|This article needs additional citations for verification. (May 2010)|
||The examples and perspective in this article may not represent a worldwide view of the subject. (October 2012)|
The protection of email from unauthorized access and inspection is known as electronic privacy. In countries with a constitutional guarantee of the secrecy of correspondence, email is equated with letters and thus legally protected from all forms of eavesdropping.
After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. After this time has passed, a government agency needs only a subpoena—instead of a warrant—in order to access email from a provider. Other countries may even lack this basic protection, and Google's databases are distributed all over the world.
Email sent by employees through their employer's equipment has no expectation of privacy; the employer may monitor all communications through their equipment. According to a 2005 survey by the American Management Association, about 55% of US employers monitor and read their employees' email. Even attorney–client privilege is not guaranteed through an employer's email system; US Courts have rendered contradictory verdicts on this issue. Generally speaking, the factors courts use to determine whether companies can monitor and read personal emails in the workplace include: (i) the use of a company email account versus a personal email account and (ii) the presence of a clear company policy notifying employees that they should have no expectation of privacy when sending or reading emails at work, using company equipment, or when accessing personal accounts at work or on work equipment.
The Internet is an expansive network of computers, much of which is unprotected against malicious attacks. From the time an email composed to the time it is read, an email travels through this unprotected Internet, exposed to various electronic dangers.
Many users believe that email privacy is inherent and guaranteed, psychologically equating it with postal mail. While email is indeed conventionally secured by a password system, this one layer of protection is generally insufficient to ensure appreciable security.
Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more sensitive information is transferred online, the need for email privacy becomes more pressing.
Risks to user
Email is vulnerable to both passive and active attacks. Passive threats include Release of message contents, and traffic analysis while active threats include Modification of message contents, Masquerade, Replay, and denial of service attack. Actually, all the mentioned threats are applicable to the traditional email protocols:
- Disclosure of Information: Most emails are currently transmitted in the clear (not encrypted). By means of some available tools, persons other than the designated recipients can read the email contents.
- Traffic analysis: It is believed that some countries are routinely monitoring email messages as part of their surveillance. This is not just for counter-terrorism reasons but also to facilitate combat against industrial espionage and to carry out political eavesdropping. However, it is not devoted to the national agencies since there is a thriving business in providing commercial and criminal elements with the information within emails.
- Modification of messages: email contents can be modified during transport or storage. Here, the man-in-the-middle attack does not necessarily require the control of gateway since an attacker that resides on the same Local Area Network (LAN), can use an Address Resolution Protocol (ARP) spoofing tool such as "ettercap" to intercept or modify all the email packets going to and from the mail server or gateway.
- Masquerade: It is possible to send a message in the name of another person or organization.
- Replay of previous messages: Previous messages may be resent to other recipients. This may lead to loss, confusion, or damage to the reputation of an individual or organization. It can cause some damage if email is used for certain applications such as funds transferring, registration, and reservation.
- Spoofing: False messages may be inserted into mail system of another user. It can be accomplished from within a LAN, or from an external environment using Trojan horses.
- Denial of Service: It can put a mail system out of order by overloading it with mail shots. It can be carried out using Trojan horses or viruses sent to users within the contents of emails. It is also possible to block the user accounts by repeatedly entering wrong passwords in the login.
Because email connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of email that passes through. In effect, every email leaves a digital papertrail in its wake that can be easily inspected months or years later.
The email can be read by any cracker who gains access to an inadequately protected router. Some security professionals argue that email traffic is protected from such "casual" attack by security through obscurity – arguing that the vast numbers of emails make it difficult for an individual cracker to find, much less to exploit, any particular email. Others argue that with the increasing power of personal computers and the increasing sophistication and availability of data-mining software, such protections are at best temporary.
Intelligence agencies, using intelligent software, can screen the contents of email with relative ease. Although these methods have been decried by civil rights activists as an invasion of privacy, agencies such as the U.S. Federal Bureau of Investigation conduct screening operations regularly. A lawsuit filed by the American Civil Liberties Union and other organizations alleges that Verizon illegally gave the U.S. government unrestricted access to its entire internet traffic without a warrant and that AT&T had a similar arrangement with the National Security Agency. While the FBI and NSA maintain that all their activities were and are legal, Congress passed the FISA Amendments Act of 2008 (FAA) granting AT&T and Verizon immunity from prosecution.
Whistleblower and former National Security Agency (NSA) employee William Binney has reported that the NSA has collected over 20 trillion communications via interception, including many email communications, representing one aspect of the NSA warrantless surveillance controversy.
ISPs and mail service providers may also compromise email privacy because of commercial pressure. Many online email providers, such as Yahoo! Mail or Google's Gmail, display context-sensitive advertisements depending on what the user is reading. While the system is automated and typically protected from outside intrusion, industry leaders have expressed concern over such data mining.
Even with other security precautions in place, recipients can compromise email privacy by indiscrimate forwarding of email. This can reveal contact information (like email addresses, full names, and phone numbers), internal use only information (like building locations, corporate structure, and extension numbers), and confidential information (trade secrets and planning).
In the United States and some other countries lacking secrecy of correspondence laws, email exchanges sent over company computers are considered company property and are thus accessible by management. Employees in such jurisdictions are often explicitly advised that they may have no expectation of a right to privacy for messages sent or received over company equipment. This can become a privacy issue if employee and management expectations are mismatched.
