Image from EFF

Is e-mail OK for secret stuff?

Image by EFF

Image by EFF

Short answer: No. Slightly longer answer: Maybe, but not without additional protection.

E-mail is one of the oldest and most widely used services on Internet. It was developed during an era when we were comfortably unaware of viruses, worms, spam, e-crime and the NSA. And that is clearly visible in the architecture and blatant lack of security features. Without going deep into technical details, one can conclude that the security of plain e-mail is next to non-existing. The mail standards do by themselves not provide any kind of encryption or verification of the communicating parties’ identity. All this can be done with additional protection arrangements. But are you doing it and do you know how to?

Here’s some points to keep in mind.

  • Hackers or intelligence agencies may tap into the traffic between you and the mail server. This is very serious as it could reveal even your user ID and password, enabling others to log in to the server and read your stored mails. The threat can be mitigated by ensuring that the network traffic is encrypted. Most mail client programs offer an option to use SSL- or TLS-encryption for sent and received mail. See the documentation for your mail program or service provider. If you use webmail in your browser, you should make sure the connection is encrypted. See this article for more details. If it turns out that you can’t use encryption with your current service provider, then start looking for another one promptly.
  • Your mails are stored at the mail server. There are three main points that affect how secure they are there. Your own password and how secret you keep it, the service provider’s security policies and the legislation in the country where the service provider operates. Most ordinary service providers offer decent protection against hackers and other low-resource parties, but less protection against authorities in their home country.
  • Learn how to recognize phishing attacks as that is one of the most common reasons for mail accounts to be compromised.
  • There are some mail service providers that focus purely on secrecy and use some kind of encryption to keep messages secret. Hushmail (Canada) and Mega’s (New Zealand) planned service are good examples. Lavabit and Silent Mail used to provide this kind of service too, but they have been closed down under pressure from officials. This recent development shows that services run in the US can’t be safe. US authorities can walk in at any time and request your data or force them to implement backdoors, no matter what security measures the service provider is implementing. And it’s foolish to believe that this is used only against terrorists. It’s enough that a friend of a friend of a friend is targeted for some reason or that there is some business interest that competes with American interests.
  • The safest way to deal with most of the threats is to use end-to-end encryption. For this you need some additional software like Pretty Good Privacy, aka. PGP. It’s a bit of a hassle as both parties need to have compatible encryption programs and exchange encryption keys. But when it’s done you have protection for both stored messages and messages in transit. PGP also provides strong authentication of the message sender in addition to secrecy. This is the way to go if you deal with hot stuff frequently.
  • An easier way to transfer secret stuff is to attach encrypted files. You can for example use WinZip or 7-Zip to create encrypted packages. Select the AES encryption algorithm (if you have a choice) and make sure you use a hard to guess password that is long enough and contains upper and lowercase letters, numbers and special characters. Needless to say, do not send the password to the other party by mail. Agreeing on the password is often the weakest link and you should pay attention to it. Even phone and SMS may be unsafe if an intelligence agency is interested in you.
  • Remember that traffic metadata may reveal a lot even if you have encrypted the content. That is info about who you have communicated with and at what time. The only protection against this is really to use anonymous mail accounts that can’t be linked to you. This article touches on the topic.
  • Remember that there always are at least two parties in communication. And no chain is stronger than its weakest link. It doesn’t matter how well you secure your mail if you send a message to someone with sloppy security.
  • Mails are typically stored in plaintext on your own computer if you use a mail client program. Webmail may also leave mail messages in the browser cache. This means that you need to care about the computer’s security if you deal with sensitive information. Laptops and mobile devices are especially easy to lose or steal, which can lead to data leaks. Data can also leak through malware that has infected your computer.
  • If you work for a company and use mail services provided by them, then the company should have implemented suitable protection. Most large companies run their own internal mail services and route traffic between sites over encrypted connections. You do not have to care yourself in this case, but it may be a good idea to check it. Just ask the IT guy at the coffee table if NSA can read your mails and see how he reacts.

Finally. Sit down and think about what kind of mail secrecy you need. Imagine that all messages you have sent and received were made public. What harm would that cause? Would it be embarrassing to you or your friends? Would it hurt your career or employer? Would it mean legal problems for you or your associates? (No, you do not need to be criminal for this to happen. Signing a NDA may be enough.) Would it damage the security of your country?  Would it risk the life of you or others? And harder to estimate, can any of this stuff cause you harm if it’s stored ten or twenty years and then released in a world that is quite different from today?

