News headlines from the not so distant past describe how the U.S. Government has elected to give itself the power to read e-mail communications almost at will. Most people would not be happy if the government were to routinely open mail that is delivered by the U.S. Postal Service. It seems most people don’t care that their e-mail can be read just as easily. You should consider the fact that e-mail messages are similar to postcards. When e-mail is sent unencrypted, anyone can read a message between the sender and the recipient. I don’t like the thought of anyone but the intended recipient reading my e-mails. Unless the majority of us adopt a secure format for our e-mail communications, e-mail messages will continue to be susceptible to eavesdropping.
One reason that e-mail messages are not secure is because it is not easy to adopt a method of securing e-mail messages. Most people don’t understand the concept and they don’t want to be bothered by taking any extra steps to make their messages secure. There are protocols that are not that difficult to use and are free to use. Unfortunately, secure e-mail only works if both the sender and recipient are using the same protocol.
PGP is a paired-key encryption protocol. It uses a public key to encrypt and a private key to decrypt. The encryption keys are tied to an e-mail address, so if you have more than one e-mail address, you could have more than one pair of encryption keys. Once the keys are generated, the public key can be provided to anyone, who wants to send a secure message to the key owner. The public key can only encrypt messages. It is not possible to use the public key to decrypt. When an encrypted message is received, the user’s private key is used to decrypt the message. As long as a user maintains sole possession of the private key, only that user can decrypt messages that were encrypted using the public key.
Public keys can be shared directly between two individuals. There are directories on the Internet that maintain a listing of public keys. Anyone can retrieve my public keys by entering my e-mail address into a directory search of the PGP Global Directory.
I used a web-based email service to send and receive email messages. In order to be able to send and receive encrypted messages, it is necessary to have a stand-alone application that will encrypt and decrypt messages. If you are using Microsoft Windows, a suggested application would be GPG4Win. GPG4Win includes a couple of applications, Kleopatra, for managing keys, and Privacy Assistant, which can be used to encrypt and decrypt messages.
At the end of 2017, I abandoned Microsoft Windows and switched to Linux Mint as my primary operating system. Linux has an application called Passwords and Keys, which manages my PGP keys. There is a Linux version of Kleopatra, which serves as the encryption and decryption application.
When sending a message that I want to encrypt, I first obtain the public key from the person for which the message is intended. Using that public key, I type my message into a text file editor, then I encrypt the message using Kleopatra. I copy the encrypted message and paste it into a new message window on my web-based email service. When the message is received, the recipient uses their private key to decrypt the message. It really is quite simple. It takes an extra step at each end to allow for a secure message.
The sobering reality is that President Trump now has access to all of the data that our government is collecting. No matter what e-mail system you use, there is a way for you to secure your e-mail. The question is, does it matter to you if your e-mail is secure? All of my e-mail would be secure if those I correspond with were using the same encryption system. It’s not likely this will happen anytime soon, but people should know that it is out there and available if they want to use it.
Most people use a smart phone for communications more often than email. When using your cell phone to send text messages and make phone calls, your communications are not any more secure than your e-mail messages. If you are using an Android phone, there is an app you can get that will help you secure your communications.
For text messaging and phone calls, I suggest you try Signal. This app will encrypt your text messages exchanged with other users who have the same app. You can use the app for sending and receiving text messages from someone who is not using the app. Unless both parties are using Signal, the messages will not be secure. When two users have this app, you can make phone calls that are encrypted and sent over your phone’s data connection. Of course, you can still make regular, unsecured calls on your phone to anyone.
If you have questions about secure communications, feel free to leave comments on this page.