This past February a US judge ordered Google, an American based tech company, to honor the search warrants of American law enforcement agencies requiring the company to hand over any/all data, emails and the like which the company stores on servers located overseas. The ruling came in direct contradiction to a previous ruling by a Federal Appeals Court in August of 2016, which upheld a US Circuit court ruling from July 2016, prohibiting the US Government from seizing data stored on servers located outside of US borders.
The principle behind this case is very simple to understand, does the United States Government have the right to demand foreign businesses located outside of the United States hand over their records to the United States Government if that company happens to do business with a US citizen? In other words, are foreign nations forced to abide by US law and comply with all US based legal requests? Well, according to the most recent ruling, as of February 2017, at least as far as US courts are concerned, the answer is “yes.”
What Other “Authority” Does The US Government Have?
Lets use the worlds most popular email service provider as a quick example – Gmail. Quite literally, everything you do on your Gmail account is accessible by Google at any given moment in time. After-all, you are using their service. If the US Government ever wants to see your account or any of the information on it, then all they have to do is pull up the file of a generic document, insert your name on top of it, print it out and just like that they magically have a “subpoena” to obtain all of your information from Google.
Despite how simple of a process this is, it is all groundbreaking stuff too. Believe it or not, it was not until May 2016 that the US government even needed to get a warrant or legal document of any kind to search through all of your personal emails. Don’t believe me?
Read More – Email Privacy Act of 2016: https://www.congress.gov/bill/114th-congress/house-bill/699
For you international folk out there, the news isn’t much better. You see, the US Government has its own private court known as a FISC court which, historically speaking, blindly grants “99.96%” of all warrant request brought in front of it – but who’s counting, right?
Read More – What Is A FISC and What Does It Do?: https://bankruptmedia.com/2017/03/29/what-exactly-is-a-fisa-court-and-what-does-it-do/
With that out of the way, all of the information above only goes to show how easy it is for the US Governments to go about obtaining all your data “legally.” But as I think we are all aware by now, agencies like the NSA or CIA do not necessarily care about US law and have the very real authority to act outside of it – #PatriotAct. To be fair, this does not necessarily mean that someone working for the US Government is literally watching/reading every single email you write every minute of the day, but they theoretically could be if/whenever they wanted to.
To that very point, early in 2016 Google came out with a press release addressing how “state-sponsored hackers” had breached over 1 million Gmail accounts over the course of that year. This was also not an isolated incident and it’s not just Google which has been targeted by these types of breaches. Literally hundreds of millions of Yahoo and Hotmail accounts have also been exposed over the years.
Yahoo says hackers stole personal information in 500 million user accounts https://t.co/iuhXEXcrns
— Yahoo News (@YahooNews) September 22, 2016
So far I have only addressed how easy it is for the US Government and/or law enforcement agencies to access all of your personal accounts/information, this does not even account for all of the non-Government organizations or hackers out there. Remember, in a previous article I explained how at least 95% of all hackers around the world are non-Government affiliated. Moreover, Hillary Clinton, the DNC, CIA, John Brennan and John Podesta should all serve as evidence for just how easy it can be for hackers to compromise anyone’s email account if they really want to – even some of the most powerful people in society.
Quite frankly, there is a reason why politicians and members of our Armed Forces are told never to use their own personal or private email accounts, because none of these services are properly protected or encrypted! While members of our Government and Armed Forces use their own private versions of encrypted email services which are NOT open or available to the public sector, thankfully, there are a number of free and paid email encryption services out there open to the general public.
Mailfence is a relatively new or unknown company globally, but I have recently put their services at the top of the list of encrypted email service providers. Mailfence operates their servers out of Belgium, a country internationally renown for having some of the strongest and most resolute privacy laws in the world. Unlike the United States, every surveillance request or request for information inside Belgium, including on Mailfence’s servers, must be legally brought in front of a Belgium judge and proven in court as legitimate. In this way Belgium protects user data and business confidentiality in a way that no other country in the world does.
Sign Up/Create an Account Here: https://mailfence.com
This email service provider offers free end to end encryption and hosts its servers in Switzerland, outside of US jurisdiction – theoretically. When signing up, at no point in time are you asked for any personal information and you do not need to attach any other emails account or phone numbers in order to register. This service also utilizes 2 factor authentication to log in, preventing hacking attempts. ProtonMail has also partnered with humanitarian organizations around the world, such as Amnesty International, in order to help fight back against Government surveillance and cyber censorship in developing countries around the world.
On a lighter note, if you are a fan of the Television drama “Mr. Robot” this is Elliot’s email provider of choice on the show.
Sign Up/Create an Account Here: https://protonmail.com/
This is another free encrypted email service that has become quite popular in recent times. In fact, earlier in 2016 Tutanota officially surpassed 1 million accounts – becoming the worlds largest encrypted email service provider. In 2017, Tutanota then went on to surpass 2 million accounts, furthering the countries rock solid reputation as an industry leader.
What makes Tutanota unique is that the company makes their source code “open source,” meaning that security researches investigate for themselves the level of encryption they are receiving. For all you n00bs out there, making your source code public record and still not having it hacked proves just how good the code really is.
Sign Up/Create an Account Here: https://tutanota.com/
Closed in 2013, this was the email service provider of choice of none other than Edward Snowden himself. At the time of their closing LavaBit was the worlds largest email encryption service provider, reportedly encompassing over 400,000 customers. However, much like Ghostmail, the founder of Lavabit was ultimately pressured to close the service after refusing to comply with and hand over customer records to international law enforcement agencies.
LavaBit officially went back online in January of 2017 and the only reservations I have about the service today is that the company hosts its servers out of Texas, meaning it is obliged under penalty of law to divulge customer records to the US Government – unlike the other providers listed above.
Sign Up/Create an Account Here: https://lavabit.com/
How to secure your email account, regardless of your service:
First off, even if you are using an encrypted email account, if you do not have a proper or strong enough password to secure your login, then no level of encryption on individual messages will ever keep your account safe. It is a statistical fact that more people are hacked as a result of weak passwords than any other single factor. If you don’t know how to write a strong password or what one looks like, you are invited to read my password generation tutorial below.
How To Write & Remember Strong Passwords: https://bankruptmedia.com/2017/07/16/how-to-write-an-un-hackable-password/
NEVER open a single email from a sender you do not know, or click on any random links inside of an email you are unfamiliar with. It might seem harmless, but the simple act of opening an email or clicking a link can transmit the IP Address of the computer you are using straight to the sender of that email/link, or open hidden pieces of Malware. If you would like to learn more about better email security practices, I have also drafted a seperate security tutorial specifically on that subject.
Learn More – How To Practice Better Email Security Strategies: https://bankruptmedia.com/2017/09/19/learning-better-email-security-practices/
Categories: Cyber Security