This article is perhaps one of the best arguments for using encryption in your day to day emails that I’ve ever seen.
On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government’s request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your email – similar to the way they could simply subpoena any physical mail sitting on your desk – is unconstitutionally broad.
Essentially, there are several arguments that are being used to try to get courts to agree that email is not subject to any “reasonable expectation of privacy”. The arguments are several… Your email provider probably has language in their Terms Of Service that allow them to examine your email. It almost certainly has language in it that says that if they get a supoena for copies of your email they’ll happily hand over everything it demands.
in 1963 the US Supreme Court ruled in Katz v. United States that the user of a payphone could claim a right to privacy. That’s when the standards for “reasonable expectation of privacy” were established.
1. Do you think that what you are doing is private?
2. Is this something that society will accept that your belief is objectively reasonable?
An email message is basically text that has been formatted according to a standard and is then transmitted from one server to another until it arrives at it’s destination. This email is in plain, unencrypted, text form. Which means that if you know what file to open, you can read an email in a text editor. Some emails do use a form of encoding to allow binary content to be sent over a text medium, but that encoding (Base 64) is a well known standard that is not indended to keep anything private.
The only way to make email private is to actually encrypt it. The easiest way to do this is to use PGP or GnuPG (GPG) to encrypt the text of your email so that only the intended recipient can decrypt and read it. Here’s a tutorial I wrote about how to install and use PGP.
You wouldn’t write private physical mail on the back of a postcard would you? When you do send a letter in snail mail that contains anything private you put it in an envelope and seal it with the full expectation that it won’t be opened except by the person it’s addressed to.
Encrypting email is the same principal. If I send an email, especially if it’s private for whatever reason, then I’m going to get the recipient’s PGP key and use that to encrypt the email so that only they can decrypt and read it.