E-mail encryption serves a higher purpose
of safeguarding an individual’s personal information from bank statements to email accounts, financial records, medical histories and other highly private information. Unfortunately only a handful uses it in Goa, many even sending highly
sensitive financial records and transactions openly. Prajyot Mainkar, owner at the app development company, Androcid, says
he uses encryption in all emails he sends but unfortunately the same can’t be said for other internet users in the state.
“It is actually very important to protect sensitive data, but people barely use it. Save for a few corporates, the concept
of email encryption isn’t very popular,” he says. Some companies however do use a system known as the Policy Based Email
Encryption which uses Microsoft Outlook which provides the feature. Only the recipient who has a private key that matches
the public key used to encrypt the message can decipher the message to continue reading. With terms like public and private
key, email encryption may sound complicated but is actually easier than it sounds. There isn’t any involvement of
any sort of code writing on encrypting on the users part but works on a public key system.
Using a simple technology called
Pretty Good Privacy (PGP) messages are
jumbled to look like gibberish to the
unintended recipient. It even obscures
credit card numbers, addresses, photos
or anything private. The GNU Privacy
Guard (GPG) is relatively newer software
and is a step up from PGP.
Once the software is installed on your
system, the programme generates a
public and private key. The public key is
what is for the public to see and use to
send emails while the private key is
what you use to unlock an incoming
garbled message.
Programmes such as Mailvelope, Enigmail,
Hushmail, Thunderbird and PostBox
run on an OpenPGP software and work
as extensions to Firefox, Chrome, Safari
and Opera browsers. So even if you’re
using Gmail, Yahoo or any other email
service provider, the PGP and GPG software
encrypts messages that can only
be read using the receiver’s private key.
In a bid to help users, email service
providers themselves have launched a
campaign to offer end to end encryption.
Google last year launched its End-To-
End Chrome extension that ‘helps encrypt,
decrypt, digital sign and verify
signed messages within the browser
using OpenPGP’.
Recently, Yahoo announced it too
would be following in Google’s footsteps
with its own encryption extension to be
released next year. It’s security researcher,
Alex Stamos was reported as saying, “If
an activist in Sudan wants to email a human
rights organization’s gmail address
and they have encryption set up for it, it
will automatically detect that and offer
them the option to encrypt.”
But many other security experts still
question the reliability of this mainstream
hype in email encryption.
Researchers from Georgia Tech on
the other hand have taken encryption
to yet another level: Android smartphones.
While using apps like Whatsapp
or Gtalk, as text is being typed it gets
encrypted and only decrypts when the
text is received from the other user,
running on the same software. Though
the team for now is approaching it as
purely academic research the plan is to
release the software called Mimesis
Aegis to the public soon.
