Email Security and Privacy.

Updated 25th May 2018.

Copyright: European Union Public License, version 1.2 (EUPL-1.2).

As the available technology out there has increased, the right that we have to our own privacy while using technology, sadly, has diminished.

Disclaimer: We are not affiliated in any way to these Companies, this article is 100% our findings. There is no affiliate marketing in place through the links provided below, they’re for your convenience.

How we write our reviews: To ensure an unbiased and thorough review all apps are tested:
• In real time, i.e. we use it on real projects.
• By different team members located in different countries.
• With different devices and operating systems.
• For a minimum of two weeks, four on average.
• Article is peer reviewed by other team members then sent to the app developers for final review.

Contents of this article.

  1. Introduction.
  2. Email Security.
  3. Reasons to Have a Secure Email Account.
  4. CLOUD Act.
  5. ProtonMail, Tutanota, and Encryption.
  6. Setting up a ProtonMail Account.
  7. Sources.

1. Introduction.

As the available technology out there has increased, the right that we have to our own privacy while using technology, sadly, has diminished. Governments around the world have been trying to control our relationship with technology, regardless of whether that invades our own privacy, which means that the government can seize information they should have never been privy to. Because of this injustice, we all must protect ourselves from having our data taken without our protection by being cautious about how we use technology, which includes email securities. As a business, we have to be diligent in ensuring the security of employees, contractors, and businesses we work with by using an encrypted and secure email service like ProtonMail or Tutanota.

2. Email Security.

Since its introduction, email has maintained its role as a primary source of communication. It gives us the ability to instantly send long messages and documents to our contacts. But we still need to take precautions to keep those emails and documents secure. Email security involves protecting emails from illegal access, compromise, and deceit. Just as the internet has given us the gift of streamlined communication, it has also streamlined the ability for criminals to intercept that communication.

One of the easiest targets of cyber criminals is your email account. Email hacking is not new and has been around as long as email has been, but the abilities of criminals have become more sophisticated, putting users at risks they never saw coming.

Some of the biggest consequences to security breaches are:
• Credit card theft.
• Identity theft.
• Loss of customers.
• Loss of business.
• Breached confidential information.
• Financial devastation.

Only through the use of end-to-end encryption is your information truly safe. End-to-end encryption is a system of communication where only the participants of the email are capable of reading it. The information cannot be deciphered between the sender and the recipient.

3. Reasons to Have a Secure Email Account.

There are several reasons that you should use a secure email account for your communication.

  1. Email is how businesses send documents and information between its employees and other contacts. If sensitive information is compromised, the fate of the business could be put in jeopardy.
  2. Individuals who use unsecured emails run a big risk of receiving malware, used to steal information from their computers or put viruses on their computers.
  3. Emails are not truly deleted and exist in a cloud for every type of email service out there. The cloud is the server that the service uses to store its users emails and data. Emails can exist indefinitely on an unsecured server, leaving your information out in the void for years to come.
  4. All email users are vulnerable to online criminals, regardless of whether they are state-sponsored.
  5. When your own email account is compromised, it is not just you who is threatened, but all of your contacts as well. Having an unsecured email risks everyone associated with your email.
  6. Governments, including the U.S. and the E.U. will look for data to use against users, even when the email users have not been accused of a crime. So they are scanning personal data to try to find information to use against citizens without proper cause or justification, violating all rights to privacy that email users should have.

If you are an email user who feels like you have nothing to hide, you might wonder why privacy and email security matters for you at all. The truth of the matter is that no matter how clean your information is, the government having the ability to take confidential information of all kinds can put both individuals and businesses at risk. If the government knew private conversations, breakthroughs with companies, financial situations, and even who you are communicating with, all of the information can be held indefinitely to be used against you at a later time, even if you have not committed the crime. This makes the governments the criminals, not the email users.

We ask that our consultants utilize ProtonMail not just for our own security as a company, but for the security of the individual as well. No one should have their private information illegally seized at the whim of the government. Using secure email means security for all users for today as well as for tomorrow.

