The Damned Emails: Insecurity

Email is inherently insecure.  There is no standard, there is no law that requires that email be stored or sent securely.  Sending a letter in the mail is only more secure because of the laws against tampering with the US Mail.  We don’t have a specific law covering email theft.  Do people realize that sending an email is less secure than sending a letter?

Email has changed the face of the planet.  Without email, there would be no way to electronically talk to everyone else in this world.  Email crosses barriers between other communication methods.  Facebook users can only talk to their friends.  Text messages can only be sent to cell phones.  WhatsApp messages can only be sent to those users.  Email can be sent to almost everyone.  Let’s see why it’s so damned insecure.

Encryption is the process of taking data and scrambling it so that it cannot easily be read and understood.  A server is simply a computer that, in this instance, stores or sends emails.  Many modern servers store the emails in an encrypted format.  Many also require you to send them to it securely.  This is not a requirement in the email standards.  Sending email from server to another is generally not secure.  Sending emails within an organization like a business is your best chance of having secure emails.  Still, email servers can be easily configured so that they do not send, receive, nor store them securely.

To sum it up: email may or may not be secure depending of a number of factors.  Never trust that your emails are secure.  Remember that your work emails belong to your employer.  Email is not HIPAA compliant, so don’t email your doctors unless over a secure website.  Never send identifying characteristics over email.  This includes banking and other personal information.

Email sucks, so how do we fix it?  Well, some professionals in the field have tried to introduce required standards.  Unfortunately there is no industry-wide desire to fix the system.  At this point, it would take an act Congress to require emails to be sent and stored securely.  The industry in the US would have to come up with the new standards and pledge for a change.  Congress is the only group that can push the required change.  It doesn’t help with the rest of the world, but as the US goes…

Note: For some reason Gmail is getting a bad rap in the Hillary Clinton email scandal.  Let’s not vilify it.  Gmail is much more secure than is required.  I’m not here to get into the politics of it, but I’m here to explain issues with email.