How to encrypt your email

Carlton Boyce / 22 November 2018 ( 16 March 2018 )

Could you keep your emails safer with encryption?



As I’m sure you know, people living and staying in the United Kingdom are some of the most intensively monitored in the world. Take CCTV cameras, for example; while estimates vary, most experts agree that there is at least one CCTV camera for every ten people. This doesn’t sound too bad until you realise that the UK has 1% of the world’s population but 20% of its CCTV cameras…

And this surveillance continues inside your home: the Investigatory Powers Act 2016, which regulates the ability of investigating authorities to monitor what we access on the Internet and the contents of our email. Many of us worry about the sweeping powers it confers on the authorities and it has been described by the whistle-blower Edward Snowden as “is the most intrusive and least accountable surveillance regime in the West”.

This might not bother you, in which case you’re going to find this article dull, irrelevant, and quite possibly the rantings of a paranoid lunatic. For everyone else though, it might be the most important article you read in 2018…

Your emails are (probably) being read

Your emails are being intercepted and quite possibly read because the Investigatory Powers Act 2016 (IPA 2016, or the “Snoopers’ Charter” as some have dubbed it) allows the police, security services, and a number of other investigatory bodies to access your communications data - a definition that includes your web history and emails - if they have grounds to believe that it is necessary:

a) in the interests of national security,

b) for the purpose of preventing or detecting serious crime, or

c) in the interests of the economic well-being of the United Kingdom so far as those interests are also relevant to the interests of national security (but see subsection (4)).

This sounds OK, doesn’t it? After all, if you’re up to no good then the authorities should be allowed to investigate and prosecute you. However, your communications data, a definition that includes emails, is being stored, passed on, and scrutinised even if, like me, you are a person of unblemished character. These so-called ‘bulk data sets’ are too large to be processed manually, so a computer sifts them for key words, suspicious patterns, and other indicators of possible criminality.

And, while you might not have a problem with the police or security services accessing your data if they think you’ve been up to no good, how do you feel about NHS trusts being able to do so? Or the Departments for Transport, or Work and Pensions? Or the Food Standards Agency? In total, 88 investigatory authorities can apply for a warrant, meaning it’s not just the police you have to worry about.

Let’s set aside our concerns about monitoring on behalf of the state for a moment and consider criminals hacking into our email accounts. This is a very real problem and the consequences can range from identity theft, blackmail, and the appropriation of sensitive information like bank details and credit card numbers. 

For these reasons, many of us are now sufficiently worried to start thinking about encrypting at least some of our emails.

5 signs your email has been hacked

Encrypted data

While those of the if-you’ve-done-nothing-wrong-then-you’ve-got-nothing-to-worry-about camp just shrug their shoulders and get on with their lives unfettered by worries that the authorities or criminals are reading their emails, others prefer to take a more pro-active approach by encrypting their online communications.

Encrypting an email simply means only the sender and the recipient can read the contents; everyone else will only see a meaningless string of random characters. This is in stark contrast to a non-encrypted email that anyone can read.

Think of it as the difference between sending a postcard and a letter; the former can be read by anyone who sees or handles it, while reading the latter is more difficult and so is more private. (Speaking of letters, you have invested in a £10 shredding machine to securely dispose of your old letters, bank statements and other bills, haven’t you?)

Personal documents and data disposal


How to encrypt your emails

Encrypting your emails isn’t hard but it can be a bit complicated, relying on you setting up Secure Socket Layer (SSL) and Transport Layer Security (TLS) communication between your computer and the server that handles your emails. You will also need to install a security certificate, as will all your contacts you want to communicate privately with. You then need to share the public keys between you all to allow everyone to decipher the encrypted emails.

It’s doable but a bit byzantine and it could be largely irrelevant to most of us as there are three much easier ways to achieve the same effect.

Gmail

If you already use Gmail then you’ll be pleased to hear that all your emails are encrypted as standard as long as both you and the recipient are using the official Gmail app or accessing it directly through the Google Chrome browser. This makes Gmail a good option for those who want an easy, free way to communicate in complete privacy, especially as so many of us already have accounts.

However, users need to be aware that the encryption is removed if the recipient or sender accesses their Gmail emails in any other way other than via the app or Chrome, meaning that the emails are readily readable. Also, Google tracks everything you do online to better target its adverts for you - and this includes scanning your emails, apparently…

Microsoft Office

For those who use a different email provider, you might want to consider using something like Microsoft Outlook. You’ll need an Office subscription to use it but once you’ve got it set up then it’s fairly easy to use.

The first job is to exchange digital signatures with everyone you want to email, which can be a bit of a hassle but is easier than going down the SSL/TLS route. Should you want to do so - and it’s really not that complicated - then there is a really good guide here on the Microsoft website.

ProtonMail

Finally, if you don’t mind changing your email address then you could use a provider like ProtonMail. This is a free email service that guarantees that all of its emails are “secured automatically with end-to-end encryption”, even when you are communicating with non-ProtonMail email accounts; in this case, you simply send the recipient a secure passphrase that they use to ‘unlock’ the encryption. A non-encrypted ProtonMail email can be sent just like any other when you are sending non-sensitive information.

Based in Switzerland, you can set up a ProtonMail email address without disclosing any personal information whatsoever and can even set your account up so that your emails self-destruct from the recipient’s email in-box after a set period. (The obvious weakness here is that, just like SnapChat, the recipient can just take a screenshot if they want to retain a copy of the message.)

7 password mistakes

An easier way to encrypt your communications

While switching to a service like ProtonMail is simple, easy and free, encrypting your emails from your existing email account can be a bit long-winded and it would be easy for a technophobe to get confused and give up.

Which is where services like WhatsApp, Skype and Facebook Messenger come in. All are fully encrypted as standard, making it an easy way to communicate in privacy with none of the faffing about that using an encrypted email service requires.

And because the encryption is automatic, using them is as easy as it’s always been and doesn’t demand anything extra of you to set it up or use it. Obviously, communicating with your solicitor or accountant via WhatsApp is probably a non-starter, but for everyone else it’s a handy way to add a layer of security for stuff that is sensitive and you’d rather keep confidential.

Try 12 issues of Saga Magazine for just £12

Subscribe today for just £12 for 12 issues...


The opinions expressed are those of the author and are not held by Saga unless specifically stated.

The material is for general information only and does not constitute investment, tax, legal, medical or other form of advice. You should not rely on this information to make (or refrain from making) any decisions. Always obtain independent, professional advice for your own particular situation.