Enter a URL
Email is the most common form of distance communication second only to SMS (mobile text) at this point. Unlike countless other internet-powered communications platforms (most of which were various instant messengers), email has been going strong since its rise to popularity around the same time the “world wide web” first gripped society.
Email is, of course, a powerful tool. Unlike traditional postage (aka “snail mail), an email takes at most seven seconds to reach its target, and that’s only if it has to all but circumnavigate the globe. Unlike its “ancestor”, faxes, no machine has to be ready to immediately receive the transmission on the other side, nor does it require a phone line to not be busy for the transmission to get through. An email can happily sit in an inbox for an indefinite time until its recipient signs in to view it. With the popularity of mobile phones, this wait is less and less as the years go by, too.
Of course, security and privacy are a concern, but it seems most people, and even big businesses, don’t fully appreciate the gravity of this fact. Email privacy is of paramount importance, regardless the nature of its use or user, and this has never been more the case than now.
Of course, for personal email accounts through which no sensitive personal information is transmitted nor received, the standard privacy and security offered by most email providers is sufficient. That is, providing that the other system and network-wide precautions of a good firewall, password protection of Wi-Fi and a solid antivirus are also properly in place.
This isn’t honestly the case for accounts through which sensitive personal information is sent, let alone for businesses regardless their size. This isn’t to say that the intrepid crew at the likes of Google etc. are incompetent when it comes to ensuring the privacy and security of email. Quite frankly, they haven’t the resources to double down on it to the levels a business or sensitive personal account really requires.
Fortunately, solutions do exist that address the many dangers to email privacy and security which the providers aren’t able to cover. But, to really appreciate the necessity of one or more of such tools, one must first know what the real dangers are. The severity of these risks and their consequences may be disturbing to some readers – good, they should be.
While the most immediate and obvious one may seem like more of a security threat than something specifically tied to privacy, viruses are a very real threat to both. Of course, a “computer virus” is one of the two oldest, most widely-known threats in general, alongside “hackers”. They are equally misunderstood as well, thanks in no small part to Hollywood.
In recent times, the easiest way for a virus to get in is through email, either piggybacking on an attachment or every cleverly hiding itself inside the email’s data itself. Once present, these viruses can stay hooked to the email inbox (or infect the email frontend if a tool like Outlook or Firebird are being used). This permits such viruses to copy and send duplicates of all incoming and outgoing emails, which not only is just a very crude violation of privacy in general, but can be devastating if sensitive information either personal or professional is contained within them.
Similar invasions such as worms (which are stand-alone viruses that can self-replicate) and malware pose similar sorts of threats.
One of the most egregious forms these can take, beyond email copiers, is the key logger. These programs hide, sometimes even invisible to a task manager, and record every key stroke made by the user. This makes every keyboard-related action done on said computer vulnerable to prying eyes up to absolutely no good. Passwords, correspondence, any number of other information can be stolen and sold to the highest bidder, used in fraud and identity theft as well as even used for blackmail in the most extreme cases.
Of course, the email privacy tools provided by antivirus suites usually have most of this covered, though that’s not a 100% guarantee of course. Key loggers are almost guaranteed not to make it through such protection, nor are most forms of malware. However, not every virus or worm can be defended against all of the time. When new ones come into being (which happens constantly, sorry to say), there is some time albeit brief when even the best antivirus programs have no definition files with which to detect them. That means these things can get in, and if they’re targeting email privacy, nothing’s stopping them from doing so.
An added layer of privacy precautions (such as encryption) can render these attacks more or less inert. The data may still be stolen, but it won’t be intelligible to the villains seeking to steal it. The effort and time to decrypt it, unless it’s worth billions, far exceeds the result, and so they won’t bother almost any time.
Of course, these traditional threats aren’t the only ones an antivirus can’t stop, but added privacy measures can more or less render fruitless.
Filesystem hijackers are another terrifying thing, and one with a very human (if such thugs deserve the honor of being called such) face. While a lot of their tactics involve using a worm or some form of malware to gain entry into computers, they aren’t the only way. Determined enough groups of brigands can also spy on email through various methods, and through that, determine ways either by examining the connection or by the data in the email, to get into the machine.
Once in, these ne’er-do-wells will encrypt all files not pertaining to the computer’s operation (and files on any connected cloud drive as well), making them unreadable. They will demand a payment (usually in the form of some crypto currency) often of an exorbitant amount, for a cypher to decrypt it all once more.
