Why would you EVER want to encrypt your email?

What is this?

This is an attempt to explain why you should routinely encrypt your email. It is somewhat lacking in technical depth - deliberately so - and also somewhat lacking in how-to guides - again, deliberately so. The point is to explain, as simply as possible, why you should bother.

What the hell is encryption?

Encryption is a lockbox for your email, except it's done with mathematics rather than a physical box. Mathematics does provide one additional trick that a physical lockbox doesn't: a lockbox where the key to lock the box is available to everyone, but which has only one key which will open the box, and that key is held by the intended recipient. This is called "Public Key Cryptography" and is at the heart of commonly-used online encryption systems such as that which secures your web browser's connection to your online banking.

So now, down to business!

Your email without encryption...

This is your email on your laptop, or your desktop, or your phone, in a mail client such as Outlook or even a Webmail interface on your browser (of which more anon):

From: Me 
To: You 
Subject: our mutual secret

So, here's a detailed description of that thing we invented that we
hope noone knows about until we've got it finished:

(and so on)

When you press "Send", your laptop sends the email to a mail server. This might be the same place where the recipient of your email gets their mail, or it might be the first in a chain of relays (think in terms of post offices, where you post a letter locally and it gets relayed through one or more sorting offices before winding up at its destination).

This is how your email looks to someone with access to the same network as you, including that free WiFi you're using in the coffee shop right now:

MAIL FROM: 
RCPT TO: 
DATA
From: Me 
To: You 
Subject: our mutual secret

So, here's a detailed description of that thing we invented that we
hope noone knows about until we've got it finished:

(and so on)

If you wrote an email with some attachments or some formatted text, it's not quite as easy to read off the screen as the above, but it's still trivially accessible.

In order to get from your laptop to the destination mail server, your mail has to traverse some portion of the Internet; again, think in terms of postal relaying - each post office asks itself, "do I know how to get this letter where it wants to go, or do I know another post office that does?" and in this way your letter (or email) gets from you to your recipient one step at a time.

The above view of your email is accessible to anyone on the path your email takes between you and the mail server (with some exceptions, which I'm going to handwave as you can't assume they're present). The commonly-used example is that you're effectively sending a postcard, and anyone who can see the postcard can also see what you've written.

And so, eventually, your email lands at its destination, the mail server of your intended recipient. This is how your email looks to someone with access to your mail server:

From me@myserver.example Sat Mar 10 12:37:42 2012
From: Me 
To: You 
Subject: our mutual secret

So, here's a detailed description of that thing we invented that we
hope noone knows about until we've got it finished:

(and so on)

Ok, that's a specifical storage format used by one type of mail server, but the principle is the same; someone with access to the mail server is going to be able, with varying amounts of effort, to read your email.

Webmail adds an additional wrinkle to this, but I'm not going to get into that just yet.

...and now with encryption!

Now, let's rewind to the top, but this time using encryption. This is your email on your laptop or desktop:

From: Me 
To: You 
Subject: our mutual secret

So, here's a detailed description of that thing we invented that we
hope noone knows about until we've got it finished:

(and so on)

This is how your email looks to someone with access to the network you're working on, or the path your email travels:

MAIL FROM: 
RCPT TO: 
DATA
From: Me 
To: You 
Subject: our mutual secret

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.8 (Darwin)

hQEMA6HbXyzZsAb3AQf/cADqELVfWNguFVyFRuA8zL9CqjW8VaACFL3u7JWmuBog
c9lisSbGjyrGnqngFMDQltEeYtv0S58kXRZ5HZ7FDudQpSVCIdlsyJus1Kx8ZmVv
W/pMUcE2DgtzjLCX2C4GOCQcQt3rNH6EUqAJ/CpbiAYSzlXUifvVHCgSFQlaIy28
FslOI0IIU4K8Us22qfdESW3sRLV85bkhLoDuWufro4xr3IJHX2a89f811NtS+NhP
u3cafcGnZwgyvbMJoTtkJHH7Oy9htWdtBdwJ59KpEMWb6wKBV68FEy0MfMyVn0LM
bCmIslmpriC5OGLXuqhkpW+2NdkPhFVj790rXq1lXsnBHDQ9jEL3xMzp23Yf0WEO
b1N+p09Mei/v757Q4yFnoUj0jKDnUAxquskwwR2D6XGRDOUUvE/Dkslgyx1x8oKT
5/+njwpRpYOzKAp2122TM+JCXl/wYJi40VFbS5qy4u5G4vgA31MmOdEwloZxNw7C
2MjZZlrh7E83qHXyo2/kMYlRyP7TyRjBZ7TsZau1JSrLE+cPQHN8tt9W4UhWMGgF
EsgDGvX5CPvHRKFoT1dUuCXRw/NDcfJT1tXxPmHDRYcI8EFXLWzK/E6a6GHRVOyC
7GsGbU0ue5yELdGPFlkAISXafUeHI5tfox93Mz7ToWIKX3WFGh/w89mAmm4g/3Lu
9j4SNeAvikNLPBb89NE6VgQljBOJUDaLY0z+bQmfCkfeY4FWY4hg/wZLuala9Puj
n2TD1/d05hyBQ3T6+J9ahPZBDKx0Rl/rb2hSUKHjugHY5Zj4sspyvY74k+YwpVRB
1igD8YnV+4RQRcRg9H+kIXy4PANaYumBmJJNdu8CZL/vxE8O8wwNCxrp9XYzSCJC
CXX8VA6ig2+2dEY25QV9ZGhFNX+52yy/725d8tS+UNxXiZQV5RfiMRwYjzsfjIIm
wJzExP5S+CCGLPOPxwO3rfxyM67pEqpNThqtEZ+0
=tlDk
-----END PGP MESSAGE-----

