We have discussed the lack of security of the email protocol ("Email equals letter"), the risk of receiving emails ("I love you") and the dangers of opening attachments ("The truth lies in the URL") in many previous Bulletin articles. But have you ever considered the risks for your privacy when you send an email?
The email protocol was never designed to be secure nor to preserve people's privacy. Modules for adding encryption, like PGP, GPG or GnuPG, work rather badly and require that your recipient have the means to read your encrypted email. Instant messengers like Threema or Signal are much better in that respect and guarantee full confidentiality of your peer-to-peer communication (note that Telegram doesn't provide E2E encryption), with the small risk that some nation states (e.g. the US with regards to Signal and Switzerland with regards to Threema) might still use their power to intercept that communication. But email offers no such guarantees. It is, by default, not encrypted, so your email service provider can eavesdrop on your emails stored in their service (in fact, this is the gmail business model - as it's for free, your data is the payment). And if your email communication does not use any of the "S" protocols like HTTPS, IMAPS, POPS - note the "S" at the end of each - your email in transit is also not encrypted. For CERN, email between CERN email addresses and emails transiting through CERN's network can be considered reasonably secure. The email service is currently hosted on site and will in the future be transferred to a cloud service contractually bound to privacy, which means that your emails sitting in your inbox are well protected. And email communication uses HTTPS, IMAPS and POPS by default. So, you are fine here, security-wise and privacy-wise. But note that you are less fine when your recipient forwards your email to an external email address or when your recipient is an e-group containing external email addresses.
Therefore, if you regularly receive sensitive emails, make sure that you do not automatically forward them to an external email address (you can check your settings here). This is particularly true if you are CERN staff. Also, if your service receives sensitive emails, make sure that its mailing list contains only CERN email addresses and no external forwards. It's always best to use CERNBox for transferring or sharing sensitive material. CERNBox is hosted at CERN, transfer contents are encrypted, and all data is physically protected by the CERN Data Centre in Meyrin ("Don't let your mail leak"). Be vigilant and help us protect the Organization: don't let forwards spoil your privacy.
