J. David Stark

Why You Might Want to Send Secure Email

Email can be a useful, and even a necessary tool, but it also has its issues.1 And as might be surprising, one of these issues has to do with its security. Send the wrong thing across email at the wrong time, and you might find yourself picking up the pieces rather than writing up that next research project.

Where Is Email Secure?

When you connect to your email, you need a username (probably your email address itself) and a unique, hard-to-guess password. You may also have decided that multifactor authentication is a good idea. So, to connect to your email, you’ll also need whatever additional authentication factor (e.g., a six-digit code, an app notification, a hardware token).

Those are necessary places to begin, but they still leave your email vulnerable at key points. The standard kind of security that applies to your email as it’s on the move is “transport layer security” (TLS).

This protocol protects your email “between relays from server to server” en route either from you to its destination or from its sender to you.2

Where Is Email Insecure?

That sounds good, right? The problematic bit comes from the “between relays” phrase. That is, TLS applies as the email is on the move from one destination to another (e.g., recipient, server). For instance,

imagine that Alice is sending a gift from San Francisco to Tokyo. They place the gift inside a box, which keeps the contents private and secure (just as encryption keeps the content of an email message private). They give the package to a postal carrier, who delivers it to a local post office. The package is inspected to make sure that the content and the delivery information are both correct. Then, it is shipped to Tokyo, where it goes through customs and is inspected again. Finally, the package is transferred to a local post office for delivery, where it undergoes one last inspection before arriving at its intended destination.3

That is, with TLS, each time an email gets to a new “stop” (i.e., server) on its way between the sender and the recipient, the message gets decrypted and then re-encrypted.4 So, sending email using TLS only “is the equivalent of writing [a message] on a postcard for all to see.”5

Why Secure Email at Stops Also?

Okay, but perhaps you’re thinking that the stops an email makes between the sender and receiver should already be secure.6 Airline passengers can change planes without going back through security because everything past security is itself a secure area.

That’s true, but it presumes quite a lot about the character of the actors who have access to these presumably secure areas. So, let’s take the example one step farther.

As you walk through the secure area in an airport, would you

  • repeatedly call out your driver’s license number,
  • hand out copies of your passport to every passerby, or
  • conspicuously display your Social Security card?

No, of course not. You’ll show your identity documentation only to those who have the need and authority to see it. If you do more than that, you’re increasing your chances of identity theft, even among the folks who’ve already cleared security.

What Practical Scenarios Are There for Secure Email?

Sending secure email is like keeping your identity documents stored safely away as you move through airport terminals. And there are some practical, real-world cases where you want to do just that in your email as well.

Though it might feel rather a stretch in the West, let’s say you’re working on a project and either you or others you’re working with where you have some concern about government reprisals regarding the work. In that case, sending secure email can help reduce (though not totally remove) the chance of an authoritarian intervention.

Or on a more mundane front, let’s say you’re doing paperwork with a publisher for a monograph. According to your contract, if you might receive royalties (however small their amounts), you’ll at some point need to complete pertinent forms for taxes and such. And those forms will require some kind of identity documentation (e.g., a Social Security number).

If the publisher doesn’t have a secure portal where you can upload sensitive information directly, you can still send them securely by email. As you do, you’ll be reducing the likelihood that that information will fall into mischievous hands.

Conclusion

You might not want to send only secure email. But there are times and circumstances where it can prove useful. Used in those cases much like a good antivirus program or backup strategy, it can help reduce the chance that you’ll need to stop what you’re doing to clean up after a mess that you could have avoided.

Setting yourself up to send email securely isn’t complicated but does take a few steps. So, I’ll explain those details next week.

  1. Header image provided by Abby Anaday

  2. “What Is Email Encryption?,” Cloudflare, n.d. 

  3. “What Is Email Encryption?”; italics added. 

  4. “What Is Email Encryption?” 

  5. Tony Bradley, “Here’s Why and How to Encrypt Your Email,” Lifewire, n.d. 

  6. Image provided by Tomek Baginski

Some of the links above may be “affiliate links.” If you make a purchase or sign up for a service through one of these links, I may receive a small commission from the seller. This process involves no additional cost to you and helps defray the costs of making content like this available. For more information, please see these affiliate disclosures.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Posted

by

J. David Stark

Tags