Is Your Email Private? Part 1 of 3

In a word, no - an email message has always been nothing more than a simple text message sent unencrypted to a recipient we choose. So all the email that we so blithely send all over the Internet everyday is neither private nor secure. Every birthday greeting or Dear John email, every complaint, rant or verbal purge we may have sent to our employers, credit companies, congressman or customer service rep is subject to delivery errors or outright interception.

How can this be? To answer that we need to understand how email works. For the vast majority of email users today, the email system they use consists of two servers providing incoming and outgoing services, SMTP and POP3.

The SMTP (Simple Mail Transfer Protocol) server handles the outgoing email. SMTP was designed years ago when plain ascii text was all there was to send via email. So, when you push the "Send" button in your email client, the SMTP server at your ISP (Internet Service Provider) connects with the incoming POP3 (Post Office Protocol ver. 3) server where you are sending the email. The servers have a short "chat" verifying that the email address you are trying to send to exists on the incoming POP3 server. Then the SMTP server passes the message to the POP3 server and the POP3 server puts the message into the recipient's email box. At no time during the process is your email encrypted to protect your privacy. The message could be intercepted at anytime during the process and read by anyone.

On occasion, email sent to you or by you may even be delivered to the wrong inbox and your private message is no longer private. A single misdirected message could expose you to all kinds of trouble depending upon it's content.

Well, no one wants to read your email right? Wrong! Have you ever heard of Carnivore? That's a system that the FBI uses to harvest all email traffic going through a network. How does this affect you? When the FBI hooks Carnivore up to your ISP's network because they suspect someone of dealing drugs or some other crime, Carnivore will filter through ALL email looking for keywords that relate to the crime in question. And because the search has to be intentionally vague, you may be sending a request for information about a prescription drug you take and Carnivore will harvest your email to be read by a human agent. Suddenly, the drugs you're taking are now public knowledge. Spammers have also been known to harvest email addresses via captured emails.

OK - so now that you know the problem, what should you do about securing your privacy? It was hinted at earlier on... encryption! Learn how to use PGP (Pretty Good Privacy) to encrypt your email.

PGP uses a Public/Private key method to encrypt email. First you create a "Public" key. This is the key that others will use to encrypt email sent to you. Send this key to everyone you want to receive encrypted email from. Then you create a "Private" key. This is the key you use to decrypt any encrypted email sent to you. Safeguard this key well. It is the only thing that can decrypt your messages. If you tell someone what it is or loose it, your privacy is again compromised.

For more information on PGP and a free download visit: http://www.pgpi.org.

Next Time: Incorporating PGP into your email...

Michael Ameye has been developing web sites since 1995. He started writing about online privacy issues to answer questions from family, friends and co-workers. Visit http://www.canyourspam.com to see his latest work.

He is also the chief editor of PSS Online, A Privacy, Safety and Security eZine dedicated to bringing important information to people in order to foster a safer more secure environment - online and off. Visit http://www.pssonline.info to subscribe.