Inspired by a Tweet from Julian Sanchez, the Cato Institute's Internet freedom expert, I decided to see if I could use encryption for some of my emails.
I experimented with various programs on a couple of computers and on my portable device. What I finally arrived at was that using Thunderbird (an email client program) with Enigmail (an add-on) and GnuPG (an open source version of PGP, or "Pretty Good Privacy") was the best way to enable PGP for an email account. (I tried Mailvelope for Gmail, which didn't work so well.) My thanks to Mr. Gary Acord for helping me with my tests.
If you have decent computer skills, you should be able to figure out how to do this by (1) Downloading Thunderbird and setting it up for your email account), (2) Installing Enigmail as an add-on and (3) Installing GnuPG. The software pretty well walks you through it, but Lifehacker also has a tutorial.
The email address I'm using as my "secure communications channel" is email@example.com, so if you want to try PGP (using the Thunderbird/Enigmail/GnuPG combo, or any other PGP implementation), feel free to send me a message. I'll post my public key block at the end of this blog post.
PGP is public key encryption system. So to send a message, you obtain a public key (which your correspondent will give to you, or which you can obtain from public repositories such as this one), encrypt the message and then send it. Your correspondent then decrypts it with his private key, which only he or she is supposed to have.
As I implied yesterday, a do-it-yourself approach to email probably is safer than using a cloud encryption service that can be accessed by the government.
A word about encryption. In a sense, using it is a political statement to the NSA and the National Security State that individual citizens deserve privacy. But using encryption also has practical uses.
It can be pretty easy to send a message to the wrong person by mistake. I have a rather common name, and I've been a relatively early adopter for services such as Gmail and Yahoo Mail, which means that I can simply use my name for the email address and don't have to include a number.
As a result, I often get email messages meant for some other "Tom Jackson" or "Thomas Jackson." Once, a psychiatrist emailed me a case file for a patient. Another time, a well known author and pundit included me in her discussion about her history of abuse. I got rid of the messages and informed the sender that something went wrong, but encryption would ensure that messages that go awry cannot be read.
That said, there are disadvantages to encrypting emails. It can be a little more trouble (though the Thunderbird combo mentioned above works rather well, and rather easily). You can lose messages permanently if you forget your encryption password, or if something else goes wrong.
Also, you should not assume that encryption is a magic bullet that will protect you if the U.S. government takes an interest in you. The NSA can defeat just about anything an amateur would deploy.
Here is the public key for my firstname.lastname@example.org email address:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0
-----END PGP PUBLIC KEY BLOCK-----