There was a time when it would have seemed over the top
to encrypt an email. But, even ignoring the recent surveillance scandals
from the United States, it’s long been a fact that giving your email a
little extra privacy is no bad idea.
Although it’s
seldom used by private emailers, encryption is actually quite easy to
employ. A lot of applications also make it free and easy to set up.
Inquiries about encryption have been on the rise of late, says Kei Ishii, who runs a German consumer information portal.
“It’s
like a letter and a mailbox,” explains Frank Timmermann of the
Institute for Internet Security at Germany’s Westphalia University of
Applied Sciences. “Unencrypted mails are the postcards, those with
encryption are the ones in an envelope.”
And there’s
no reason not to encrypt, experts say. It has nothing to do with hiding
deep, dark secrets, but with “recognizing our rights,” notes Germany’s
Federal Office for Information Security (BSI).
Public Key Infrastructure (PIK) technology is the key to encryption. It
makes use of something called a public key to encrypt information, while
a private key is needed to open it up.
The public key can best be
envisioned as used to lock up a mailbox once it contains a letter for a
recipient, says the BSI.
That mailbox can then only
be opened with the private key. Public keys are procured from special
servers where everyone can see what’s needed to encrypt an email. But
the private key can only be accessed with a password stored on one’s own
computer.
There are two main — and incompatible —
standards for email encryption: OpenPGP (Open Pretty Good Privacy) and
S/MIME (Secure/Multipurpose Internet Mail Extensions). S/MIME functions
with keys from certificate sites, so-called trust centres, and usually
costs money.
That’s one of the reasons OpenPGP is
more popular among private users. It’s easy to put together a key in a
short span of time. OpenPGP is used in applications like Gpgrwin for
Outlook for Windows, Enigmail for Thunderbird (Windows/Mac OS/Linux) or
GPGTools (Mac OS).
There’s no reason not to encrypt, even when using standard webmail services like Gmail, Yahoo or Outlook.com.
Add-ons like Mailvelope for Chrome (under development for Firefox) come
in handy here. To encrypt email on a smartphone, check out the app shop
to see what’s available. There’s Android Privacy Guard (APG) for
Android mobiles, or iPGMail for iPhones.
But
problems persist. Setting up encryption for multiple devices can be a
nuisance. A bigger one is that so many of one’s contacts might not be
using it.
“The network effect is missing,” says
Ishii. “Even if you use it, there’s often no one there with whom one can
communicate.” But it’s still worth it to set up encryption systems.
After all, one can decide before every email sent whether to use it or
not.
