I got an email today from my lawyer. In the email was a ton of confidential information about Rapleaf. And, like almost all emails, it was sent in the clear. No encryption. Of all the emails I sent or received in the last ten years, a total of zero were encrypted. None.
Isn’t that nuts?
We are sending each other very private information through very public routers (including all those wifi routers, hotel internet stops, and more) where someone listening at the router could easily assemble our messages.
In college (I graduated in 1996), things were different. My friends and I would send each other emails using PGP encryption. Why? Well, we didn’t want people reading our mundane (mostly about class projects) missives.
Since then, no one has solved the casual email encryption problem. I mean, couldn’t gmail, yahoo, hotmail, and aol agree on a standard tomorrow?
Until then, I sit here sending my messages in the clear …
Yep.. one thing worth mentioning (though it’s far from a perfect solution) is that gmail supports SSL. So you can go to https://www.gmail.com, and at least have an encrypted transmission to/from Google. Google can still read your e-mails, of course.
This doesn’t help if the recipient is loading his stuff up on a Starbucks wifi hotspot in Outlook, though 🙂
My lawyer uses http://www.hushmail.com/
Maybe you should get a new lawyer. When my lawyer needs to send me private documents, he doesn’t use e-mail. When he wants to tell me something confidential, he doesn’t put it in e-mail: He calls me.
(So it’s just us and the NSA.)