E-mail encryption 'a good idea'
21 August 2013, 13:43
Frankfurt - There was a time when it would have seemed over the top to encrypt an e-mail. But, even ignoring the recent surveillance scandals from the US, it's long been a fact that giving your e-mail a little extra privacy is no bad idea.
Although it's seldom used by private e-mailers, encryption is actually quite easy to employ. A lot of applications also make it free and easy to set up.
Inquiries about encryption have been on the rise of late, said Kei Ishii, who runs a German consumer information portal.
"It's like a letter and a mailbox," said Frank Timmermann of the Institute for Internet Security at Germany's Westphalia University of Applied Sciences. "Unencrypted mails are the postcards, those with encryption are the ones in an envelope."
And there's no reason not to encrypt, experts say. It has nothing to do with hiding deep, dark secrets, but with "recognising our rights", notes Germany's Federal Office for Information Security (BSI).
Public Key Infrastructure (PIK) technology is the key to encryption. It makes use of something called a public key to encrypt information, while a private key is needed to open it up.
The public key can best be envisioned as used to lock up a mailbox once it contains a letter for a recipient, says the BSI.
That mailbox can then only be opened with the private key. Public keys are procured from special servers where everyone can see what's needed to encrypt an e-mail. But the private key can only be accessed with a password stored on one's own computer.
There are two main - and incompatible - standards for e-mail encryption: OpenPGP (Open Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions).
S/MIME functions with keys from certificate sites, so-called trust centres, and usually costs money.
That's one of the reasons OpenPGP is more popular among private users. It's easy to put together a key in a short span of time. OpenPGP is used in applications like Gpgrwin for Outlook for Windows, Enigmail for Thunderbird (Windows/Mac OS/Linux) or GPGTools (Mac OS).
There's no reason not to encrypt, even when using standard webmail services like Gmail, Yahoo or Outlook.com.
Add-ons like Mailvelope for Chrome (under development for Firefox) come in handy here. To encrypt e-mail on a smartphone, check out the app shop to see what's available. There's Android Privacy Guard (APG) for Android mobiles, or iPGMail for iPhones.
But problems persist. Setting up encryption for multiple devices can be a nuisance. A bigger one is that so many of one's contacts might not be using it.
"The network effect is missing," said Ishii. "Even if you use it, there's often no one there with whom one can communicate."
But it's still worth it to set up encryption systems. After all, one can decide before every e-mail sent whether to use it or not.