At this point you can go back to the list above and decide if you need to do something to improve your mail security.

Safe surfing,
Micke

More posts from this topic

Screen Shot 2014-10-24 at 2.53.58 PM

5 things you’d know about password security if you had time to care

If you use the internet like a normal person, password management is a pain. It doesn't have to be that way. Over the last two months through Triberr, we invited a group of bloggers we enjoy to work as brand ambassadors on behalf of our password manager KEY, which we built to make securing your accounts simple. They tried KEY out and shared their experience with their readers. By watching them explain what they learned we were reminded that there are some password truths we take for granted. Here are five important points about passwords they made that everyone needs to know. 1. No one changes their passwords when there's a hack. It's constant headline, "Passwords breached. Change all your passwords!" Not only do we have to put up with our trust being breached, as Breakthrough Radio's Michele Price pointed out, we have to take the time to change all our passwords ourselves. If you're a regular reader of Safe and Savvy, you know that experts aren't being sincere when they tell you to change all your passwords. “The dirty little secret of security experts is that when there’s a data breach and they recommend to ‘change all your passwords,’ even they don’t follow their own advice, because they don’t need to,” our Security Advisor Sean Sullivan told us. The only reason you'd need to change all your passwords is if you made a few basic mistakes. 2. Our password choices can make us vulnerable. "You should have diversified your usernames and passwords in the first place," Harri Hiljander, our Product Director or Personal Identity Protection, told LeadersWest's Jim Dougherty. If you reuse passwords, every hack or breach is exponentially worse. But still people reuse passwords over and over for a pretty obvious reason. 3. It's too hard to come up with and remember strong, unique passwords for all our important accounts. Our bloggers presented the suggestions for generating strong unique passwords our Labs offered -- and to be honest, the advice can overwhelming. But if you're going to come up something that protects your financial details, it's essential. That's why the bloggers liked KEY's ability to generate strong passwords for them. "I think this is the best feature of all," World of My Imagination's Nicole Michelle wrote. Forget all the rules. Now you don't have to worry if your password is going to end up on a list of ones you should never use. 4. Password security is especially important to people who work online -- and who doesn't? If you spend your time building up an online publication your readers trust, the integrity of your site is priceless, as we learned from WhyNotMom.com. Sean advised our bloggers to sure that their WordPress -- or any blogging platform -- password isn't being reused anywhere else. In addition to the three things everyone needs to do -- back up everything, patch all your software and use updated security software -- he also advised them to make sure they keep a watchful eye on all their blog plug-ins. Keep them updates AND keep an eye out for plug-ins that are no longer being updated. Get rid of those. 5. You should have at least one email account you don't share with anyone. Identity management gets harder and harder as our usernames become more public. Everyone gets by now -- we hope -- that you should never reuse pairings of logins and passwords for your crucial accounts. But there are extra steps you can take, as our bloggers learned from our KEY experts. "Create a new email address for online accounts, don’t share it with ANYONE." Chelsea from Me and My Handful wrote about our Labs' advice to keep your login names secret. "So smart, and yet, we don’t do it." But all this knowledge is useless if you don't have a system to keep your passwords secure. Set up a system then pick a password manager -- we suggest you try KEY for free, of course --and stick with it. Cheers, Jason [Image via kris krüg via Flickr ]

