Systems Engineering

Are People Reading What You’re Writing (Without Asking)? Part II

November 12, 2008

  • Guest Blogger

In Part I, I started talking about protecting what you write, and picked on Instant Messaging for its lack of protection.  This time, I’m going to talk about email.

If email isn’t the most pervasive traffic on the internet, I can’t imagine what else is.  Email has become _the_ way for people to communicate around the world.  It is used daily by both corporations and individuals, often in situations where its delivery is very important.  Here is the problem I want you to think about, though.  Most people simply create an email message and send it on its way, not realizing that its contents are wide open to the rest of the world.

The analogy for a typical email is a postcard; you write your message on one side of a piece of cardstock and send it, and anyone that wants to take a peek has nothing stopping them from doing so.  In contrast, you can put your message in a envelope, rather than using a postcard.  The casual person won’t be able to see what’s inside, but they can still see where it’s going, and often where it came from, because of the addressing on the envelope.  If someone _wanted_ to view the contents, it would still not be a lot of work for someone to intercept the mail, even going so far as to repackage it and send it on like nothing happened.

So why is this a big deal?  For starters, people love emailing username and password combinations to each other.  Because email is used so heavily for business, no-one thinks about the documents they are emailing around.  What about that document with your company’s next great idea?  I’m sure you can think of a few more things you have sent yourself that you would rather not have them end up in someone else’s hands.

So, are we doomed to having insecure emails forever?  Of course not, but there are a couple things you have to decide.  The two main things you need to worry about are verifying the source of an email and protecting the contents of the email.  The first is signing the email, the second is encrypting.  Signing is relatively easy, encrypting tends to be a little more involved, but certainly not impossible.

The main tool I use for handling this is GnuPG.  There are plugins for most major email clients (e.g. Thunderbird, Outlook, Apple Mail) and many others.  Here is the basic idea.  You create a pair of encryption keys; a private one and a public one.  The private one you guard with your life, the public one you tell everyone and your grandmother about by placing it on a public keyserver like Anything sent to you can be encrypted with the public key, but only the private key can decrypt the message.  If all you are worried about is signing the email, GnuPG can also handle that.  You use your private key to sign the message, and anyone can use the public key to verify it.

The net result of this is email that is verifiably from you and also potentially encrypted so that only the recipient can read it.  Obviously, this means a little up front work.  You have to get your system configured to create/decrypt/sign messages, and you also have to get the people you talk with to do the same.  The reward for doing this is email that is much more secure.

Now, there is a potential downside to this.  If you start encrypting email (or anything else, for that matter), do not lose the private key.  If that key gets lost, anything that has been encrypted is going to be locked up forever (that’s kind of the point, isn’t it?).  So just make sure not to lose it.

If you don’t want to encrypt the email message itself, you should at least encrypt data that you want to protect that has been attached to the email.  If nothing else, think twice about sending personal or important data in an email.  Being aware is the first step toward being more secure.

Here are a few places to start looking for more information:

Enigmail (Thunderbird plugin)

GData (Outlook plugin)