One of the more troubling revelations of PRISM was the fact that your email was basically being read by the NSA, regardless of where you were sending it or why. We recommended using a secure email service like Tor M- wait, no, that’s closed. How about Snowden’s favorite, Lavab- No, that’s closed too. Uh… uh oh.
What’s happening?
Essentially, secure email services are dropping like flies. Lavabit was the first to go, in an open letter from its founder:
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations.
Didn’t you mention a service called Tor Mail?
Tor Mail went down the tubes thanks largely to the destruction of Freedom Hosting, a major hosting service in the “deep web” that got shut down for the less-than-shocking allegations that pedophiles were trading materials on their servers.
What about Silent Circle?
Silent Circle is discontinuing operations before the FBI comes knocking.
Crap. So basically I have no privacy.
Wrong! You do. It’s just kind of a pain in the ass! But at least you can use it with any mail service: It’s called PGP.
Wait, isn’t that some old encryption scheme?
Old, yes. But old stuff still works. In fact, PGP has pretty much been the Internet encryption standard from the start, as it was first developed in 1991. Also, being twenty years old gives it the advantage of being free, although it’s also what Symantec uses to encrypt email if you’re a “buy the software” type.
How does it work?
First, your text is encrypted using a random key. Then, the key is encrypted itself using the receiver’s “public” key. To read the message, the receiver uses his or her private key to decrypt the key, which then can be used to read the message.
So basically I have to teach my grandmother PGP?
Look around the official site we linked above: It’s pretty user-friendly at this point.
If this has been around for a while, can’t the NSA crack it?
Think of PGP as the equivalent of shredding all your junk mail and mixing it in with the cat litter. It’s probably possible to decrypt a PGP email, and if the NSA gets your private key, it’s all over. But, without that information, it is essentially a very unpleasant and dull task with little promise of reward. Basically the NSA has better things to throw its computational cycles and prime number computations at, and will for quite a while.
So essentially I can secure my absolutely inconsequential emails by being a total pain in the ass.
Yeah, pretty much. Your tax dollars at work!
(Image courtesy of Ryan Somma on Flickr)