Who Else (besides the NSA) is Reading your Email?
Privacy is something we all grow up expecting. We value it inherently and are taught to respect it from an early age. Boundaries are established and respected, or there are consequences.
Then we grow up and start writing email, and because email is a black box of sorts to most of us, we stop thinking about privacy. That black box then turns out to be more like a glass box, because email is not private at all: it moves around the world unencrypted where anyone listening can intercept it and read it, and it is stored on computers where anyone with access can do the same.
Encrypting your email is actually easier to enact for those who realize the need for privacy than it is to accept for those who object to anyone else’s need for privacy. The presumption of innocence is a pretty wonderful thing, so let’s look at how we can restore privacy to email.
Some explanation about what we are trying to do is necessary before we go any further. I say this because we have had clients who seemed to expect encryption to work magically, in the background, without them doing anything to make it so. This will never be the case. Encryption is made possible in this day and age using something called “public key cryptography.” What does that mean? It means that the keys needed to encrypt, sign and decrypt messages are comprised of two parts: the public part, which you can give to anyone with whom you’d like to correspond privately, and the private part, which only you have and which is needed to decrypt messages that were encrypted with the public half of your key. This solves the problem of the need to securely exchange one key, as well as the problem of proving a message came from the person claiming to have sent it: if you’re the only one with the private half of your key, and you signed the message with it, the ability to verify the signature with the public half of the key means you sent the message.
Are we clear now on why public key cryptography works? It’s a pretty great thing: you sign messages with a private key only known to you, and you use it to decrypt messages that have been encrypted with your public key which is known to your correspondents. Your correspondents in turn can use the public part of your key to verify that your signature is yours.
Now let’s see how it works in practice. There are two easy ways to use these key pairs: GPG (using key pairs you generate yourself) and S/MIME (which uses certificates you obtain from a trusted third party.)
GPG stands for “Gnu Privacy Guard.” It’s an open-source implementation of PGP (“Pretty Good Privacy”), which was once open-source but is now a Symantec product. The easiest Windows implementation of this that I’ve seen is the gpg4usb project, a small and very portable installer-less program that can be copied to a flash drive and carried around with you. You’re going to be using this product to generate a key pair for use in private correspondence, and you can also use it to keep track of your correspondents’ public keys (though you could just as easily keep them anywhere, they’re public after all). The act of encrypting a message is one of cut-and-paste, and the result looks like this:
-----BEGIN PGP MESSAGE----- Version: GnuPG v1 hQEMA6sc/65/kpycAQf9H2bIhCJjxS+VqGN2kHhOls0ubJRjRlk0a7UrmysuZjMl …more of the same for a while… MM5java39p9l8Ek6aR06/uEQxzvHKcjFqiI0kuV2CQ6l6ip11K8MfU1HCRzXFA== =qfJb -----END PGP MESSAGE-----
Notice that it’s not possible to tell how long the message is either; it’s padded to obfuscate that fact as well. GPG is pretty much the easiest and fastest way to safely encrypt text between two people. Go download GPG4USB, generate a key for yourself, have your correspondent do the same if they haven’t already got a public key to offer you. Now you can send encrypted messages using those public keys and decrypt the ones sent to you with your private key.
So why even bother with S/MIME? The biggest reason is that email isn’t always just text. When email is more than text (hyperlinks, fonts, pictures, etc.), it’s passed as chunks of binary data in a format called MIME, which your mail application uses to display the message with all of its formatting intact. Can you guess what the “S” in “S/MIME” stands for? It means “secure,” as in, “encrypted and signed with a key pair issued by a certifying authority.” You’ll find support for S/MIME in popular mail clients like Outlook (and Outlook Web Access) and Apple’s Mail application, where it can be used to sign and encrypt the whole message with formatting and attachments intact.
There are a few hoops to jump through: first, you must obtain a certificate. Some are free and others cost money, but the important thing is that for the certificate to be trusted by your recipient, their computer will need to recognize the issuer as legitimate. For personal use (where it’s free of charge) I like StartCom and for commercial use I like DigiCert. Note that for large enough organizations, it may make sense (both financially and organizationally) to have the organization itself get an enterprise trust certificate and issue the certificates automatically (and yes, Echo can help with that.)
The next step is that you as the sender must have access to the certificate’s private key. Typically this can be accomplished through the mail client you use (for example, the “Trust Center” in Microsoft Outlook). Once it’s installed, you are ready to send a signed email to the correspondent you’d like to have an encrypted exchange with. That’s how the process starts: the recipients exchange signed messages and choose to trust each other, and now you have your correspondent’s public key, and he yours. This is the step that seems to stymie most people, because it’s not immediately apparent how to get the public key since the mail client is handling so much of the process for you. Just exchange signed messages and verify out-of-band if you must that the certificate you’re choosing to trust is legit (if people keep asking whether it’s legit when you send them a signed message, maybe that free certificate you got from “AllYourSSLBelongToUs.ru” wasn’t such a great idea.)
