If you have anything "private" to say on
any email service whatsoever, you should be using encrypted e-mail. (Note that most "web-mail" websites do not provide this service, whereas nearly every "mail program," on any operating system at all, does. Note also that it doesn't make any difference whether your connection to that web-mail site is "https" secured.)
There are two main encryption schemes in common use:
S/MIME, an international standard which basically uses the same encryption ideas used in "http
s:" web-pages; and
GPG or
PGP, which typically use a third-party plugin. All of these technologies have entirely-public, peer reviewed implementations of known, very high, quality.
Both of these will send your mail as what appears to be, to an unenlightened mailer or web-page, an empty message with an unreadable attachment. Hence, ordinary e-mail subsystems and transfer-agents can (and will) handle it, but cannot read it.
Quote:
Note: the word, "cannot," probably does not apply to the NSA or the KGB or to MI5 or to any of those other organizations that are fond of using three-letter names for themselves. (If it does, then I for one want to know where my billions and trillions of US Dollars are going!) But I shall presume that you aren't doing anything that would attract the interest of any of those people, anyway.
(And if you are, then you richly deserve what surely you will get... and you will never see it coming... you miserable jerk... )
|
No, the idea is simply that, "it's nobody's business but yours," or perhaps that you are wanting to discuss something for which you would routinely use an https-secured web site. If the message is one that you would choose to put into an envelope, rather than a postcard ... or it is simply something that you don't want to be a matter of public record forever
... then you should be using secure e-mail routinely.
In a properly configured mail program, it
is routine. The scheme is every bit as transparent and unobtrusive as "https" or VPN is now. Messages are automatically decrypted and verified; automatically encrypted and signed. Messages can go seamlessly between Linux and Windows and OS/X and anything-else. "It Just Works(tm)."
If you are dealing with a corporate network with several far-flung sites, then you ought to be using VPN to set up "tunnels" between them, and in
that case, company e-mails can be sent without additional encryption because the tunnel is already encrypted ...
u-n-l-e-s-s you have to deal with the possibility that a copy of the e-mail might be "leaked" upon receipt, or at some unknown future date. Generally speaking, encrypted e-mail will be
stored on the local hard-drive in encrypted form. (Even your own "outbox" copy will be encrypted, usually using your own private key.) E-mail encryption protection, unlike
transmission protection, is durable and lasting. Many modern-day laws, such as SarbOx or HIPAA in the United States, do contain provisions that apply to persistent data specifically including e-mails.