|
Written by Tony Phelps
|
|
Thursday, 17 November 2005 |
There are two aspects to securing email privacy ; the email itself, and
the transmission method for sending/receiving emails. This column has
previously covered the use of encryption software for making an
individual email unreadable by anyone except the intended recipient,
however this entails both sender and receiver installing & using
the encryption software. What about all the emails that aren’t
encrypted?
The majority of email communication occurs as “clear text” – just like
a postcard, anyone with access to the servers along the path that an
email follows from sender to receiver can quite easily have a
read. A small degree of privacy is available for these emails over the
last leg of the journey ie. from the receiver’s mail account to the
receiver’s computer.
Why would you want to encrypt emails just between your mail account and
your computer, when the emails can be read on their journey into the
mailbox? Vanuatu actually provides a good example of why. Here, there
is no choice of internet provider. If you want to get access to the
internet, and therefore to emails (wherever the mailbox happens to be),
you have to go through TVL. This means that there is a single point of
access to all incoming and outgoing email. No doubt TVL have both
physical and electronic security precautions, but those people with
nefarious intentions (industrial espionage, spying, blackmail, etc.)
will only need to concentrate on a single target. And no security is
foolproof.
So, if you can encrypt the connection to your mailbox (not the emails,
but the “pipe” that they will travel through to get to your eyes), and
your mailbox is located in any of the thousands of mail providers
around the world (instead of with TVL), it will be much harder for
anyone monitoring things to read your emails even though the emails
themselves aren’t encrypted.
Encrypting the connection between your computer and your mailbox is not
difficult. Most email software will assume by default an un-encrypted
connection but will provide options to establish only encrypted
connections. Typically, this is as easy as ticking a box to use SSL
(which is the encryption method most commonly used, standing for Secure
Sockets Layer). Whether this works with a particular mailbox depends on
the provider of that mailbox. Yahoo, for example, do not support
encryption for some inexplicable reason. Many other providers do
though, and will have guides on how to configure the most popular email
software to use it.
In an increasingly untrustworthy world, it is wise to take precautions
– especially where they are free, transparent, and generally quite
easy. Another weapon in the internet armoury that you may wish to use. |
