Protecting your email from disclosure

Climate talk, Alaska government business, and Dave Briggs. What do these three things have in common?  Each of these subjects had more light shown on them by someone cracking email messages and releasing those messages to the public over the Internet.  Of course there are many more of these events that happen on a daily basis but those three were the bigger ones that I could think of right off hand. So, the bigger question than why did I choose those three examples is how do we prevent such disclosures in the first place.  The answer is actually simpler than you might think.So let's break this down into a couple of different categories.  We'll start with authenticating a user into their email messages, go to protecting your message while it's enroute, and end with protecting the message while it's being stored.

So, if our email providers would provide its users with better ways of authenticating then many of these problems will go away.  Multi-factor authentication is an absolute must!  Something you know (a password), something you have (a token), and something you are (biometrics) make up multi-factor authentication.  When you hear two-factor authentication they are talking about using two of those to authenticate you into the system which makes guessing your password much more difficult.

A good example of a company that gets it would be Paypal.  They provide an option to use VeriSign Identity Protection in addition to a username and password.  This is an excellent example of two-factor authentication in action.  A good example of a company that doesn't get it would be AOL.  They allowed their customers to use RSA SecurID tokens to provide that second authentication factor but recently have decided to stop the use. Apparently they feel that their customers are too stupid to push a button, see a number, and type it into a computer.  Bottom line is you should take your business to someone who takes authentication security seriously.

For those who use passwords (and we all do) make sure you use passwords that don't include words that are in the dictionary, family or friend names, or things that other people could guess.  Dictionary attacks against passwords are common because they work!  Oh, and your favorite football/baseball/hockey/whatever team's name is in the dictionary used to crack passwords... trust me.  And the longer the password the better.  You can exponentially increase the strength of your password by using twelve characters instead of eight, but don't let that make you stop at twelve characters.

Okay, so we are using strong passwords and we have a token... that's all I need, right?  Not quite.  What would you think if I told you that your message can be read at any point along the route to its destination? I've always been told that sending an e-mail is like sending a postcard but it's actually worse.  Imagine sending your message on a postcard and then handing it to someone else for delivery.  Do you trust that unknown someone who is going to deliver your message?  Well, e-mail is exactly the same way.  So what can you do?  Easy... use encryption!

Oh, I know you don't think you know anything about encryption and the mathematics that goes along with it but it's really easy!  There are basically two different styles of e-mail encryption: S/MIME and GPG (or PGP).  While S/MIME is more hands off, it costs money to get a certificate from a Certificate Authority and then you are basically trusting their trust model taking you out of the trust equation.  I'm not impressed.  GPG, which is the open source implementation of PGP, is my choice.

I'm not going to get into how to setup GPG because their are lots of instructions already out there.  I have helped with documenting how to setup GPG in a number of email programs and even for Gmail, though, and will say it's in the Fedora wiki.

Anyway, what makes GPG my choice is that not only is it easy to use but it is also completely free.  You generate your own keys and can upload your public key to one of the public key servers (like MIT's key server) which makes your public key available to all.  This doesn't make your encryption vulnerable because this is public-key cryptography and not symmetric cryptography.

So by using GPG (or S/MIME or PGP) you are protecting your message enroute to its destination.  So now we have to protect the message now that it has arrived and is being stored on someone else's server.  The great thing is that because you encrypted before transmitting it can only be decrypted by the recipient so it should be left unreadable to anyone cracking into your email account.  So if the cracker does get into your mail account then all they will find is scrambled up characters that they won't be able to understand.

So by using multi-factor authentication and encryption you can remove most risks of using e-mail and keep your information yours.  Think you don't need to protect your information because no one would want to see what you write?  Think about the three subjects we started with and remember those are just some of the more recent, public examples.  It happens every day.