Here’s a question for you, will we ever easily encrypt e-mails?
In my last post I talked about ITSecurity’s 99 e-mail tips. While reading it, three tips caught my eye:
88. Encrypt emails. Never send important/ private information by email unless you have encrypted it. And even then, think twice before sending it. Also keep in mind that certain forms of encryption may be illegal in your country. The difficulties surrounding encryption mean that sensitive/ private information is still best sent on paper or via phone. If you want to take the encryption route, 5 steps to make your email secure explains some of the options.
89. Encrypt, part 2: Use freenigma. Freenigma is a free Firefox web browser plugin that performs email encryption for webmail-based email systems, including Gmail, Yahoo, and Hotmail/ MSN. There will also soon be a corporate professional version and a Microsoft Outlook plugin. But the basic version is free. However, to use it, the person you are sending to must also have the plugin. Since the application is currently in public beta and first- come- first- served, your intended email recipients should sign up at the same time as you. There is also an open API (Application Programmer Interface) so that you can incorporate freenigma into your own applications. Read/Write Web has more details.
Encryption. I have tried and tried and tried to use e-mail encryption over the years. Heck when I worked for pharma very sensitive stuff was sent to agencies, etc via e-mail (like marketing plans, new promotional material … stuff our competitors would consider selling souls for). The problem is, I found, that while I had no problem setting up different encryption tools (PGP for example), I couldn’t get other folks to do it. Just couldn’t. Between the set up and then actual use, I was never able to get people to use it effectively. So I gave up.
Here’s my question. Do you think e-mail encryption is still worth it? Have we just all accepted that this stuff goes through clear text and we’re okay with that? (okay that was a two-parter).
In the whole encryption theme this next point caught my eye as well:
90. Try steganography. Steganography is the act of hiding a message in some other media, usually a digital photograph. If someone doesn’t know the message is there, they probably cannot find it, right? The only drawback is that if someone tests for standard "data hiding" methods, they may discover your hidden message. Try combining encryption and steganography. That is, encrypt a message, then bury it in a digital image or another message.
While I think this is a really cool idea and there are free stegano tools out there, I would be really, really hesitant to suggest using this. Why? They are watching us. Paranoid? No, I figure that it’s a given that NSA and other agencies are skimming through our e-mail. Now while lots of encrypted e-mail would, almost undoubtedly, start getting attention, using stegno will really raise a red flag (IMHO). It’s just one of those tools that has been used by groups with nefarious goals that I’d just avoid it. Call me crazy, but I just don’t see it winning the risk-benefit ratio battle.
There’s my question and (small) rant. Don’t get me wrong, I really wish I could easily encrypt proposals, correspondence with my lawyer, etc, I just don’t see it being easy any time soon to make it worth the headaches. You?
Tags: encryption, encrypting e-mail
Related Stories
POSTED IN: E-mail
2 opinions for Here’s a question for you, will we ever easily encrypt e-mails?
Des Walsh
Nov 22, 2020 at 4:30 pm
Use blogs. I was told by one company which sells an enterprise level blogging platform that they have been able to deploy their product so as to satisfy the security requirements for negotiations and documentation on some serious financial transactions, communications previously handled by courier services. Anecdotal, but makes sense for my non-technical brain.
Tris Hussey
Nov 22, 2020 at 5:03 pm
Good point Des! Yes, with a little SSL, even just good passwords you can have a pretty secure communications vehicle in blogs.
Have an opinion? Leave a comment: