Saturday, October 5, 2013

Encryption for emails

Inspired by a Tweet from Julian Sanchez, the Cato Institute's Internet freedom expert, I decided to see if I could use encryption for some of my emails.

I experimented with various programs on a couple of computers and on my portable device. What I finally arrived at was that using Thunderbird (an email client program) with Enigmail (an add-on) and GnuPG (an open source version of PGP, or "Pretty Good Privacy") was the best way to enable PGP for an email account. (I tried Mailvelope for Gmail, which didn't work so well.) My thanks to Mr. Gary Acord for helping me with my tests.

If you have decent computer skills, you should be able to figure out how to do this by (1) Downloading Thunderbird and setting it up for your email account), (2) Installing Enigmail as an add-on and (3) Installing GnuPG. The software pretty well walks you through it, but Lifehacker also has a tutorial.

The email address I'm using as my "secure communications channel" is jackson.tom@live.com, so if you want to try PGP (using the Thunderbird/Enigmail/GnuPG combo, or any other PGP implementation), feel free to send me a message. I'll post my public key block at the end of this blog post.

PGP is public key encryption system. So to send a message, you obtain a public key (which your correspondent will give to you, or which you can obtain from public repositories such as this one), encrypt the message and then send it. Your correspondent then decrypts it with his private key, which only he or she is supposed to have.

As I implied yesterday, a do-it-yourself approach to email probably is safer than using a cloud encryption service that can be accessed by the government.

A word about encryption. In a sense, using it is a political statement to the NSA and the National Security State that individual citizens deserve privacy. But using encryption also has practical uses.

It can be pretty easy to send a message to the wrong person by mistake. I have a rather common name, and I've been a relatively early adopter for services such as Gmail and Yahoo Mail, which means that I can simply use my name for the email address and don't have to include a number.

As a result, I often get email messages meant for some other "Tom Jackson" or "Thomas Jackson." Once, a psychiatrist emailed me a case file for a patient. Another time, a well known author and pundit included me in her discussion about her history of abuse. I got rid of the messages and informed the sender that something went wrong, but encryption would ensure that messages that go awry cannot be read.

That said, there are disadvantages to encrypting emails. It can be a little more trouble (though the Thunderbird combo mentioned above works rather well, and rather easily). You can lose messages permanently if you forget your encryption password, or if something else goes wrong.

Also, you should not assume that encryption is a magic bullet that will protect you if the U.S. government takes an interest in you. The NSA can defeat just about anything an amateur would deploy.

Here is the public key for my jackson.tom@live.com email address:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0

mQENBFIYQfoBCADUaCNpbqgBi5RNkJLO+mk0wM86qg3AIDKyYcvtg+3MsqjL+70P3FnFi5md
N+sCttLh5HAMkI7yARiTNORhyeitWBiGdDjW+Ty/c0IfMQWzVWm0jIO4PNTMGtjllsTu+ns/
O+2wYAycdrIFmsYEvapq3zoM1mLuhbWujldTust7AytTfJioMdB/qBVif8gLrRqaiim6IGqY
0Bj9os8I5l3Lmk9kqpaCiqUa0kSPTfZIbl55XXrOkHihKHXUsRZ0eHlLGYqF/QG9MZXf4jF6
i1krpUsHK7QltHKtxTARL2ySDFRrskVbu6NaXnGKSE2syvoGx3P4izweuiNzGxf/SkRrABEB
AAG0IlRvbSBKYWNrc29uIDxqYWNrc29uLnRvbUBsaXZlLmNvbT6JAT4EEwECACgFAlIYQfoC
GyMFCQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDmkrfbnZ8A1VP4IALnfrM98
5QUMN+VWuVUmYcNplekX7PrW/rVT+/PTjGkjSDhMAHWxF0MfCoRj8v0LL020BN4w8+bEmgmP
0ps8k38c8Z7YLa79TkcXpcapf0cwwsKN5mDw/UALdblpOsbH9zfeURxcii3tmf6b4fnSRbS+
zT8nnH8AEH7Oyge6QSpT4fyB+OG2IHKT1E84OfvWwPvrMEGcejw1GmVQbi162ymSlUojE0hI
ROZTt7wXnR8APttowdGPNBWxN9W63X5SwsFAG6o3Pct12kcsg4HIsamcxm/X4sFYmpU/8aL8
lbS4t07SXeD8QlS6ao1WuzNhMjtERuBMJqmD4ccwIHS+U7e5AQ0EUhhB+gEIAOi4s2zxVgWQ
AdDREZdXLHRnumBGWs8Jm+Qd96hU5YyrtLOgCV21E7qDNtDNj/KSO/inwgCfn7ymI06LTeXV
tIJrZbprVtmE7k89/z6qn+owfskz2CwwORXx5eqpGKI8X6o62acSizXqig9PZMm2GDGNomU5
uBcf8LD0vlBPias1WuRom8dm8Zu8lVxIwsE3FmbZyT1Xevvg6uddxGNmIvCvMovzyElPfh9W
DwKf+UL+xGWciksjAW1DdxqsOIw9b+ULon6RciF0iJBQR6L1OAWk+fKX5rpPXt04Z7dRBAUh
lvqM0az3OHks3HyvAEugwmjT+nJJoGupOryZT2SuKVUAEQEAAYkBJQQYAQIADwUCUhhB+gIb
DAUJCWYBgAAKCRA5pK3252fANejtCADSUq+xZu9pF2F/EMNtHsv1/ERoUiufohPuHNPSnuLh
3EV6t+6G45gAIVb7CfTIMI97GeQuj7SZZfYaws4/2cbZDRaODXK57K9jlAOTPmQ/jkjGATAl
LKVt5aJUpnUs8Zs39tSaluMZlS8AltNiInCgC0i11EhSVTag20YAM8npZHIcT4mQvmEIqiH0
wGerAU60HzmxzqOa4r56+g2dKmEjcY9x00Bc981ewbleZjVlix8ETupSUEQLcTUvdgOUvaw9
JP4Ceakqdn4cJe3bjouE7Q8cnVF5vLrwE4+E/nkHaVfI7dBlr/d2SqXA8KRi89E3bS+39sVy
/zaYy/VrGUOh
=WYBl
-----END PGP PUBLIC KEY BLOCK-----

1 comment:

gacord said...

For anyone using a Mac, this makes it even easier to implement: https://gpgtools.org/index.html

Thanks for the nod, Tom.