Emails Are Not As Secure & Private As You Might Think

It’s been 40 years since email was invented, and while the internet as a whole has seen a lot of changes, email has remained simple and functional in its concept. Yet, emails are coherently insecure and privacy or anonymity is virtually non-existent.

During the early days, email had a lot of fundamental problems related to privacy and security, and to this day, email has not become any more secure than it was during its inception. Today you can sign up for an email address just about anywhere. You can access free email accounts at Google, Outlook or Yahoo, or you can even choose paid Email services that lets you manage emails for either personal or business use. You can even host your own website and create your own email addresses.

However, emails are not something that can replace mail in any foreseeable future. Yes, emails are popular due to their efficiency, responsiveness, accessibility and speed in transmitting information from one place to another. But what emails can’t do is ensure privacy of messages, transmit information securely or send actual physical objects over networks. Today, privacy and security of emails and their contents are under increased scrutiny due to the interference from Government agencies and other malicious agents.

Recent NSA PRISM controversy has put the vulnerability of emails into new context. Lavabit (an email service that was reportedly used by Edward Snowden, the person responsible for leaking PRISM data to the public), has shut down to protect the data of its users. The founder of Lavabit was recently issued a court order to disclose the passwords of a generic set of users, which has forced the founder to take this drastic decision. Somewhere else, all other email services are either shutting down, or expunging their existing user email cache completely. Email service Silent Circle, is one of the companies to have completely eradicated their users’ email cache. This resulted in a loss of precious data, but users have never been more satisfied at the dedication of the company to protect their users’ rights.

What this shows is that emails are not completely secure or private in any sense. And when we think about it, emails are transferred over networks, and should be stored in a server cache to be able to be displayed to readers and senders for a considerable amount of time. Therefore, email service providers will have access to the emails and their contents indiscriminately.

True, passwords are offered to encrypt emails, but this only works while transmitting emails and their contents over networks. Once the email is stored on a server owned by the email service provider, they are encrypted and the encryption keys usually rest with the company. The company employees or other personnel with access to the encryption keys can decrypt any message and access email contents. In most cases, especially with free email service providers, Governments seek court orders to retrieve encryption keys to decrypt data, which is what PRISM has been doing all along.

Even if there are email services that offer high level encryption for emails, the meta data is always available to anyone looking for it. Meta data is nothing but the headers of emails and their subjects that reveal the information and identity of the sender as well as the recipient of emails.

The truth of the fact is that a majority of email users really don’t care about privacy. A large portion of internet users utilize free email services from internet giants such as Google, Yahoo and Microsoft, who choose to mine email content to target advertisements to their users. In essence, email can’t be completely private and secure, and it is up to the users to determine what to share and how to use existing email services.