Wednesday, June 22, 2005

Email privacy

Privacy has been in the news with recent revelations regarding credit card records. There's another place privacy issues arise: email.

Plain email is much like a postcard—open to be read by whomever touches it. Most of the time, we don't care: there are only automated systems relaying our email, and much of what we write would be at most mildly embarrassing if it were to be made public.

It's possible, though, for a person with the right skills and interest to spy on our email. They likely won't care about our descriptions of last weekend, but they could be interested in corporate financial or strategic information we send.

Fortunately, there's a relatively easy solution: encryption. It's increasingly easy to set up, and all the pieces are available for free. It does take a small bit of study. I've collected a number of links that have helped me; maybe they can help you, too. Pay particular attention to the Web of trust and to the creation of a secure passphrase; the wise use of both is important in determining the degree of privacy you actually get.

If you've got your system set up and want to send me private information, use my public key to encrypt it so that only I can read it. If you get a message from me that says it's been signed, use that same key to verify that I sent it and that it hasn't been changed since I signed it. Use this same system with other business partners when it makes sense to protect the information you're not ready to publicize.

By the way, the link for A Practical Guide to GPG in Windows is broken tonight, but Google turned up an alternative copy.


Post a Comment

<< Home