To provide a reasonable level of privacy, all routers in the email pathway, and all connections between them, must be secured. This is done through data encryption, which translates the email's contents into incomprehensible text that, if designed correctly, can be decrypted only by the recipient. An industry-wide push toward regular encryption of email correspondence is slow in the making. However, there are certain standards that are already in place which some services have begun to employ.
There are two basic techniques for providing such secure connections. The electronic envelope technique involves encrypting the message directly using a secure encryption standard such as OpenPGP (Public key infrastructure), S/MIME. These encryption methods are often a user-level responsibility, even though Enterprise versions of OpenPGP exist. The usage of OpenPGP requires the exchange of encryption keys. Even if an encrypted email is intercepted and accessed, its contents are meaningless without the decryption key. There are also examples of secure messaging solutions available built on purely symmetric keys for encryption. These methods are also sometimes tied with authorization in the form of authentication. Authentication just means that each user must prove who he is by using either a password, biometric (such as a fingerprint), or other standard authentication means.
The second approach is to send an open message to the recipient which does not have to contain any sensitive content but which announces a message waiting for the recipient on the sender's secure mail facility. The recipient then follows a link to the sender's secure website where the recipient must log in with a username and password before being allowed to view the message. Some solutions combine the approaches, and allow for offline reading.
Both approaches, and their related techniques, come with advantages and disadvantages and it is today generally considered that the setup of choice varies depending on the target market and application. PKI based encryption methodologies have limits in efficiency in how to engage secure messaging between two parties, as creation and delegation of certificates are needed prior to communication. Methods of utilizing non-PKI based encryption bring in challenges in a successful and secure key-exchange. Having the sensitive content shipped with the email delimits the senders possibilities to make the content unavailable, or control when in time the content should be available for consumption. If on the other hand, the sensitive information is not shipped with the MIME stream and the sender is hosting the information on a web-server, it requires the recipient to be online to be able to read it.
At the ISP level, a further level of protection can be implemented by encrypting the communication between servers themselves, usually employing an encryption standard called Transport Layer Security (TLS). It is coupled with Simple Authentication and Security Layer (SASL), which confirms the target router's identity. This ensures that unintended servers don't end up with a copy of the email, which happens frequently in the course of normal correspondence. This method is the only method that is completely transparent to end-users and does not require the creation of individual certificates for each user. Gmail adopted TLS on outgoing mail in October 2011. Other major webmail providers such as Yahoo! and Hotmail have yet to announce any plan to adopt TLS on outgoing mail.
Although some ISPs have implemented secure sending methods, users have been slow to adopt the habit, citing the esoteric nature of the encryption process. Without user participation, email is only protected intermittently from intrusion.
A non-technical approach employed by some users is to make tapping and analysis of their email impractical via email jamming.
Yet another method comprises the use of a third, web email account, utilized solely to store private information as a draft. Users share the third account's password, notify the recipient of any change to the content of the draft by sending a code word through their standard, non-secure email services. The actual exchange of the information stored in the draft is accomplished by viewing it, copying it and pasting into their own media. This method does not generate any known email protocol packet.
- Anonymous remailer
- Data privacy
- Email encryption
- Email spoofing
- email tracking
- Enigmail – Thunderbird plug-in
- Firegpg – Firefox extension
- GPGMail – OS X Mail plug-in
- Industrial espionage
- Internet privacy
- Java Anon Proxy – a proxy system designed to allow browsing the Web with revocable pseudonymity.
- Opportunistic encryption
- Secure communication
- Secure email
- Secure Messaging
- STARTTLS – opportunistic transport layer security.
- United States v. Councilman
- Web bug
- Website spoofing
- Company email lacks reasonable expectation of privacy (Smyth v. Pillsbury)
- Workplace e-mail privacy from the Office of the Privacy Commissioner (Australia)
- Mills, Elinor (2006-09-22). "Taking passwords to the grave". News.com.
- "Investigating Employees' E-Mail Use", Morning Edition, National Public Radio, June 18, 2008
- 18 U.S.C. § 2703
- Erin Fuchs, "No One Is Talking About The Insane Law That Lets Authorities Read Any Email Over 180 Days Old", Business Insider, 7 June 2013.
- William Binney, "'Everyone in US under virtual surveillance' - NSA whistleblower", RT 4 December 2012.
- Glenn Greenwald, "NSA Prism program taps in to user data of Apple, Google and others", The Guardian, 6 June 2013.
- Lisa Guerin (2011). Smart Policies for Workplace Technologies: Email, Blogs, Cell Phones & More. Nolo. pp. 47–49. ISBN 978-1-4133-1326-0.
- Hopkins, W. Chapman; McBrayer, McGinnis, Leslie and Kirkland, PLLC (September 19, 2012). "Are Personal Emails Private in the Workplace?". The National Law Review. Retrieved 17 April 2013.
- ERIC LICHTBLAU, JAMES RISEN and SCOTT SHANE (16 December 2007). "Wider Spying Fuels Aid Plan for Telecom Industry". New York Times. Retrieved 30 October 2011.
- "Foreign Intelligence Surveillance Act (FISA)". American Civil Liberties Union. 5 February 2008. Retrieved 30 October 2011.
- "NSA is lying". Democracy Now. April 20, 2012. Retrieved May 1, 2012.
- For an example, see Holmes v. Petrovich Development Co., http://scholar.google.com/scholar_case?case=9181011446702902609&hl=en&as_sdt=2&as_vis=1&oi=scholarr
- Per Thorsheim (October 2011). "More STARTTLS support!". Retrieved 2011-10-30.