E-mail for paranoids
May 1, 2002
THE PRIVACY of ordinary e-mail is protected, to some extent, by the law. The Electronic Communications Privacy Act and some state statutes criminalize snooping through somebody elses e-mail. But there are a couple of big exceptions.
First of all, if youre using your employers computer or e-mail system, the law gives your employer full rights to read every line. So, if youre worried about keeping your personal e-mail confidential, your very first step should be to stop sending and receiving it via your office account.
Second, the courts can subpoena your e-mail from your server, or even issue the equivalent of a wiretap order to read it surreptitiously as it comes and goes, something the new antiterrorist Patriot Act makes easier than ever. And if a policeman or snoop intercepts your e-mail and reads it as it flows along the Internet, you may have a hard time finding out about it.
RETURN TO SENDER
E-mail is also laughably easy to forge, as Slate recently discovered. E-mail systems generally take incoming e-mail messages at their word. If you send an e-mail server a message that says its from email@example.com, the server will happily give it that return address.
To keep the snoops at bay, youll have to pick your e-mail provider carefully. The top free Web-based e-mail services, such as Hotmail and Yahoo, dont protect your e-mail as it prances across the Internet in readable form from your computer to their servers and from their servers to the recipient. Dialup services such as AOL let you pass your e-mail directly to them over a telephone line, so if your line isnt tapped, AOL can keep your e-mail pretty secure. But once your e-mail leaves AOL and hits the Internet on the way to its destination, its bare naked, too.
One solution is to subscribe to one of the services that protect e-mail in transit. Mailsafe, SecureNym, KeptPrivate, and Swissmail, for example, will protect the conversation between your computer and their servers using SSL (the same encryption technology used by e-commerce Web sites to protect customers credit card numbers over the Internet). As long as you and your correspondents select the same SSL-based service, your e-mail exchanges are readable only on your computer, your correspondents, and the services e-mail server.
If one of those correspondents doesnt want to spend the $2-to-$5 a month it costs for SSL-wrapped e-mail, Mailsafe and KeptPrivate offer an alternative - an e-mailed Web link that, when clicked, displays your message on your correspondents browser as a Web page (with a reply button). The message page and reply are both SSL protected and require your correspondent to type a password before he can read the message. (Youll have to find a secure way to give him the password.)
THE KEY EXCHANGE
But if you dont trust even SSL-based e-mail services, you can still pass secure e-mail back and forth if youre willing to take the trouble. First, you need to generate and exchange public keys. A public key is a special kind of encryption key: It allows you to encrypt a message but not to decrypt it. Decrypting it requires the private key that goes along with the public one. E-mail programs that support the standard S/MIME format for encrypted e-mail (Microsoft Outlook is one) allow you to generate a public key and associated private key and e-mail the public key to whomever you want. (You keep the private key to yourself.) When you receive someones public key, your e-mail program imports the key, so that it can use the key to encrypt e-mail that only the holder of the associated private key can decrypt.
Of course, if youre worried about somebody eavesdropping on your e-mail, then maybe they can tamper with it, too-say, by substituting their own public key for yours, so that they can read e-mail intended for you. So, youd better check after the exchange (say, by telephone) to make sure you received each others keys correctly. Your e-mail program should be able to tell you what your public key is; since its a very long number, its easier to verify the keys hash value (a kind of abbreviation, sometimes called a thumbprint or fingerprint) instead.
Once youve generated and exchanged public keys, your e-mail software should allow you to exchange encrypted e-mail. You can also digitally sign your e-mail, attaching a special tag to it that requires your private key to compute, but that anyone with your public key can recognize. The tag identifies you as the messages true sender.
When you receive a digitally signed e-mail from your correspondent, your software checks the tag using his public key (provided youve imported it) to verify that its really from him. If the e-mail is also encrypted using your public key, then your software uses your private key to decrypt it and display it to you. Usually, your private key is stored on your computer encrypted with your password, so that if your computer is stolen (or seized), your e-mail is still safe (assuming you picked a hard-to-guess password-and surprisingly many people dont).
Because your private key is stored on your computer, youll have to take it with you if you want to read it anywhere else. Not that you should be reading your secret e-mail on anybody elses computer anyway-chances are youll leave traces of it behind that can be recovered. Then again, youre probably leaving traces of your message behind on your own computer. (And how safe is your computer from viruses, worms, and other attacks that could expose your secret e-mail to your enemies?)
If you lose your decryption key - say, your disk drive crashes or you forget your password -that key is irretrievably gone and so is all your encrypted e-mail. You could keep a backup copy of your key, of course, and write down your password somewhere, just to be safe, but that just gives snoopers a chance to find all the pieces, put them together, and start reading.
Youre probably asking yourself at this point if you even need secure e-mail. One simple test is to ask yourself, If this were on paper, would I shred it before throwing it away? Businesses handling highly confidential documents, for example, should consider secure e-mail a sensible precaution. But do you bother to shred your personal mail? If youre a spy, definitely. If youve already been burned by an e-mail snoop or found your e-mail subpoenaed in a court case, probably. Or, if youre paranoid. But if youre paranoid, youre not really going to trust my advice, are you?
Dan Simon is a cryptographer and computer security researcher at Microsoft Research.
By Dan Simon, SLATE.COM