Think Email is Private? Think Again.



Oliver Ni



We use forms of electronic communication every day. From email to texting to calling with our phone, we generally think of these forms of communication as private. But are they really private?

When we use email, we think of it as sending a letter. When you send a letter, there are a few steps: Write a letter, put it inside an envelope, then stamp and send it. When sending an email, it is similar: Type up a email, then send it. But sending an email is more like sending a postcard then sending a letter. Anyone who sees it on the way from you to the recipient can see the contents. You might not think this is a severe problem, but think about what we send in email. A lot of private information is sent through email.

But then how would we fix this problem? Well, the obvious way is to encrypt the emails. What does this mean? It means using a certain algorithm to "secretize" the emails. This is called encryption. The algorithm is called a cipher. You might have seen basic ciphers, such as the simple substitution cipher, which switched all of one letter to another letter. But the simple substitution cipher is too easy to hack. Nowadays, we use a cipher called RSA. What does it stand for? 3 people's names. But that's unimportant.

In RSA, there is a public key and a private key. The private key, as its name suggests, needs to be kept private by the person. The public key can be released into the public. To encrypt a message, you use the public key. To change it back to the original message, called decrypting, you use the private key. So we can use RSA to encrypt the emails!

But there is one problem. The keys are also stored on the server. This is basically like having a huge lock and a key right next to it.

How do we fix this problem? Well, the easiest way would be to give everyone their own keys. We can store the public keys in the server and the private key in the user's computer. So the question is, why hasn't this been done yet? Well, the answer is advertising. 90% of all of Google's revenue, for example, come from advertising. And to advertise most efficiently, the advertisers need to know everything about you: Where you live, what you like, etc. And the easiest way to do that is to just invade your privacy.

You might be wondering, why should we do all these complicated things when I can just, like, go to the security settings, and opt-out of content based advertisements? Well, for one, you can never be sure that the server won't access your files. Another reason is that privacy shouldn't be just an option, it should be the default option. This way, not only people who know how to opt-out can be safe, everyone can.

Now let's talk about phones. Do you own a phone? How often do you use it? You might think about it as private, but did you know that any government official can lawfully ask for surveillance? Before the invention of mobile phones, phones were first built to make it possible for government officials to wiretap into phone conversations. With the invention of mobile phones, there is now software that allows people to monitor phones.

So the next time you send an email, or make a phone call, think about what you're gonna say. Think about who could be seeing these emails, and think about whether it's worth it to send it or not.

Yen, Andy. October 2014. "Think your email's private? Think again" [Video file]. Retrieved from https://www.ted.com/talks/andy_yen_think_your_email_s_private_think_again