Archive for June 3, 2013

Is anybody surprised that Gmail Vault permanently stores drafts of email?

Posted: June 3, 2013 by IntentionalPrivacy in Privacy
Tags: , , ,

I read an article at SC magazine yesterday about how Gmail Vault saves every draft of every email–as well as versions of drafts–timestamped, sent or unsent, from a Gmail account that uses Vault. Vault is an email storage service that costs $5/month for organizations that use Google Apps.

If the organization that you work for uses Gmail for their email server, then they could have access to every email in Vault without even having to ask for your credentials. Note: this doesn’t mean that your organization will access your email, or even that it’s legal, but they could have access if they wanted it.

What does this mean to you?

  1. Don’t assume you have privacy in organizational email. You really don’t.
  2. Don’t assume your personal email is private, unless you use some kind of encrypted email program. Think of any information sent in email as being sent on a postcard.
  3. Don’t send personal email from your organization’s email, even those pictures of cute kittens.
  4. Don’t receive personal email to your organization’s email. Not only is it unprofessional, but do you want your boss to have the possibility of knowing … about family, medical, or financial issues? (Or see those pictures of cute kittens?)
  5. If you need to start an email that you’re not sure you want to send, write it out on paper. That can be shredded and will be difficult to reconstruct.

That article brings up another question: How can you encrypt personal  email? There are some alternatives to investigate to see if one of them will work for your situation. Here are some providers of free, secured email:

  • A Canadian company called Hushmail offers free encrypted email. You can see what they offer at https://www.hushmail.com/. But anyone you send Hushmail to has to have a public encryption key or also sign up with Hushmail.
  • S-Mail is an Irish company; their email encryption service is also free. You can investigate them further at http://s-mail.com/
  • Comodo SecureEmail also has a version that’s free for personal use, which works with Windows. Comodo is an international company with a US headquarters based in Clifton, NJ. Their product is explained here http://www.comodo.com/home/email-security/secure-email.php

I’m going to test drive each of them and report back on ease of use.

http://www.scmagazine.com.au/News/344955,google-vault-saves-every-gmail-draft-youve-ever-written.aspx