It seems human nature to want to keep secrets, to send private messages. Although we've long known email is a postcard, not private and easily read as it travels from one place to another, it's easy to forget so long as you don't attract the attention of nefarious individuals/organizations or forces who see it in the best interest of the State to read them. Email is private until someone notices it or wants to read it. I regret that my emails are boring, lacking in drama, often an onslaught of spam and garbage. With gigabytes of email stored on Google longer than 180 days, surely even my boring email would be of interest to someone. Should we all be deleting our email, using our own email servers?
Still, aren't my communications with family about medical, personal finances, etc. private?
Currently, private email that has been stored by a third-party for more than 180 days can be accessed by the government without a warrant...Legislation sent to President Obama this week quietly removed language in a bill that would have — for the first time — forced law enforcement to obtain a warrant to read Americans' email. Currently, private email that has been stored by a third-party for more than 180 days can be accessed by the government without a warrant. . .The bill...passed the Senate on a voice voice vote, but without the language that would have forced law enforcement to obtain warrants rather than simply subpoenas to snoop into private emails. (Source: Buzzfeed)Although it seems almost futile to try to encrypt one's emails these days, especially given new tools to crack encryption with physical access to your computer, protecting email communications remains important. While we know that our digital footprint will certainly suffer the scrutiny of government and private trackers, there are times that important information must be protected against casual viewing. The way it was explained to me by one assistant superintendent, there are myriad situations that require confidential conversations between leadership to be protected. How do you ensure that those communications are encrypted and readable only by the intended recipient?
Another question that pops into my head at this point is, What happens during an open records request that includes encrypted email? Wouldn't you just have to unencrypt the email and data then provide that? I mean, providing unencrypted data that's been redacted (highlighted with a black Sharpie marker) would be about the same thing, no? Should cash-strapped schools even bother with encrypting confidential communications, trying to manage all the keys, etc.? Should such a system allow for a backdoor that allows the organization to unencrypt content? What about the Government?
Encrypting email is getting easier for the non-techies. A quick review of the tools:
- Mailvelope.com - I really like this solution that allows you to use a GPG secret/public key system. You can encrypt information to yourself, or if your email recipient is educated and has also created their own set of keys, then you can encrypt content to them. I'm not sure if this is the best approach for an organization. Here's how someone else describes it: Mailvelope is a browser addon for Chrome and Firefox compatible with OpenPGP encryption standards, it will not only encrypt your webmail messages but also read any encrypted email you receive from people using different OpenPGP encryption software like Enigmail. (Source: http://www.hacker10.com/encryption-software-2/openpgp-webmail-encryption-with-mailvelope/ )
- Enlocked.com - This is a pretty easy solution to implement so long as you trust the Enlocked.com folks with your unencrypted content.
- Burn Note is ideal. This simple service lets you create password-protected notes that self-destroy once opened (the recipient has 180 seconds to read them by default), and can even be protected from copying.
- SafeGmail offers a simple and free solution. This free Chrome add-on plugs into the Gmail Web interface, adding an encryption checkbox to every message you compose.
Still, there are so many factors that play in that email encryption, file security is getting a lot more difficult to do well. While I'm sure no one would care what educators are sending each other, it's still a lot of fun to reflect what an oxymoron "secure email" is.
Of course, as we move towards using more VOIP technologies to connect over distance, there's not much hope of privacy there, either.
No expectation of privacy, just the illusion of it.