Sending an unsecured email is like shouting something across a crowded room… if you expect the information to be kept private that is probably one of the worst methods available. You might as well rent a billboard so everyone can see.
The problem with the internet is that there are so many touch points. Email traffic is routed across a hierarchy of networks, and between the sender, the receiver, the various email hosts, internet service providers, etc., there are a number of nodes that have access to our data. Consequently, network transmissions are anything but private and secure.
Governments figured this out a long time ago. In the United States, for example, the government set up a series of special encrypted networks that function just like the internet. The Department of State and Department of Defense (ok, offense) uses a network called JWICS.
JWICS, pronounced Jay Wicks, stands for Joint Worldwide Intelligence Communication System– essentially; it is a secure version of the regular Internet. Special computers that sit in buildings with no windows communicate with each other through high level encryption algorithms.
Functionally, JWICS looks similar to the Internet that everyone else uses– there’s email, web pages, etc. From a technical perspective, though, JWICS is highly secure, and the government uses it to transmit classified information up to the Top Secret level.
While you can’t plug in to the government’s classified networks, you can use free software to create your own secure environment.
PGP, which stands innocuously for “Pretty Good Privacy,” is the closest you could possibly get to NSA level encryption. The algorithm uses a unique ‘public key / private key’ model that has confounded government authorities around the world.
It works something like this:
Everyone who uses PGP has two ‘keys’, a public key and a private key. For a physical example, imagine you literally have two physical keys and a lock box. The public key is appropriately named because you give it out to everyone… you go down to the locksmith and make hundreds of keys to hand out to your friends and business associates.
Anyone who wants to send you a secure message can write it on a piece of paper and put it in the lock box. Using their public key, they can lock the box, but they cannot unlock it. The only person who can unlock the box to read the message is you, using your private key. Naturally, you keep your private key secret.
In the email world, it essentially works the same. The sender will encrypt a message using your public key. Once this happens, the email message will look like a bunch of gibberish. This gibberish is what is sent across the network, so anyone who intercepts the message will only be able to see the gibberish, not the actual message.
Once you receive the message, you decrypt the gibberish with your private key, and voila, the original message is displayed in plain text.
So how secure is PGP? In a word, very. Nothing is unbreakable, but it would take teams of analysts and supercomputers quite a number of years to crack the code, if they could do it at all. Bottom line, governments will have to REALLY want your data to invest the time and money into cracking the code.
I’ll skip the math, but the PGP algorithm is based on matching together incredibly large prime numbers– I’m talking millions of digits. Huge. Mathematicians occasionally ‘discover’ new prime numbers, and while most of the world laughs off these nerdy academics, each new prime number adds a whole new dimension to encryption technology.
So how do you implement this?
PGP caters to big businesses looking to secure their communications, though they do have some solutions available for individuals. Personally, I would recommend using the ‘free’ version of PGP under the GNU general public license.
It’s called the GNU Privacy Guard (GPG), available at GnuPG.org/download
All the documentation is available right there on the website; just read, and it will tell you exactly what to do.
Once you have GPG installed, I suggest installing FireGPG as well (getfiregpg.org) if you use Firefox as your web browser. FireGPG is an add-on for Firefox that can instantly encrypt/decrypt plain text right within your browser window; if you use a web-based email like Yahoo! or Gmail, FireGPG is a very easy solution.