This post may contain affiliate links, meaning at no additional cost to you I may earn a small commission when you click a product or company link. As an Amazon Associate I earn from qualifying purchases.
I recently signed up for a 5-day email “course” about email security. I expected to read some basic tips for keeping my email secure and thought I might get some more safety tips to share with you. (I’ve already written about securing your email and using strong passwords). Instead, the majority of the content dealt with encrypted email.
I understand the appeal of email encryption. Back when the only people connected to the internet were researchers at universities, it never occurred to the creators of the internet to think about making email private. So emails have always been like postcards–open for anyone who knows how to spy on internet traffic to see. Eventually, encrypted email programs sprang up as a result, for people to share content privately. But do you really need encrypted email?
Probably not. Here’s why.
Basic encryption is becoming standard
Once upon a time I worked as a government contractor doing security research. The news broke that some other government contractor named Snowden had given away a bunch of government information. Regardless of how you feel about what he did, one of the results was that people started to realize that some level of basic encryption was a necessity–not just for email, but for internet traffic in general.
You may or may not have noticed that most websites now are https, rather than http. Take a look at the address bar as you browse the internet, and you’ll see that it’s true for just about every site you visit. That “s” means “secure” and means that the data going between you and the website is encrypted.
This is what’s referred to as encrypting data in motion and is roughly akin to putting an envelope on your postcard. That is, if every post office between you and your recipient takes the postcard out of the envelope and puts it in a new envelope before sending it along on its way. The internet is weird, folks.
Most email providers these days encrypt in motion, though some do not. It’s worth checking to make sure yours does before using it.
Why encrypt data in motion?
Encrypting data in motion is not just about keeping the data secret; it’s also about the integrity of the data. It keeps anyone who might be spying in the middle from changing the data as it comes from the website to you. So you can know that nobody changed what was on the website before it got to you.
Think of it like the safety seals on the food you buy at the grocery store. The point of that extra piece of plastic on your yogurt isn’t to hide the fact that the container has yogurt inside. The point is to ensure that nobody slipped anything else into the yogurt between the time it was sealed in the factory and you brought it home.
In terms of who you need to trust, that means in order to trust the contents of that yogurt container, you have to trust the factory that made the yogurt and you have to trust everybody in your house. Similarly, with email, in order to trust the contents of your email message, you need to trust the servers between you and the person you’re communicating with.
Is it enough to encrypt in motion?
Probably, in most cases.
Because the way the internet works doesn’t exactly correspond to anything in the physical world, it’s necessary to understand that the “post offices” between you and the person on the other end of your email exchange will decrypt and could feasibly change your message.
So you’d need to trust all the servers between the two of you. In reality, those other servers are probably going to belong to well-known companies such as Google or Microsoft or Yahoo. If you trust them not to tamper with your data or otherwise misuse it (which is a topic for another day), then you’re probably fine.
If you ever want an interesting exercise, check out the “View Original” option in Gmail. Search for all the “Received” tags. Those will tell you which servers handled your message in transit.
This email, sent to my Gmail address from a friend who also has a Gmail address, never left Google’s email servers:
This email, sent through an automated mailing service, from my alma mater to my school email address and then forwarded to my Gmail address, went through servers belonging to a few different companies before it got to me. Here you can see it hit servers belonging to Microsoft (outlook.com) and Google.
What about encrypting email at rest?
It’s also possible to encrypt your email at rest, also called end-to-end encryption. That means that your data will be gibberish to anyone without the keys to decrypt it no matter where it is in the chain–whether it’s sitting on your friend’s computer or it’s been unwrapped at one of the email servers along the way.
This would be sort of like writing your postcard in a secret code language that only you and your friend knew. Anyone spying along the way could see the message, but no one else would be able to read it, even if they took it out of the envelope.
Unfortunately, in practice, encrypting email at rest is really hard. Solutions exist, like OpenPGP, but it’s complicated to set up the encryption keys and requires both you and the person you’re sending it to to have it set up properly. Pretty much only hardcore security nerds (or wannabe hardcore security nerds) use it… And even noted security experts like Bruce Schneier have given up on PGP as a general solution to this problem.
Other solutions, such as Bitmessage, take care of the encryption-key setup for you but still require users at both ends to be using their service instead of a regular email service. These solutions also just move the trust problem. You still need to trust Bitmessage (or whoever) to encrypt your data properly and not give themselves a backdoor to access your data.
If you’re working for a company that needs to protect proprietary information, they will probably have email encryption set up for the entire organization and you won’t need to worry about it. Just be aware that emails sent outside of the organization will probably not be encrypted.
How do I know if I need a more complete encrypted email solution?
Maybe you’re a human rights activist in an oppressive country, and you don’t trust the country’s government not to read your email and arrest you for the information in your email. In that case, you’d probably want to set up some sort of email encryption… assuming the very act of encryption itself doesn’t raise the suspicion of the country’s government.
But if you’re in that situation, I would assume the organization that sent you there has guidelines for keeping your communications safe. I would follow their recommendations over anything I have to offer in this blog post.
A second, more common situation, is if you need to share private information. For example, maybe you need to send your credit card info, your social security number, or a password to a shared account. (It should probably go without saying, but be sure you trust the recipient if you’re sharing this kind of information!)
Best practice? Don’t share it directly through email. Instead you might try encrypting a file that contains the private information (see this post for some ideas on how to encrypt a file) and then sharing a link to that file. You might, for example, upload the file to Dropbox or OneDrive.
You could share the link to the file through email and then share the password to the file through a different medium, such as a phone call or a text message or a messaging app with end-to-end security, such as Signal.
Most people won’t need encrypted email.
If you’re not in an oppressive country and you’re not emailing around top-secret information, you probably won’t need to encrypt your emails. More important than encrypting your emails is securing your inbox with strong passwords and two-factor authentication so that hackers can’t access your inbox.
Did you find this post helpful? Please consider pinning to Pinterest!