I have always had a bit of a nag in my stomach about email. It has become such a trusted form of communication over the years but it has a few inherent flaws. The biggest issue is that the email is sent in clear text. The BlackBerry may say that email is 3DES encrypted but that means it is only encrypted from your device to their mail servers. After that it is no longer protected by RIM. Over the years there have been solutions that have come up ranging from S/MIME to PGP to PKI.
The problem with all of these solutions are that they are not universal. If you send an email to a friend they usually first need to have your key to decrypt it and you needed their key to encrypt it. Its a convoluted mess that only companies and supergeeks (like myself) have time to sort out. It gets even more complicated when you throw in the fact that many email applications do not have support for every encryption method. Most of these solutions are also not free like PGP for Outlook or complicated to setup like GnuPGP.
This gets even more complicated when you want to be able to get encrypted email on your BlackBerry. The S/MIME package is extremely difficult to setup for a regular user and the PGP options are not free or even available to regular users. There is a third party that does help called AtomicHelix (I think that was the name) but that is a hack that introduces another security risk.
Some of you may ask why I care so much? Mostly because I rely on my email for private communication more and more. What happens if your company is snooping on your email and reads about how you are looking for a new job or are planning on calling in sick to go to a game? Or other applications that use your email address to verify your identity or send you confidential information over email like insurance claims or employment information.
I tried to create an analogy for a friend of mine and the best I could do was explain it like this. It would be like writing all of your regular mail on postcards instead of security envelopes. Or better yet it would be like the post office opening your mail before delivering it.
This becomes even more of a concern when you read about how even the NSA is getting in trouble for snooping on US Citizens emails “accidentally” while they gather email going to foreign countries. It is even worse if you live outside of the US and know that the NSA has the right to read your email if they can get their hands on it.
So I have to ask. Don’t you think it is about time for some universal standard for email protection to prevail for regular users? Just imagine all of that email sitting in the clear in your inbox? I know that PGP, S/MIME, and PKI are standard but its a crapshoot to guess what if any encryption you should send you email with to secure it currently.