methinks

Precious Privacy

The Problem

Postcards provide no privacy -- their content is accessible to any literate who comes across them -- and knowing that, we tailor our message to the medium. We write about how "nice" the vacation is going, and some of us might even spill our guts about a secret tryst (thinking anonymity is as good as privacy), but few would pen a personal, involved letter on an opened-faced post card. Even fewer would send business correspondence on a placard. Personal data like credit card numbers, pins, SSN? Never! For private material we use envelopes and even security envelopes. And of course we sign everything for authentication. On top of that, we've enacted very strict laws against opening others' mail. Clearly, we value our privacy and are concerned that it could be violated.

Likewise, emails provide no privacy -- their content is accessible and alterable to any literate who comes across them -- but unaware of that, we feel free to write whatever we want. Understand, email is the electronic equivalent of a postcard. The address and the message are written side-by-side in plain, legible text, and anyone along the way -- that's from the time it leaves your computer until it gets to my computer -- can grab that email and read it like a postcard.

I suspect some readers just rolled their eyes at me and thought, "Oh geez, Andy. Why do you have to be so paranoid? No one is going to read your email." I don't think anyone uninvited is reading my email (not while I live in this country, at least), because the owners of the easiest entry-points -- ISPs, corporate networks, email hosts, etc. -- operate on good faith. It's bad business for them to violate our privacy. (It's worth noting that many corporations do already scan their employees' email for "inappropriate" material.) However, I know that someone could read my email. And when I say "someone could", I don't mean some nefarious techno-wizard who's spent years perfecting his hackz on the FBI before attempting to snare our precious email -- I mean anyone who can use Google to research a few rudimentary techniques. The only thing protecting us at the moment is our anonymity.

I also suspect some readers are thinking, "I don't have anything to hide." For 99% of the emails I send, the fact that someone could read them (and alter them) isn't a concern. It was probably just some stupid BS to one of you guys anyway; a third-party alteration might liven it up. But there is that one email out of a hundred that I would like to be certain was read by only the addressee. Maybe it's personal, maybe it's financial, or maybe it's a courtesy to a customer or friend. Whatever the reason, situations exists where a postcard is unacceptable. A signed, dated, security envelope is needed.

Partial Solution

It might seem ironic to some, but Gmail protects your privacy better than its competitors by offering an https version of their site. Https is like http (as in http://this.website.com), but the s means secure. Techno babble aside, it's the same technology that is used to secure online shopping and encrypted passwords. If you use Gmail and login at https://gmail.google.com, the communication between you and Gmail will be encrypted, and consequently far, far less vulnerable to being waylaid along the cyber-road. The actual message, however, is only encrypted while in transit to Gmail; once it's there, it comes to live as a normal, postcard-esque email, which could be read by a disgruntle Gmail employee.

In addition to the disgruntle employee problem, this solution doesn't add much security unless both the sender and the recipient use the secure version of Gmail. Otherwise, it's like putting a postcard in an envelope that the post office removes before they send it on.

If you were certain that your messages were being intercepted between Gmail and your home computer (like if you lived in a prying, communist country), this method would be useful, but it's not a total privacy solution. It's a partial solution at best.

Total Solution

To ensure the privacy of that one-in-a-hundred email, you have to encrypt it before it ever leaves your computer. Yes, this involves installing new software, no it's not (too) hard. Most likely all you'll need is a plug-in for your existing email client.

Maybe you've heard of PGP (pretty good privacy) or GnuPG (an open-source alternative to PGP). They use "keys" to encrypt/decrypt a file (an email file, for example). Every user has two keys, a public key which he gives to his friends and a private key which he keeps secret forever and ever. If I want to send you a message, I encrypt it with your public key and you then decrypt it with your private key. Vice versa if you want to send me something. Also included in the software is a means to authenticate (it's really me) and validate (it's unaltered) the message.

As I'm sure you just deduced -- unlike the physical world -- both parties have to participate to make the system work. I can't send you an encrypted message and then phone you a password later. It doesn't work like that. So what do you need to do to begin protecting your privacy?

First, go here: http://www.gnupg.org/(en)/index.html This is the website for GnuPG, and the software we're going to use (because it's free). Download the program and then find your email client from this list and download the plug-in needed to make GnuPG work with your email client (Outlook, Outlook Express, Mozilla, etc).

Note: You can use GnuPG to crypt any type of file you chose. You could encrypt your secret treasure map with your own public key, burn it to disc, and sleep soundly knowing that you are the only person who can recall the map.

Once you've installed the software (you can find directions for your particular email client) and created your public key, you'll have the option to encrypt new emails with other people's public keys. If it's just an everyday email, you won't even have to think about GnuPG or any other weird acronyms. If you want an added measure of privacy, you can encrypt it.

If you've read this far, you probably recognize the need for occasional email encryption, you're not averse to giving the software a try, but you're stuck on one final problem: You don't know anyone with PGP/GnuPG, so even if you wanted to, you wouldn't have the occasion to use it. That's exactly why you need to get this software! It's gotta start with you and me sending secret-decoder ring messages back and forth, and then maybe one day the technology will be widespread enough, standardized enough, that we have the same kind of privacy in the digital world that we have in the physical world.