In this case I've used PGP ("Pretty Good Privacy") encryption, which is available as an add-on for most email software, and has the advantage that you can generate your own secret key (remember, you have a secret key for yourself, and you give everyone else the public key); there's another system called S/MIME, which is already built into most of the major email clients, but requires you to get a certificate from one of several companies who are trusted to manage such things and verify their authenticity. S/MIME email over the network looks pretty similar to PGP, in that it's a solid block of incomprehensible text. There are other options, but these are probably the two most common.

I imagine I don't really have to illustrate this, but this is how your email now looks to someone with access to your mail server:

From me@myserver.example Sat Mar 10 12:37:42 2012
From: Me 
To: You 
Subject: our mutual secret

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.8 (Darwin)

hQEMA6HbXyzZsAb3AQf/cADqELVfWNguFVyFRuA8zL9CqjW8VaACFL3u7JWmuBog
c9lisSbGjyrGnqngFMDQltEeYtv0S58kXRZ5HZ7FDudQpSVCIdlsyJus1Kx8ZmVv
W/pMUcE2DgtzjLCX2C4GOCQcQt3rNH6EUqAJ/CpbiAYSzlXUifvVHCgSFQlaIy28
FslOI0IIU4K8Us22qfdESW3sRLV85bkhLoDuWufro4xr3IJHX2a89f811NtS+NhP
u3cafcGnZwgyvbMJoTtkJHH7Oy9htWdtBdwJ59KpEMWb6wKBV68FEy0MfMyVn0LM
bCmIslmpriC5OGLXuqhkpW+2NdkPhFVj790rXq1lXsnBHDQ9jEL3xMzp23Yf0WEO
b1N+p09Mei/v757Q4yFnoUj0jKDnUAxquskwwR2D6XGRDOUUvE/Dkslgyx1x8oKT
5/+njwpRpYOzKAp2122TM+JCXl/wYJi40VFbS5qy4u5G4vgA31MmOdEwloZxNw7C
2MjZZlrh7E83qHXyo2/kMYlRyP7TyRjBZ7TsZau1JSrLE+cPQHN8tt9W4UhWMGgF
EsgDGvX5CPvHRKFoT1dUuCXRw/NDcfJT1tXxPmHDRYcI8EFXLWzK/E6a6GHRVOyC
7GsGbU0ue5yELdGPFlkAISXafUeHI5tfox93Mz7ToWIKX3WFGh/w89mAmm4g/3Lu
9j4SNeAvikNLPBb89NE6VgQljBOJUDaLY0z+bQmfCkfeY4FWY4hg/wZLuala9Puj
n2TD1/d05hyBQ3T6+J9ahPZBDKx0Rl/rb2hSUKHjugHY5Zj4sspyvY74k+YwpVRB
1igD8YnV+4RQRcRg9H+kIXy4PANaYumBmJJNdu8CZL/vxE8O8wwNCxrp9XYzSCJC
CXX8VA6ig2+2dEY25QV9ZGhFNX+52yy/725d8tS+UNxXiZQV5RfiMRwYjzsfjIIm
wJzExP5S+CCGLPOPxwO3rfxyM67pEqpNThqtEZ+0
=tlDk
-----END PGP MESSAGE-----

Now do you see the point?

So I'll just encrypt the secret stuff...

Picture the view as seen by someone who's periodically looking at your email, or perhaps is looking at a whole collection of it all at once. If they see this:

...they'll know to pay more attention to the odd one out - who it's sent to, what it's about, and if you're paranoid about it, how much effort should be spent trying to undo the encryption. The trick is to encrypt everything, whether it merits it or not. If you've set up the software to do so, and your recipients have done likewise, it's not even something you'll notice - it just works.

The Webmail Twist

Webmail introduces one other twist: the thing you're typing your email into is a web browser, which means that sooner or later it's going to send that message you've typed across the Internet to a web server. Which exposes you to the same "who's on this network" issue I pointed out above, at least unless the Webmail system you're using encrypts what the browser sends (good news: this is the norm with the big players such as GMail). More to the point, this doesn't allow for encryption of your messages, because your secret key would have to be on the web server (for reasons I am, again, handwaving) and that means that it's not really secret any more. Some people have written various pieces of software to work around this, however, so it's not all doom and gloom - for example, if you use Google Mail and Firefox, there's GMail S/Mime, and if you go the PGP route, you can write your email in Notepad or TextEdit, use PGP's tools to encrypt it, and then paste the encrypted text into your Webmail window. Clunky, but it works.

Just bear the risk in mind when you're connecting to GMail from a public-access terminal in an airpoort.


Waider