If you want to share sensitive information — credit-card numbers, romantic messages, plans for world domination — email is only slightly more secure than a megaphone.
Here are some tips for locking up email messages so that only the intended recipients can read them.
It’s relatively certain that your email service provider, and recipients’ providers, can read your email messages. Certain government organizations probably can, too. As a message travels the complicated paths of the Internet, other people — some of whom might not have your best interests in mind — might also get to view it.
In the Aug. 8, 2013, On Security article, “Send email that only the recipient can read,” I offered several methods for sending encrypted files and messages over the Internet. In this update, I’ll review that information, offer a new alternative, and explain some of the general issues involved with what should be an easy task but still isn’t.
The problem with email security: Other people
Encrypting files on your hard drive is relatively easy. I discussed some options in the June 19 Top Story, “Data-encryption alternatives to TrueCrypt.” Fred Langa gave his own take in the May 15 Top Story, “Better data and boot security for Windows PCs.” Just pick the technique that works best for you.
Unfortunately, sending encrypted files to other people isn’t so simple. Sender and recipient have to agree on the same or compatible encryption tools. In some cases, you might also have to share the same password. Obviously, sending the password by text message or email could be self-defeating.
Online encryption services have their own issues. If you’ve ever tried to convince someone that they need to back up their data, imagine how hard it would be to sign up for a particular service, create a password stronger than “1234,” and make sure that the password isn’t lost — or worse: shared with others who shouldn’t have it.