Recently in this column I mentioned the Electronic Frontier Organization and their web site found at prism-break.org where internet users concerned about their privacy may learn more about secure software and encryption. I warned that there are no simple solutions, so if an easy answer is what you are looking for you may as well stop reading now.
Preventing governments or anyone else reading your email requires secure encryption and there is an absolutely unbreakable one available for free. PGP (Pretty Good Privacy) is a lot more than pretty good; it is completely uncrackable; so much so that when Phil Zimmermann wrote it 20 years ago the U.S. government tried to suppress it by charging him with the crime of creating and exporting a dangerous weapon without a license. (I am NOT making this stuff up!). Zimmermann made the source code for PGP public and when Massachusetts Institute of Technology Press published it in book form it was protected by the First Amendment. Several years later a frustrated U.S. government dropped its criminal pursuit of Zimmermann.
PGP uses a public encryption key and a private key. Any message encrypted with the public key can only be unencrypted with the private key. You will need to first obtain a free copy of a PGP client to install on your computer.
To send an encrypted email to someone you will need their public key, so that is next on your list. The only 100 percent sure way of making sure you are getting a valid public key from someone is to obtain it in person. At political or activist meetings and on university campuses there are sometimes PGP parties during which people who want to correspond secretly with each other will meet to exchange their public PGP keys. “Can I have your PGP key? How do I know you’re the real Charles Miller and not some imposter from the NSA? Let’s see some photo I.D.”
Of course it is not practical to obtain every public key in person and so at some point you will have to rely on a key you might have obtained second hand or third hand. The further away from the source, the more the chance you could be using a forged key and the lower your level of confidence. This is where Web of Trust comes in, and this secure system for obtaining public keys is described in the PGP documentation.
So, once you have someone’s public encryption key in hand you can write an email and send it securely. Simply enter the other person’s public key into your PGP client and that software will translate your message into an unintelligible blob of gibberish. Send that blob to the message recipient so that he or she can use their own PGP program and their private key to translate your encrypted message back into readable clear text.
If all this seems like a lot of work, that’s because it is. You can no longer safely delegate responsibility for your security to others because they can be compelled to secretly violate your trust. So long as you are vigilant about using good security practices (not writing your private key on a yellow Post-It note on the side of your monitor) then the PGP system is absolutely, positively unbreakable and your secrets are safe.
That does it for this much abbreviated guide for how to send securely encrypted email. The prism-break.org web site has much more information about securing your online life with Operating Systems, internet web browsers, search engines, video conferencing and Voice over IP, DNS, and alternative email or social networking services offering more online privacy than those you are probably using now.
Occasional Reporter contributor Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted through his web site at SMAguru.com.