If email privacy is ensured through encryption and other precautions, alongside the antivirus software, then these creeps will be hard pressed to really find a way in. These monsters are, also, the biggest threat as far as intrusions and system attacks are concerned.
There are other ways any form of email espionage can be performed beyond embedding an intrusion inside the computer in question as well. These new vulnerabilities are a fairly recent thing arriving with the advent of free Wi-Fi everywhere, and they do require a significant amount of skill to pull off.
Listening to enough packets bouncing around between devices and access points in a Wi-Fi enabled environment allows a significant sample to be accumulated with which to begin brute force decrypting them. While this is used more often to gain access to password-protected Wi-Fi signals (to steal bandwidth), it can also be used to intercept emails, browser requests, texts and just about any other data being broadcast in such an environment.
While a rule of thumb and common sense is to perhaps use discretion when on public Wi-Fi when possible, having privacy protection measures in place is still a very wise decision. Once more, while nothing can stop these enterprising geniuses from intercepting transmissions if they really want to, it’s possible to make what’s being transmitted utterly indecipherable to them.
Now, this immediately begs the question of, if they can decrypt the base transmissions, can’t they decrypt privacy-protected emails as well? The short answer is yes, they can. The long answer is that it’s so much more difficult due to the level of encryption involved. It quite simply stops being worth the effort, just as it does for whomever is listening to viruses, worms, keyloggers and malware sending equally stolen data.
These are the sorts of attacks that can happen that put email privacy at risk. It’s worth noting what sorts of people or collective entities are usually behind such things, as well as their motives. The hijackers are the obvious ones, they want to hold data for ransom. These are often groups of younger people (but not children) with entirely too much skill and either the lack of opportunity to make constructive use of it, or the lack of motivation to do so.
Stolen emails, however, are usually for one of three purposes: identity theft and fraud, corporate espionage, or stalking of some more nefarious nature. Fraud and identity theft are usually committed by the same general sorts whom also perpetrate the hijackings previously mentioned. However, they tend to be smarter about it, as well as more organized and strategic. Corporate espionage is the more obvious one, usually arranged if not personally done by agents of competing businesses. Sometimes no one business provokes this, but devious entities harvest this to sell to the highest bidder.
Other forms of stalking and spying, the nature of which is too broad to specify here, could be done by anyone with the skill to do it. Sometimes people are just crazy and dangerous. Being crazy and/or dangerous does not also mean they are stupid or devoid of skill.
Of course, there’s also, in modernity, that ever-present danger of any of these forms of attack and espionage being part of a coordinated act of war perpetrated by enemies of an individual or company’s home nation, or home alliance of nations. As the internet becomes an increasingly dominant presence in everyone’s lives both professionally and personally, it’s also likely to become a new battlefield for a never before seen form of warfare. This is a type of warfare in which no shots are fired, and no blood is shed. However, the long-term damage is almost just as severe.
This of course hasn’t happened yet, as far as any governmental body has publicly stated. And while fearing this may sound like some cold war-era style of paranoia, no governments nor computer and IT experts will remotely deny the risk of this sort of thing happening. Some would argue it’s inevitable given wars are always so.
These dangers are all horrifying, and their ramifications are positively blood-chilling. Anyone who would argue otherwise probably didn’t pay attention and take this to heart. Email privacy is so very important, because it can further the safety provided by security and antivirus tools, in ways they simply cannot.
One more thing of serious note to all businesses questioning the importance of email privacy is one of PR and peace of mind. Not unlike antivirus and solid digital security, any company that is known to have serious email privacy protection in place, is a company that other businesses and customers alike will see as enlightened to the times and willing to do what’s necessary to protect itself and them as well.
A prime example of horrible PR coming from negligence in this regard would be Sony’s PSN network. While this wasn’t an attack on email privacy, the result is the same. Thousands if not millions of customers’ private user data and financial information was stolen in said cyberattack. The ease with which it happened, the poor response (and speed thereof) of Sony and their less than spectacular way of handling their public response to it all, culminated in a massive strike against Sony in the eyes of otherwise long-time, loyal customers.
People haven’t forgotten that incident, and it resulted in severe customer churn when the next PlayStation console was released. While new PSN subscribers were well within the quantity to qualify as a successful launch, it far underperformed the previous generation in that department, due to the shaken faith in Sony’s security and honesty as well.
People are increasingly aware of the ramifications of security and privacy, especially email privacy, being taken for granted. No company wants to be Sony. This is why every company that understands the digital millennium ensures email privacy among many other things.