How private is your e-mail?
11/16/2012 9:38:00 AM
Recent headlines involving General Petraeus and others have once again put the spotlight on the vulnerability of e-mail as a secure communications tool. While many people are shaking their heads at the fall from grace of such a decorated military commander, there are others who are just as concerned about the ease with which the FBI was able to access private e-mail correspondence between two individuals who had at least some expectation of privacy.
The truth is that e-mail has never been private and you could put yourself and others at risk if you think otherwise. A former colleague of mine once compared sending an e-mail to mailing a postcard. At any point in that postcard’s journey, someone can simply pick it up, turn it over and read its contents. That includes the postman who collects the mail, the handlers at the various sorting offices, the postman delivering the mail, anyone who happens to pass by your mailbox, your cleaning leady… OK, you get the picture.
E-mail sent via the Internet (Gmail, Hotmail, Yahoo) passes through multiple servers and routing terminals before it reaches its destination. At each point in its journey, it can be intercepted, stored for an indeterminate amount of time, or even altered. We have all read about server security breaches that led to the exposure of thousands of credit card and social security numbers, and e-mail is no less vulnerable.
In many ways, e-mail sent through private intranets (i.e. company networks) is even more at risk, a point that was brought home to me by a previous employer when I was asked to go through the e-mail of a top salesperson after he left to join a competitor. All it takes is a suspicious boss or an IT administrator with a grudge and all your e-mail, both professional and private, can be exposed to the world without anyone even telling you.
There is a popular misconception that deleting an e-mail means it can no longer be retrieved but that is far from the case. Deleting an e-mail message in Outlook merely removes it from that desktop application, with no impact on the copies held on employer or third-party servers. E-mail archiving policies will vary by organization but many e-mail providers backup their servers constantly, preserving correspondence for months if not years. Even if you manage to successfully delete e-mail from your own servers, the correspondence will still be available via the recipient(s).
If you really need to mask your e-mail – note I didn’t say hide – then you should create a separate Gmail account with no obvious connection to your true identity and then visit a distant Starbucks so you’re using a public server. Even then you might want to buy a secret laptop that you keep at a separate location, so no-one can search for your regular machine’s IP address.
But perhaps the better solution is not to send any incriminating e-mail in the first place. In the digital age there are no secrets, a maxim that the head of the CIA should have known only too well!
Comment by firstname.lastname@example.org, posted 11/21/2012, 8:55 AM:
More and more we’re living our lives and expressing ourselves through email. Every aspect of our lives are communicated through email — work, personal, and intimate details are shared. The recent scandal involving CIA Director Patraeus has reminded us all that those email communications are as secure as we would like them to be. Of course, Director Patraeus’ emails were unearthed by the F.B.I. using the governments vast powers of investigation and surveillance. Regardless, we all need to recognize that our work emails, our family emails, and our intimate emails can be unearthed in myriad ways. Please be careful when committing your most intimate thoughts to email. Here are some thoughts from the Online Mom about email privacy.