FREE: JOIN 100,000+ READERS   
≡ Menu
SOVEREIGN MAN

How to send secure email

Sending an unsecured email is like shouting something across a crowded room… if you expect the information to be kept private that is probably one of the worst methods available. You might as well rent a billboard so everyone can see.

The problem with the internet is that there are so many touch points. Email traffic is routed across a hierarchy of networks, and between the sender, the receiver, the various email hosts, internet service providers, etc., there are a number of nodes that have access to our data. Consequently, network transmissions are anything but private and secure.

Governments figured this out a long time ago.  In the United States, for example, the government set up a series of special encrypted networks that function just like the internet.  The Department of State and Department of Defense (ok, offense) uses a network called JWICS.

JWICS, pronounced Jay Wicks, stands for Joint Worldwide Intelligence Communication System– essentially; it is a secure version of the regular Internet.  Special computers that sit in buildings with no windows communicate with each other through high level encryption algorithms.

Functionally, JWICS looks similar to the Internet that everyone else uses– there’s email, web pages, etc.  From a technical perspective, though, JWICS is highly secure, and the government uses it to transmit classified information up to the Top Secret level.

While you can’t plug in to the government’s classified networks, you can use free software to create your own secure environment.

PGP, which stands innocuously for “Pretty Good Privacy,” is the closest you could possibly get to NSA level encryption.  The algorithm uses a unique ‘public key / private key’ model that has confounded government authorities around the world.

It works something like this:

Everyone who uses PGP has two ‘keys’, a public key and a private key.  For a physical example, imagine you literally have two physical keys and a lock box.  The public key is appropriately named because you give it out to everyone… you go down to the locksmith and make hundreds of keys to hand out to your friends and business associates.

Anyone who wants to send you a secure message can write it on a piece of paper and put it in the lock box.  Using their public key, they can lock the box, but they cannot unlock it.  The only person who can unlock the box to read the message is you, using your private key.  Naturally, you keep your private key secret.

In the email world, it essentially works the same. The sender will encrypt a message using your public key. Once this happens, the email message will look like a bunch of gibberish. This gibberish is what is sent across the network, so anyone who intercepts the message will only be able to see the gibberish, not the actual message.

Once you receive the message, you decrypt the gibberish with your private key, and voila, the original message is displayed in plain text.

So how secure is PGP? In a word, very. Nothing is unbreakable, but it would take teams of analysts and supercomputers quite a number of years to crack the code, if they could do it at all. Bottom line, governments will have to REALLY want your data to invest the time and money into cracking the code.

I’ll skip the math, but the PGP algorithm is based on matching together incredibly large prime numbers– I’m talking millions of digits. Huge. Mathematicians occasionally ‘discover’ new prime numbers, and while most of the world laughs off these nerdy academics, each new prime number adds a whole new dimension to encryption technology.

So how do you implement this?

PGP caters to big businesses looking to secure their communications, though they do have some solutions available for individuals.  Personally, I would recommend using the ‘free’ version of PGP under the GNU general public license.

It’s called the GNU Privacy Guard (GPG), available at GnuPG.org/download

All the documentation is available right there on the website; just read, and it will tell you exactly what to do.

Once you have GPG installed, I suggest installing FireGPG as well (getfiregpg.org) if you use Firefox as your web browser.  FireGPG is an add-on for Firefox that can instantly encrypt/decrypt plain text right within your browser window; if you use a web-based email like Yahoo! or Gmail, FireGPG is a very easy solution.

About the author: Simon Black is an international investor, entrepreneur, permanent traveler, free man, and founder of Sovereign Man. His free daily e-letter and crash course is about using the experiences from his life and travels to help you achieve more freedom.

Want more stuff like this?

Our goal is simple: To help you achieve personal liberty and financial prosperity no matter what happens. Click below to join our community of 100,000+ sovereign individuals.

SIGN ME UP FOR FREE

Comments on this entry are closed.

  • http://rauschenbach.us Möpsi

    My main concern has always been that encrypted e-mails flag themselves as “interesting”, which stands to bring my whole social network under scrutiny.

    I prefer to fly under the radar, and I switch over to phonetic English (funetik inglish) in the middle of a sentence whenever I want certain words to slip past the lexical analyzers.

  • http://www.qwealthreport.com Peter Macfarlane (Q Wealth)

    You will find some interesting products and info around the subject of secure e-mail and communications at http://www.securelaptop.org including step-by-step info on installing PGP, Thunderbird etc, saving you having to go to the different sites to read installation instructions.

