If you’re really worried about the privacy of your e-mail, do yourself a favor and stop sending e-mail.
That’s the best advice I can give after the events of the past few days, all of which only confirm one thing: E-mail is nowhere near as private as we think it is — and it’s about time we accept that.
Even secure e-mail services aren’t immune to this truth. Last week came the news that Lavabit, the encrypted e-mail service that NSA contractor and leaker Edward Snowden allegedly used, was shutting down. While Lavabit founder Ladar Levison is legally barred from giving much detail about the reasoning behind the shutdown, it was clear that he could either comply with law enforcement or kill the business. There was no in-between.
More telling, perhaps, was something else Levison said: “I’m taking a break from e-mail. If you knew what I know about e-mail, you might not use it, either,” he told Forbes.
Levison isn’t alone. Even Philip Zimmermann, the creator of encryption software Pretty Good Privacy (PGP) and co-founder of Silent Circle, says he’s also giving e-mail a rest. “When people send me PGP encrypted mail, I have to go through a lot of trouble to decrypt it. If it’s coming from a stranger, I’ll say please resend this in plain text, which probably raises their eyebrows,” he said last week. (In wake of the Lavabit news, Open Circle also shut down its e-mail service.)
None of this is news to Snowden, who told the New York Times that the reality of e-mail should be a wake-up call for everyone — especially journalists.
“I was surprised to realize that there were people in news organizations who didn’t recognize any unencrypted message sent over the Internet is being delivered to every intelligence service in the world,” he said.
The Google controversy that wasn’t
Then comes Google, which is taking a lot of heat this week for statements made by its lawyers in a recent court filing. As some publications (wrongly) reported: “Gmail users have no ‘reasonable expectation’ that their e-mail are confidential, Google has said in a court filing.”
The problem? Google said no such thing and was instead citing a now ancient court case to defend its stance on the privacy of non-Gmail users: If you send an e-mail to someone with a Gmail account, you should assume Google will process and scan the e-mail in some way, the company argues.
While the subject is undeniably juicy, the problem is that there’s very little that’s new here. Gmail users surrender any hope of complete privacy when they sign up for Gmail, a service that scans the content of e-mail to not only filter out spam but to also serve users ads. Anyone who is still criticizing Gmail on that front is years late to a discussion that is long over.
Privacy? What’s that?
What is interesting about the controversy, however, is that it’s yet another example of the rift between our expectations and the reality of the privacy of e-mail.
For many of us, the definition of “private communication” is straightforward: Private communication is that which only you and the person you’re communicating with can read. That expectation, however, is completely out of sync with the basic way that e-mail (and just about any other digital communication) works: E-mail is neither completely secure nor completely private, and it was never designed to be either.
This is something that both Lavabit and Silenct Circle have come to realize: Because they could no longer provide the private e-mail services they promised, they decided that the services had to go.
Google, which is a much larger company with hordes of cash-hungry stockholders, can’t (and won’t) shut down Gmail, which is why the service is both still around and glaringly insecure. None of that’s surprising.
What is surprising, though, is just how little all of these revelations have affected us. Gmail users (or at least the ones who care about all this) may wring their hands about the awful state of e-mail privacy, but the basic and sad reality is that almost none of them are going to quit using Gmail. (And I say this as someone who is right now using Gmail just one tab over.)
I used to tell friends that if they cared about the privacy of their e-mail, they should stay away from Gmail. Now, my best advice is that they stay away from e-mail entirely.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.