In the workplace, technically you are not entitled to complete privacy in your email. It is after all, given to you so that you can do business on your employer's behalf.
Your email is the property of your employer and both yourself and your employer are liable for the contents. It is not intended for personal use and it can be viewed at any time, including after you leave even if you delete everything.
So how do you keep your personal email private when even the head of the CIA couldn't? His mistake was that he did not recognise the threat, and grossly underestimated it. His perceived threat was his spouse and didn't even conceive that the FBI would go looking through email servers.
Let's face it, anything that goes out over the Internet is at risk. To be honest, you should never put in an email anything you wouldn't want your mother to read.
That being said, if you want email privacy then there are steps you should take. You can mask your IP address which is traceable with any number of utilities that can accomplish that. I will not name names here since I am of the belief that one should have nothing to hide. Web mail providers like Google's Gmail and Yahoo keep log in records and IP addresses for 18 months.
In the U.S. the Fourth Amendment requires the authorities to get a warrant from a judge to search physical property. Rules governing e-mail searches are far more lax: Under the 1986 Electronic Communications Privacy Act, a warrant is not required for e-mails six months old or older. Even if e-mails are more recent, the federal government needs a search warrant only for “unopened” e-mail, according to the Department of Justice’s manual for electronic searches. The rest requires only a subpoena.
Did you know that U.S. law enforcement agencies requested data from Google for 16,281 accounts from January to June of 2012 alone, and Google complied in 90% of cases?
You can encrypt your email messages. Of course the encryption key is cumbersome and encryption does not hide the frequency of emails.
You can get a self-destruct timer, there is even one for your phone. It self-destructs the email address 10 minutes after a mail is sent. Nothing prevents your recipient from capturing screen shots though.
Saving emails into a shared Drafts folder rather than sending them doesn't work. This tactic had long been used by terrorists — Khalid Shaikh Mohammed, the mastermind of the 9/11 attacks, and Richard Reid, “the shoe bomber,” among them — and it doesn’t work. E-mails saved to the draft folder are still stored in the cloud. Even if they are deleted, e-mail service providers can be compelled to provide copies.
You can use a separate device just for sensitive communications, but nothing yells philanderer/terrorist/drug dealer like a second cell phone.
Get an alibi. The sneakier you are, the weirder you look when you suddenly start carrying a second phone, a pager, become knowledgeable about encryption, etc.
Robust tools for privacy exist as they do for being anonymous, but they're just not integrated in a way that make them easy to use. All it takes is human error (reply to all, forgetting to mask your IP, and a couple dozen other ways to screw up), and your privacy is shot to heck.
The bottom line is that if you don't want what you say on a phone or in email to end up on the front page of a major metropolitan newspaper, then don't say it.
Awesome post Kathleen! :) I was trying to explain to a friend the other day why she shouldn't be talking about her boss on emails from work...even if they're on her pvt email account. When you're on the work computers... anything you write is fair game and key words are flagged (aka bosses names etc.) that will bring unwanted attention if you're using them poorly.
ReplyDeleteThank you! When a person is at work, everything is filtered through their servers regardless of whether or not you use personal email or work email.
ReplyDeleteIf you're pulling your home email into your email client (like Outlook), everything you send has to go through their outbound mail to get to the internet. If you're using webmail, you have to go through their proxy server which logs EVERY website you go to. There is not much you can get away with if someone should be suspicious enough to want the admins (like me) to have a look.
This also includes your surfing history. And if you're silly enough to save things off the internet to a drive on your company's server that doesn't belong there (porn, inappropriate files) you will be held liable. I've seen it happen. An admin may be triggered by the file sizes taking space on the server, or be doing a clean up, or a supervisor may have a suspicion and ask the admin to look. There is not much we can't find when requested and we are bound to report everything.