Email Privacy – Don’t Count on It

201711.12

Picture of email inboxFor private communication, email is the worst possible option.

“Don’t put anything in an email you wouldn’t want on the front page of the local paper”, goes the saying. It’s sound advice. Email is the least private way to communicate. Even an old-fashioned fax is a better choice.

Email is vulnerable for two reasons:

  • Copies of each email stay on multiple servers
  • In transit, the text is ‘in the clear’ – readable by anyone

And yet, people send more emails every year and use it for more important and sensitive communications. A 2015 study found we send and receive 205 billion emails every day – 30 for every human being on the planet. It is quick and convenient, to be sure. It is now possible to complete the entire bail bonds procedure, for example, using email. But that convenience comes with a warning.  An indiscrete word in an email could damage a case. Law enforcement has easy access to copies of emails through service providers.

Email Privacy in the Workplace

Work email offers even less protection. We all sign a policy when hired that limits our email use to business. It also makes clear that the employer can watch all email sent and received by employees at any time. While law enforcement needs a warrant, managers need only access to the email server.

Just like a personal account, email on company servers may be there forever.  They are also plain text – meaning not encrypted – so everything written is readable. More to the point, work emails belong to the employer, not to the employee. They are company property as much as the computer used to write and send them.

Businesses have concerns about email privacy as well. Emails with compromising information or threats and intimidation could become evidence in a lawsuit. This is why companies routinely scan email for keywords that spell trouble. Even just grousing over email with a colleague about the long hours is a permanent record that can come back to cause trouble.

Government employees are even more vulnerable.  Their business is the people’s business, so their emails belong to the people. The Freedom of Information Act (FOIA) and other official policies make it possible for a citizen to demand that any agency reveal emails written and sent by public sector employees. In a lawsuit or other court action, a government worker has less expectation of privacy than one in the private sector.

Email Privacy Isn’t Impossible

It isn’t easy to keep your personal emails private, but it isn’t impossible. To start, we need to recognize that the design of email systems ensures they are not secure and private. Email is for easy and speedy communication. If we want to keep our email private, in transit and when stored, we need to take positive action.

First, learn the rules: Check out the pages and pages of fine print ISP or email providers require we accept with a checkbox before using their service. Chances are that End User Service Agreement allows the company to watch traffic and data stored in all accounts at any time, for any reason. Even if they don’t check for their own purposes, remember that they must comply with a warrant or other court order.

Next, do the research: There are several companies that offer secure, private email service, as well as file storage and sharing capabilities. Read their service agreements. Ensure they provide end-to-end encryption while sending email, and strong encryption of anything stored on their servers. To be extra cautious, choose a company that allows creating an account anonymously, and does not track IP logs.

Finally, make the switch: It will be a bit disruptive at first, changing email addresses with merchants and friends. Getting accustomed to new tools and ways of working always takes time and effort. But privacy is something everyone needs and deserves. Email is not private by default, and it takes work to make it so. The reward will be peace of mind. That’s worth a bit of work and inconvenience.