then revert to HTTP. This isn’t secure. Look for an account configuration option (or a browser plugin) to ensure that your webmail account always uses HTTPS. In Gmail, for instance, you can find this option in the “general” tab of the settings page:

If you can’t find a way to ensure that you only see your webmail through https, switch to a different web mail provider.

Data Stored on Second- and Third-Party Machines

There are two main reasons why your emails will be stored on computers controlled by third parties.

Storage by your Service Provider

If you don’t run your own mail server, then there is a third party who obtains (and may store) copies of all of your emails. This would commonly be an ISP, an employer, or a webmail provider. Copies of messages will also be scattered across computers controlled by the ISPs, employers and webmail hosts of those you correspond with.

Make sure your email software is configured so that it deletes messages off of your ISP’s mail server after it downloads them. This is the most common arrangement if you’re using POP to fetch your email, but it is common for people to use IMAP or webmail to leave copies of messages on the server.

If you use webmail or IMAP, make sure you delete messages immediately after you read them. Keep in mind that with major webmail services, it may be a long time – maybe a matter of months – before the message is really deleted, regardless of whether you still have access to it or not. With smaller IMAP or webmail servers, it is possible that forensically accessible copies of messages could be subpoenaed years after the user deleted them.

The content of PGP/GnuPG encrypted emails will not be accessible through these third parties, although the email headers (such as the To: and Subject: lines) will be.

Running your own mail server with an encrypted drive, or using end-to-end encryption for sensitive communications, are the best ways of mitigating these risks.

Storage by Those You Correspond With

Most people and organizations save all of the email they send and receive. Therefore, almost every email you send and receive will be stored in at least one other place, regardless of the practices and procedures you follow. In addition to the personal machine of the person you sent/received the message to/from, copies might be made on their ISP or firm’s mail or backup servers. You should take these copies into consideration, and if the threat model you have for sensitive communications includes an adversary that might gain access to those copies, then you should either use PGP to encrypt those messages, or send them by some means other than email. Be aware that even if you use PGP, those you communicate with could be subject to subpoenas or requests from law enforcement to decrypt your correspondence.

End-to-End Email Encryption

Email encryption is a topic that could fill a book, and has: see Bruce Schneier’s book Email Security: How to Keep Your Electronic Messages Private. While this book is somewhat out of date (it refers to old versions of software), the concepts it introduces are essential.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s