*** Welcome to piglix ***

Email Privacy


Email privacy is the broad topic dealing with issues of unauthorized access and inspection of electronic mail. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user computer. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters and get legal protection from all forms of eavesdropping comes under question because of the very nature of email. This is especially important as relatively more communication occurs via email compared to via postal mail.

Email has to go through potentially untrustworthy intermediate computers (email servers, ISPs) before reaching its destination, and there is no way to tell if it was accessed by an unauthorized entity. This is different from a letter sealed in an envelope, where, by close inspection of the envelope, it might be possible to tell if someone opened it. In that sense, an email is much like a postcard whose contents are visible to everyone who handles it.

There are certain technological workarounds that make unauthorized access to email hard, if not impossible. However, since email messages frequently cross national boundaries, and different countries have different rules and regulations governing who can access an email, email privacy is a complicated issue.

There are some technical workarounds to ensure better privacy of email communication. Although it is possible to secure the content of the communication between emails, protecting the metadata of (who sent email to whom) is fundamentally hard. Even though certain technological measures exist, the widespread adoption is another issue because of reduced usability.

According to Hilarie Orman, mail encryption was first developed about 30 years ago, and it is a powerful tool protecting one's email privacy. Although it is widely available, it is rarely used, leaving the majority of email under the prying eyes across the Internet. In general, encryption provides protection against malicious entities. However, a court order might force the responsible parties to hand over decryption keys; a notable example is Lavabit. Encryption can be performed at different levels, resulting in significantly different consequences.

With the original design of email protocol, the communication between email servers was plain text, which posed a huge security risk. Over the years, various mechanisms have been proposed to encrypt the communication between email servers. One of the most commonly used extension is STARTTLS. It is a TLS (SSL) layer over the plaintext communication, allowing email servers to upgrade their plaintext communication to encrypted communication. Assuming that the email servers on both the sender and the recipient side support encrypted communication, an eavesdropper snooping on the communication between the mail servers can not see the email contents. Similar extensions exist for the communication between an email client and the email server.


...
Wikipedia

...