Understanding Email Security and Privacy

The Electronic Frontier Foundation (EFF) has a good summary of the laws governing email privacy protections in the context of the scandal that led to the resignation of General David Petraeus, the Director of the Central Intelligence Agency. At the heart of the protections afforded to email is the The Electronic Communications Privacy Act (ECPA) from 1986. The EFF article explains how ECPA applies in this case, but is seriously outdated and doesn’t seem to offer much protection at all. Emails over 180 days considered “abandoned”? Read versus unread emails handled differently?. The EFF concluded:

Sound confusing? It is. ECPA is hopelessly out of date, and fails to provide the protections we need in a modern era. Your email privacy should be simple: it should receive the same protection the Fourth Amendment provides for your home.

This is clearly a high-profile case, so there may be some hope for the government clarifying these laws to catch up with today’s reliance on electronic communication. The EFF is part of a new campaign calling for reform: Vanishing Rights – Tell Congress Don’t Let Our Right To Privacy Expire. I think it’s a worthwhile effort, but I’m not optimistic for any privacy improvements soon. I don’t see the government voluntarily increasing privacy, especially in this case which could be considered a “success”.

To learn more about protecting your data and communications, I highly recommend reading the EFF guide to Surveillance Self-Defense. Many people may assume they have nothing to worry about because they aren’t expecting to be investigated by the government, but the guide points out a lot of data that’s available to private parties as well through subpoenas. You may think twice about keeping all your email with Google, Yahoo, AOL, Microsoft, etc.

Or, you could really go old-school like Janet Napolitano (U.S. Secretary of Homeland Security) and don’t use email at all.