  • jaci

    Dear Simon,
    I went to the site you mentioned for the privacy emails and not being a computer expert. I found it rather difficult to understand exactly which option I had to click on. the instructions were very vague.
    Could you shed a little light on the subject and perhaps list the order in which to proceed. I very much would like to take advantage of the privacy they offer.
    I love reading your news letters. They are always informative and interesting.
    Thank you very much for your help.
    Your avid reader,
    Jaci

  • http://NON Dr. ADE RAHEEM

    Hi.
    Please mail detailed information about secured mail systems.
    best regards.
    A.Raheem

  • George

    Unless I am mistaken, didn’t the US government strong-in the arm the creator of PGP to give them a backdoor to the program, in the ineterest of national security of course.

    • http://rauschenbach.us Möpsi

      Well George, it “slipped” into the congressional record once that such agreements were in place with IBM and 2 other top industry players across their full product lines. I expect that’s what the MS antitrust suit was really all about. Bruce Schneier, America’s electronic security guru, writes about it some. And I always used to wonder why MS Word stores 2 copies of my text in each file! (encrypted content is decoded in a short amount of time if it contains any repeating content, and such a technique avoids the need for a formal back door having to exist in code form, which would leave a smoking gun for programmers to get a guilty conscience over, so to speak)

      Likewise, and embarrassingly, it continually comes up that such back doors are in the routers and security hardware from Ci***, and probably all the other top-tier players.

      Why would anyone expect it to be any other way? It is not in the human nature for the situation to be otherwise. Controls, snoopery, and huge black budgets, have been on the ascent, not descent, for the past 3 decades, so it would only stand to reason that things are considerably worse than they were in the 80′s when PGP was in court.

      The so-called terrorists have taken what is probably the best sober position on the subject… when it comes to computer tech, the US govt cannot be beat. It is literally “their game”.

  • http://www.docboyerstraighttalk@blogspot.com Don Boyer

    I would be very interested in such software as GPG and FireGPG

  • http://N/A MJ

    Hi Simon,

    Very good article and very useful. I have used PGP pro long time ago and it was hard to set it up with MS outlook. You are right, e-mail msgs do go ways around and I agree everyone should protect his privacy.

    I run into this problem with it though so if you have an advice would be great:

    When I started sending e-mails to my friends they were not encrypted because my friends don’t have pgp. So I was the only one who could get encrypted e-mail from them when I sent them the public key. The trouble was that I had to urge them to get a PGP program also.

    Thanks

  • Pradip Shah

    After reading the main article I had the same thought as MJ.

    I also see other problem of management. Let us say one communicates with 25 to 30 individuals where secure communication is required. I either have to refer to my diary every time I want to send them a message or the email software has to keep a track of the 25 – 30 corresponding public keys. I would then have to secure my PC such that no one can access it in my absence. This is to prevent anyone from sending malware from my pc or reading my secure mail.

    Either that of run my mail / web browser software from a pen drive and hang on to it for dear life.

  • http://www.qwealthreport.com Peter Macfarlane (Q Wealth)

    The software can easily keep track of 25-30 keys or 25,000.

    Yes, of course it is necessary to persuade users to adopt PGP or GPG in the first place. But once installed, it is completely transparent and very easy to use. I would definitely recommend GPG with Thunderbird. It works very well.

    GPG is open source software so you can be really sure there are no back doors. Commentators might be remembering the prosecution of PGP creator Phil Zimmermann many years ago, but that did not actually force a back door and many people have gone on to develop the software since.

    Still, I would not choose to use the commercial version of PGP precisely because of this risk. If you use the open source software it is free, anonymous and you can be sure there are no back doors.

    Also Pradip has a good point. It is very important to secure your actual PC in your absence. That is the whole point of the site I mentioned in my earlier comment.

  • William

    Simon:

    Thank you for the info. It is tough to persuade all your associates to use such a program. Many folks don’t see the need since they think everything on the internet is private.

    What has concerned me for years about this:
    encryption flags your message and raises your profile. (Not to mention that it is illegal in some countries – France and Russia come to mind.)Nothing here would prohibit any of the “bad guys” from figuring out who the sender and the recipient are. Then (if they thought it was worth their while or they had nothing better to do) they would apply pressure. (Have you ever heard of “rubber-hose cryptanalysis”? How about “waterboarding”?)
    What is the solution to this?

  • Don

    Simon, et al.:

    Interesting article on e-mail security. I, too, have struggled with using PGP inasmuch as it requires the recipients to also have it. In light of this I decided to try out a program called CenturionMail from CenturionSoft (http://www.centurionsoft.com/). Is anyone else on here able to comment on this program?

    Also, I’m wondering if, Simon, you’ll be writing on secure phone communications or if others here on the site have any knowledge of this subject. Specifically, I’m curious about encrypted cell phone communications and/or Skype-type phone services.

    Thanks and I am finding the newsletter to be…interesting.

    Don

  • http://www.iemailer.com/ free email software

    Nowadays, there are numerous criminals even in the cyber world. They can steal information from your computer. Now, it would be better if your know how to send out secure email that protects your information from these cyber criminals.

Read more:
The offshore center that never took off…
Close