Finally, it’s important to realize that when you encrypt a message, it can’t be indexed by searches, and if you lose your private key you have a problem, so keep it safe somewhere offline. A locksmith can bail you out when you lose your car keys, but there’s nothing anyone can do to help you if you encrypt a message and lose the private key to your certificate!
I hope this has you thinking about privacy as it applies to email and hope it makes you feel a little more free to communicate!
–Ken (public key attached!)
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFRShFkBCAD2+mBjSxzKsT16pyHktYm3VYNunaVq+TvVuqTldkdtowtnfJWd kr+r+5XE3NZdjY/e3GLow1pTKZN0WjrPlJ8GSQNWEM5LliDMYAjgooPzA7NkuunH 7DfPYN1iAXIelFL/OKTVnBfqBenFn4GGau6dFP4FJPnN63GRInS9SgJPbK1mlHSx hqT6SN2fWfuQaszNqQFIUP4Ujykvc/y1h8U1E4ur/eP5Ueoi5qdAqDw9uft6TfyF tza/4vAG7C1nuLNbpsHbCHKR/nr1yAHzvxBEtwHsCZP/EIhavbOChNW9AfyR5wWL GAsGmr/FQ5kp4MpBm6UAk4YPBfJ/NV3RSRHLABEBAAG0I0tlbiBHcmVlbmxhdyA8 a2dyZWVubGF3QGVjaG90cy5jb20+iQE8BBMBCgAmBQJUUoRZAhsDBQkJZrCXBQsJ CAcDBRUKCQgLBBYCAQACHgECF4AACgkQPwdlPuxLST4WpQf8DV/7uQHZRYRPtm1F 7+XxERfL5GMG+KakzYNTYS79nEJJ9bUgKpQnHXdFQwWtWIQKl4OyfRJSisaaYzTt T3Oh9BwppHohZGTAKD0trGUVbwKDixZKfQh3kjDTkQCag6GBdFHe8ej0HSVbssxE CnafOQxBZjh+ms/kqOA/5b16uDZkO7oHK5+Uq5QCG19dEXB/L+WfvuwaHFc8b/T/ ZF4Gq32HtTHgncEwUHgAzAFfrZ4OqhohAS5sXcd9+RMsHSGHfMynwEqk4LOI1oUj IelmlMEs9PbhXMnshAeMCUvpzD/mYzdAAVKE3N7LlNIgs8AG2bkbm5I+ETBQI1yW 2ORkgrkBDQRUUoRZAQgAuDwStPQDWVOj1hPDq6oTNtDOwEOsaWX1If4vnp8QbODz 4NoP4rAXYF62vJLVov9zsKsdIirTbLDkM/qpAJY1vPj+VwTqV1Sk5zO7TvjlnQvy UNOwGCTdsLIWisJaGID742xnLxMWYj68awxIIB8wNAsA1U8WZL34+p9wTy2XjBDN ahvXyV9Qjf1qOqgmXxTJ6lx3YgvsarNNdYZR9qAnZhM/nwBFq8PavG1NzjJffhWc l6nkgL8Z89Ks3qQqChLF8jlf9rdBKwW+uaV1eX0exdHfhwBnpTnSPCNInM3v9Vvd apEQSRvvCTyygWhjhYk6BIRbeozXouD8lhm3qfN8cwARAQABiQElBBgBCgAPBQJU UoRZAhsMBQkJZrCXAAoJED8HZT7sS0k+eEgIAJ7vuBzXrCe+iQFYedcjYO9DuPhH MofSXLomtM9u4I58kXvD0nnQkJduI8aX521YTbBMByCY3rcjKaKoJxfBd85en7+T t9+GdQlCS7vzkm0VMGzjWT4MgyIaNhL03nbW2a7AB+I6wcETYxsrtAv9UOlQ4pN7 3f4q2Vva1CpAUevt5QjVvaVz73gm8uqGPMx0pWgYYognZVjMGhgjpuleo6znBb8M zaLdWkaJCAEHK/U26nFsdWBRHNZO3pg0zg6wbGOPk6X3MiiivGxCNfqgL9I58BQ5 AWNY2BaAuZQMshHUBAH2FhbfcX/M4nXDGBpQdbakVhFuD5HM/bzsyTUksVM= =2jT+ -----END PGP PUBLIC KEY BLOCK-----