4. CLOUD Act.

In 2018, the United States government put in motion the CLOUD Act. The Act was created under the guise of keeping government surveillance laws up on par with the advancements of technology. What the Act actually does is it allows federal law enforcement to subpoena any stored data, no matter where the servers are. The CLOUD Act was created to the sole purpose of taking information that the government did not have the right to in order to use the data against the email account holder as long as they are a U.S. citizen. The CLOUD Act may only affect U.S. citizens on the surface, but as many countries around the work share information with one another, the data seizure opportunities might be greater than they appear.

The CLOUD Act itself may have had the support of the larger tech companies, like Google, Apple, and Microsoft, but it did not have the support of human rights groups, including Amnesty International and the American Civil Liberties Union. In short, the CLOUD Act violates the Fourth Amendment by allowing unreasonable search and seizure. The U.S. government can obtain data stored on foreign soil without having to go through the proper court process.

5. ProtonMail, Tutanota, and Encryption.

So how do we protect ourselves from the government’s self-allowed access to information that they should not have the right to? The use of email encryption and security is the answer. Utilizing email services that provide the right amount of protection can keep the government and state-sponsored criminals from taking the information they had no right to.

When choosing between secure email platforms, it is important to know that you are getting the best security possible. Both ProtonMail and Tutanota are well-known for their security. They share many features as well, including open source software, end-to-end encryption, and no logging of user data.

The email provider ProtonMail is very secure because the servers are located in Switzerland. Switzerland has maintained its position as one of the most reliable places in the world to have privacy. In the case of ProtonMail and the CLOUD Act, the U.S. and the E.U. governments do not have the right to access information stored on servers in Switzerland.

Outside of having secured servers stored in a neutral location, ProtonMail’s privacy comes encryption done in the browser, with a specific “bridge” to get IMAP using a standard client like Thunderbird or Outlook (does not work when a VPN is one). Having your email encrypted ensures that any parties that try to get into your email in between the server and your computer could not read any of the data transferred, ensuring your privacy.

Tutanota is another encrypted mail service that offers end-to-end encryption. Similar to Protonmail, the service uses encryption to ensure the messages have been encrypted well and cannot be intercepted by a third party. If a Tutanota user would like to send a secure email to a non-user, they can. The non-user would receive a link to a temporary Tutanota account, ensuring the response would also be encrypted. As a company, Tutanota’s primary goal is privacy, giving users assurance that communication is secure. The servers are based in Germany, however, which is part of the five eyes. Even if it is next to impossible to read encrypted data, the risk is still out there.

Both Germany and Switzerland are not big fans of government surveillance. With Germany having the European Union overseeing their activity, it seems possible that the security could be breached. In Switzerland, however, they do not have the same risk, but they do have others to consider as well. Switzerland does not have the same level of cyber security legislation, which also means there is not legislation against cybercrime. Both countries have sophisticated IT infrastructures, however, and the lack of government interference in Switzerland makes it more desirable for email encryption overall.

6. Setting up a ProtonMail Account.

Setting up a ProtonMail account should only take a few minutes of your time. This is how you can do it.

  1. Go to protonmail.com on your web browser. For the highest level of security, you could use a burner phone to register, ensuring that the account will not be linked with your personal phone or computer. There you will be given the option to create a free or paid account. Since you are just starting out, select the free option.
  2. The page you will be on now is the Create Your Account page. Setting your username means that you are selecting your ProtonMail email address.
  3. After you have selected a username, you will need to set your password. It is essential that your password be secure. Using a password manager will help you create a password that is strong and difficult to break by hackers. Our post on password managers further explains the advantages of using this type of service and you can read it here.
  4. ProtonMail will ask you if you would like to use a recovery email in the event that you lose your password. For the highest security, you should not provide them with another email address, but keep any other personal accounts separate from your encrypted account.
  5. After your password and username have been approved, ProtonMail will want to verify that you are a person. One option is to use your phone number and have them send you a text. This is not a safe option. The best option is to select the reCAPTCHA and confirm that you are human, but not provide any other personal information about yourself.
  6. Your account has been created, but now it would like you to set your alias. This is the name that will show up as you in your recipient’s email and is not the same as your email address. Your alias will depend on who you are sending the emails to, but ideally, it should not be your real complete name.
    After you have finished setting up your email, you are set to get started sending and receiving safe and encrypted messages, keeping your information private and out of criminal hands.

7. Sources.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s