Oct 24, 2014
BY 
Privacy principles 1

Your privacy is our pride, part 1 of 3 – the fundaments

The whole world is waking up to a new reality. Privacy used to be a fundamental human right that we took for granted. Technically it still is, but the global Internet has made it easy to violate this right. Too easy as there is proof that many states and companies violate it extensively and blatantly. There’s many motives for this. Technical feasibility, commercial benefits, diplomatic and political advantages, fear of terrorism and last but not least, peoples’ lack of awareness. The incentives to violate our privacy will not go away, but peoples’ awareness is certainly increasing. This is obvious now in the post-Snowden era. Customers start to ask how their service- and software providers guard their privacy, and make purchase decisions based on that. Protecting our customers’ data has been F-Secure’s mission for more than 25 years. That’s why we are very worried about the current situation, and eager to raise awareness about it. But raising awareness is not enough. We also need to get our act together and make sure our own offering isn’t violating your privacy. It’s by the way a surprisingly complex task that affect all functions in a company. That’s why we have published nine privacy principles that guide our work to guard your privacy. Let’s walk through the first 3 in this post. Stay tuned, the rest will be covered soon.   WE RESPECT YOUR RIGHT TO PRIVACY This is really the fundament of it all. Our goal is to provide you with products and services that create some value for you, but this is never done by violating your privacy. Quite the opposite, guarding your privacy is a central goal in many products. Many companies market “free” services, where the customer in reality pay by letting the provider utilize personal information. F-Secure is NOT one of them. YOUR CONTENT BELONGS TO YOU We handle your data in many ways, either by apps on your own device or uploaded to our services. But no matter how we get in touch with it, it is still YOUR data. We have no right to utilize it for our own purposes and we do not reserve such rights in legal-jargon user agreements that nobody reads or understands. YOU DECIDE HOW MUCH YOU SHARE WITH US Your data, or data about you, may become accessible to us in several ways. You may upload it to our servers yourself. In this case it’s obvious that you are in full control of what data you transfer. Our products may also collect data to improve the service we offer, but you can opt out from much of this. Only a small part of the collected data is mandatory and not controlled by you. In short, we apply a strict minimalistic policy to automatic data uploads. We only fetch data if it’s needed to improve the service, we anonymize data when possible and we let you opt out if the data isn’t absolutely necessary. That’s 3 fundamental privacy principles in our set of totally nine. Stay tuned, we will present the rest shortly.   Safe surfing, Micke  

Oct 23, 2014
BY 
FBI

No, we do not need to carry black boxes

The recent statements from FBI director James Comey is yet another example of the authorities’ opportunistic approach to surveillance. He dislikes the fact that mobile operating systems from Google and Apple now come with strong encryption for data stored on the device. This security feature is naturally essential when you lose your device or if you are a potential espionage target. But the authorities do not like it as it makes investigations harder. What he said was basically that there should be a method for authorities to access data in mobile devices with a proper warrant. This would be needed to effectively fight crime. Going on to list some hated crime types, murder, child abuse, terrorism and so on. And yes, this might at first sound OK. Until you start thinking about it. Let’s translate Comey’s statement into ordinary non-obfuscated English. This is what he really said: “I, James Comey, director of FBI, want every person world-wide to carry a tracking device at all times. This device shall collect the owner’s electronic communications and be able to open cloud services where data is stored. The content of these tracking devices shall on request be made available to the US authorities. We don’t care if this weakens your security, and you shouldn’t care because our goals are more important than your privacy.” Yes, that’s what we are talking about here. The “tracking devices” are of course our mobile phones and other digital gadgets. Our digital lives are already accurate mirrors of our actual lives. Our gadgets do not only contain actual data, they are also a gate to the cloud services because they store passwords. Granting FBI access to mobile devices does not only reveal data on the device. It also opens up all the user’s cloud services, regardless of if they are within US jurisdiction or not. In short. Comey want to put a black box in the pocket of every citizen world-wide. Black boxes that record flight data and communications are justified in cockpits, not in ordinary peoples’ private lives. But wait. What if they really could solve crimes this way? Yes, there would probably be a handful of cases where data gathered this way is crucial. At least enough to make fancy PR and publically show how important it is for the authorities to have access to private data. But even proposing weakening the security of commonly and globally used operating systems is a sign of gross negligence against peoples’ right to security and privacy. The risk is magnitudes bigger than the upside. Comey was diffuse when talking about examples of cases solved using device data. But the history is full of cases solved *without* data from smart devices. Well, just a decade ago we didn’t even have this kind of tracking devices. And the police did succeed in catching murderers and other criminals despite that. You can also today select to not use a smartphone, and thus drop the FBI-tracker. That is your right and you do not break any laws by doing so. Many security-aware criminals are probably operating this way, and many more would if Comey gets what he wants. So it’s very obvious that the FBI must have capability to investigate crime even without turning every phone into a black box. Comey’s proposal is just purely opportunistic, he wants this data because it exists. Not because he really needs it.   Safe surfing, Micke    

Oct 17, 2014
BY