E-mail messages, it is often observed, are no more private than postcards. An e-mail message typically passes through several servers en route to its recipient, and the message may be stored in perpetuity on each server. The message can be viewed by anyone who takes the trouble to do so. An estimated 55 percent of U.S. corporations inspect their workers’ e-mail;1 20 percent, 32 percent, and 26 percent fired a worker for unapproved e-mail during various recent 12-month periods.2 (A corporation has full access to any work e-mail account it provides to its employees. It often has access to e-mail sent from a work computer through a private e-mail account.) National governments have imprisoned dissidents based on information obtained from surveillance of their e-mail.3
Whether or not you are concerned with your own security, by configuring e-mail encryption software you are also upholding the rights of anyone who wishes to communicate with you privately. E-mail encryption requires both the sender and the recipient to have the software installed. Another good reason to install the software is that it also enables you to digitally sign your e-mail messages. Cybercriminals who infiltrate people’s computers often initiate the attack by sending an e-mail message that seems to come from someone the victim knows and trusts. The same software you can use to encrypt e-mail gives you the option of digitally signing your e-mail, thereby making you virtually impossible to impersonate.
An e-mail message can be sent encrypted to a recipient who has created a “public key.” The basic set-up is essentially this. The recipient has a public key, which is more or less some enormous number, as well as a private key (some other enormous number). The public key is published for all the world to see in a sort of phone book. The private key is kept private, known only to the recipient. Anyone can then send an encrypted message to the recipient by garbling it in a certain way by means of the public key. In transit, the encrypted message will look like gibberish.4 The recipient, however, can use his or her private key to turn the gibberish back into the original message. If the public and private keys are strong enough in a certain sense, and if the recipient has kept the private key secret, then no one other than the recipient will be able to decrypt the encrypted message, barring colossal advances in computing or major breakthroughs in number theory.
Digital signatures basically use the same procedure in reverse. Your private key, which you use to decrypt e-mail sent to you, works because you can do a calculation that, in principle, no one else is able to do. When you digitally sign a message, you are performing such a calculation on the message you are sending. You send the e-mail as you would any other (either encrypted or not), but you include a small attachment containing the results of your calculation. Since—with the caveats of the previous paragraph—no one else is capable of performing this calculation, this provides strong assurance that the e-mail really came from you. (And don’t worry, the software performs the calculation. You won’t have to solve a math problem every time you want to send an e-mail.)
Free software for sending and receiving encrypted e-mail is available from the GnuPG Web site. From this site you can download the GnuPG encryption software to your computer. Then follow the instructions in the downloaded file titled “INSTALL” to compile the programs and set up your public and private keys. The GnuPG site also contains a link to “frontends,” providing software that conveniently automates e-mail encryption and decryption. I have used Enigmail for this when accessing e-mail using the Mozilla Thunderbird e-mail client. People who access e-mail using a Web browser might find FlowCrypt convenient.
The GnuPG Web site, unfortunately, can be difficult to navigate. If your computer is running Microsoft Windows, you may find it easier to install GnuPG from the Gpg4win Web site. If your computer is running Mac OS X, you may find it easier to install GnuPG from the GPGTools Web site. If you are using the Android operating system, you might find it easier to install GnuPG from the OpenKeychain Web site.
E-mail encryption is simpler if you are running Linux on your computer; most Linux distributions come with the GnuPG software pre-installed. Simply enter the command
gpg --search-keys xxx@xxx.xxx
to import the public key for the e-mail address xxx@xxx.xxx (if one exists). Save the body of your e-mail message to xxx@xxx.xxx in a file, say:
filename.txt
Encrypt the file with the command:
gpg -e -a -R xxx@xxx.xxx filename.txt
Upon your confirmation the program will generate a file:
filename.txt.asc
containing the encrypted message, which can now be e-mailed to xxx@xxx.xxx. The recipient can then save this e-mail (with or without the headers) as a file on his or her computer, say:
received.txt
and decrypt your message with the command:
gpg -d received.txt
(a passphrase is then required). The original, decrypted body of your e-mail will be sent to standard output, which can of course be redirected as desired.
You can send me encrypted e-mail using my public key. You can search for others’ public keys at the MIT PGP Public Key Server.
1. Matt Villano, “The Risk Is All Yours in Office E-Mail,” New York Times, March 4, 2007.
2. “Outbound Email and Data Loss Prevention in Today’s Enterprise, 2010” report on seventh annual survey by Proofpoint, Inc., fielded by Osterman Research during June and July of 2010.
3. Kate Allen, “Irrepressible Information,” Amnesty International, UK, 2006.
4. More precisely, the body of the encrypted e-mail will look like gibberish. Attachments, if any, will also look like gibberish so long as the e-mail is in OpenPGP/MIME format with content type “multipart/encrypted” and “application/pgp-encrypted.” What will not look like gibberish in transit are the e-mail headers (e.g. the “From,” “To,” and “Subject” lines); these lines will appear the same to anyone who intercepts your e-mail as they do to you and your recipient. So be sure not to include sensitive information in the “Subject” line.