Fear of Secure Email
This Article typifies the feelings of many when it comes to email.
Outside of fictional characters in Cryptonomicon, I’m not aware of anyone else using encrypted email and digital signatures. (Anyone using cryptographic e-mail is in the minority and the exception to the rule.)
…
I don’t have the time, patience or desire to venture down the path of buying certificates and keys and configuring them on all six of the machines I work from on any given day. This is a non-starter. No one uses this feature. Thus, my point: Email is not secure.
Secure email does not have to be hard, and it does not have to be scary. It starts with protecting your SMTP, POP, and IMAP connections by running them over SSL. Many organizations we work with have their own PKI—using digitally signed and encrypted email with a managed PKI in place is very easy. Others utilize PGP or equivalent technologies. At Gemini, we encrypt all email sent internally using S/MIME.
I agree that people should be aware of the potential insecurities around email—most people consider that email is inherently secure and is sent directly from the sender to the recipient. (Neither is true.) I don’t agree that we need to be afraid of implementing solutions. One does not have to be a fictional character to take privacy seriously enough to make email more secure.
One thought on “Fear of Secure Email”
A lot of people still have the impression that encrypted e-mail has to be a big song-and-dance, which it used to be with PGP back in the days of DOS. There are now plugins for most every mail client on many operating systems (yes, even Windows) that transparently encrypt and decrypt mail. Trying to convince people that it can be as easy as clicking ‘send’ and typing a passphrase is like pulling teeth. Trying to convince people that their e-mail should be encrypted (for example, marketing folks on the road will send very sensitive things in unencrypted e-mail.. over an insecure wireless connection, no less).
Comments are closed.