How to Safeguard Your Email Privacy
As more and more services move online, the importance of protecting your email privacy has grown. Chances are that your business, personal, medical and financial transactions all use email. Yet with access to your private email and a quick people-finder search, a cyber criminal can easily collect enough personal information to engage in identity theft, damage your online reputation and destroy your electronic privacy. Read on to learn how to safeguard your email privacy.
Who can legally read your email?
According to the Electronic Communications Privacy Act (ECPA), the government can read your email without obtaining a warrant, and your Internet service provider (ISP) has free and unfettered access. Your employer also has the right to read your email if you use company equipment to compose it.
But all is not lost. Advocacy groups like the Electronic Frontier Foundation (EFF) and the Center for Democracy & Technology are lobbying for stronger privacy protections under the ECPA. In addition, ISPs and webmail providers are increasingly standing up to warrantless government requests to read a user’s email. In April 2010 Yahoo! challenged a request by federal prosecutors in Colorado to turn over an individual’s email without a warrant. Yahoo! eventually won the appeal on the grounds that the request violated the Fourth Amendment and privacy laws.
How to safeguard your email privacy and personal data from cyber criminals
One aspect of email privacy control involves safeguarding your personal information from identity thieves. You do this by encrypting the connection between your computer and your email server, which prevents personal data like user names and emails from being intercepted by eavesdroppers.
Computer-to-server encryption uses technology called TSL (Transport Layer Security) or its predecessor SSL (Secure Sockets Layer). TSL/SSL capability has existed as part of major email-reading programs like Outlook, Thunderbird and Apple Mail for years. If you use this type of software, contact your service provider to learn to how to enable TSL/SSL.
The top three webmail providers, Hotmail, Yahoo! Mail and Gmail, offer TSL/SSL encryption in addition to end-to-end secure HTML connections. (You can tell if your webmail connection is encrypted by looking at the URL: An encrypted site’s address will start with https:// instead of http://.) Some webmail services encrypt your connection automatically, while others require you to alter your security settings manually. Make it your business to know if your information is as secure as you can make it.
Encrypt the content of your email.
Unfortunately, TSL/SSL won’t prevent the government or ISP employees from reading your email. Once your messages reach the mail server, they’re readable by anyone in the relay chain between you and your recipient. In addition, mail servers regularly back up their data, which might store unencrypted copies of your emails indefinitely. To solve this problem, you’ll need to encrypt the actual content of your emails, which is a cumbersome process at best.
Both email content encryption strategies in use, symmetric encryption and asymmetric encryption, solve the email privacy problem at the expense of usability. A leader in secure, private email, industry veteran Hushmail uses the Open PGP Standard to encrypt your data.
Unfortunately, if the email’s recipient isn’t also using Hushmail, s/he must first answer a security question before being able to read your message.
Alternatives to Hushmail avoid the security question approach by sending recipients an email with a link to a secure version of your message. But in an era when 95 percent of all email is spam, will your recipient trust an email that says, “Click this link to view so-and-so’s message”?
Choosing an email service provider
Assuming you, like nearly everyone else on the Internet, can’t be bothered to deal with email content encryption, your choices are limited. You can get email service from your ISP, from the host of your website or from a webmail provider.
ISPs and website hosts have little incentive to protect your privacy; in fact, they have a long track record of privacy violations and carelessness. Also, should you ever need to change service providers, you’ll be responsible for migrating all of your email data yourself.
In theory webmail providers should provide more robust privacy protection because email is their core business. In practice, however, they often take a reactive approach to protecting user privacy, as in the recent case where a Google employee stalked a teen through Gmail. Know how to safeguard your email privacy to cover all of the bases.
Until robust, long-term solutions to email privacy are developed, your best bet is to take the basic precaution of enabling TSL/SSL and treating email correspondence as semi-public. Many Web writers have aptly compared email privacy to the privacy you might expect from a postcard.