How to keep emails private and avoid embarrassing leaks

Release time：2014-10-30
Browse：14819

The thought of your private emails being exposed is likely to send chills down your spine, especially when those of prominent Australians, such as Senator Nova Peris, hit the headlines with such a big thud.

Senator Peris and University of Sydney's Professor Barry Spurr had their emails exposed for reasons news publishers claim is in the public's interest.

They are not alone. American politician Sarah Palin had her private emails exposed in 2008. George Bush's family also suffered from an embarrassing leak in 2013. Both these incidents were primarily due to hackers who guessed answers to security questions.

Exactly how the latest emails were accessed remains unclear.

NT News parent company News Corp said copies of Peris' emails, from the time she worked as an Athletics Australia ambassador and communications officer with the Australian Institute of Aboriginal and Torres Strait Islander Studies, were volunteered "by a credible source".

The publisher said it was satisfied they were legitimate but would not comment on whether the emails were hosted on the servers of Athletics Australia, Aboriginal and Torres Strait Islander Studies or on free email services like Gmail and Yahoo Mail.

Given the leaks, it might leave some wondering whether their own emails are secure. Do they live forever in online email archives or on back-up tapes even after you delete them?

And how do you go about securing emails or erasing ones you might later regret?

Security expert Troy Hunt could not say for sure how the emails leaked in Peris and Spurr's cases, but noted a number of different ways they might have been exposed.

The first and most obvious was via one of the parties to the emails forwarding it on or taking a screenshot.

The second way was via typos or reply alls, where someone sends an email to the wrong person or group of people.

But emails can also leak if weak passwords were used on the email accounts, the email server was hacked, or if privileged IT administrators were snooping on them.

Two years ago Carlo Minassian, founder and chief of Sydney security firm Earthwave, told Fairfax Media IT administrators breaking into an employee's email without authorisation was a "very common occurrence" because it was "so accessible and so easy for them to cover their tracks" by deleting logs.

Mr Hunt said he was confident administrators at Google and Yahoo would have "good operational security" that would prevent internal unauthorised access to users' accounts, but said he was less confident about email managed by companies that might not have the same processes in place.

He encouraged those wanting to keep their emails private to use encryption, which uses keys along with a password to encrypt and decrypt text and files. Someone in the middle of a communication - like an administrator - wouldn't be able to view the email without the key and the password, he said.

Mr Hunt said whether emails were actually deleted when a user put them in their webmail rubbish bin depended on which service was being used.

It also depended on the service's data retention policy as well as if it had back-ups, he said.

Troy Hunt's tips for safe, secure email

1. You can't lose what you don't send. Assume leakage and don't send something you will regret.

2. Use reputable email services like Gmail or Outlook.com. This will keep nosey administrators away.

3. Use strong passwords.

4. Enable two-factor authentication to secure your web email account. This uses an additional token sent to your

smartphone.

5. Use PGP email encryption. Both sender and recipient need to use it to be effective.

6. Get both parties to delete all copies if you don't want the email resurfacing at a later date.

7. Delete email you no longer want, make sure it is removed in the trash.

Document

Product Recommendation