So last week, a relative commented to me that a solicitor sent a letter in reply to an email. I suggested that it might be because the email reply address was on one of the major free web email providers. “What’s wrong with my webmail?” So I explained…
First of all, as far as I know, no Big Webmail service supports encrypted email (and there are complications in how you’d provide such a thing on webmail anyway) and it can be fairly easy to trick the webmail service into giving access to other people. My relative was sceptical, but within a day, US vice-presidential candidate Sarah Palin’s Yahoo mail was cracked and splashed across the news. (By the way – gov.palin counted as a personal email address? Huh? Her name isn’t “gov”.)
Even without passwords going astray, there’s no telling that the intended recipient is the only person reading the email. Here’s a fun paragraph from the Google Mail Terms:-
“Google maintains and processes your Gmail account and its contents to provide the Gmail service to you and to improve our services. The Gmail service includes relevant advertising and related links based on the IP address, content of messages and other information related to your use of Gmail.” (emphasis added)
The Electronic Privacy Information Center suggests this includes wiretapping.
There’s finally a growing awareness that free webmails are not safe, built on artificial anti-competitive encouragements like “you need a Yahoo!ID to subscribe to this yahoogroup” (no – the old “stick -subscribe after the group name, before the @” still works, just like it did before they bought it from egroups). Internet Psychologist Graham Jones writes:-
“It’s time to review your online security and think about whether you actually need Google and its like at all. Probably not.” (source)
I agree with that. Both of my phone companies (The Phone Co-op agency and 3) include webmail – although I have some personal domains (for long-term contactability), those webmails are fine for lists and short-term use. The sort of thing most people seem to use Big Webmail for.
The other main point in my argument was that free webmails are unreliable, thanks to tactics like Yahoo’s shoddy anti-spam attacks on other mailservers. There’s no telling whether the email will get through such bad behaviour and delivery-receipts are unreliable. I can quite understand why a solicitor won’t send email to the likes of hotmail, even if I think it’s just as probable that the solicitor doesn’t “get” email.
“Oh” said my relative. I think she’s still using Big Webmail though.
Is small mail any better? Do you trust your ISP?
If the mail is confidential, it should be encrypted… If only lawyers were taught about this and offered a public key to be used when emailing them.
Thanks for the comment.
Do you mean snail mail? No, that’s not much better in my opinion. The number of open or part-opened envelopes I’ve received really makes me doubt the safety of the Royal Mail.
I trust my ISP. I own it. So far, it’s taken a reasonably hard but sensible line on privacy and security and I support that. I’ve written before about how well they handle mistakes and problems (check ThePhoneCoop tag below the above post) – it’s like I used to get from the university departmental IT in the 1990s, phoning me when they fix breakages I reported and explaining what broke. It’s a bit more expensive, but so much better than TalkTalk and so on. I rely on it to work from home and stay in touch with my family, so it’s worth it.
You can use encryption with webmail. For instance, FireGPG is a Firefox extension integrating GPG into Gmail (new buttons appear to let you sign and encrypt) and allowing you to encrypt/sign any text in a textarea (can then be used in any webmail as well as forums and such).