This past February a US judge ordered Microsoft, an American based tech company, to honor the search warrants of American law enforcement agencies requiring the company to hand over any/all data, emails and the like which the company stores on servers located overseas. The ruling came in direct contradiction to a previous ruling from a Federal Appeals Court in August of 2016, which upheld a US Circuit court ruling from July 2016, prohibiting the US Government from seizing data stored on servers located outside of US borders.
The principle behind this case is very simple to understand, does the United States Government have the right to demand foreign businesses located outside of the United States hand over their records to the United States Government if that company happens to do business with a US citizen? In other words, are foreign nations forced to abide by US law and comply with all US based legal requests? Well, according to the most recent ruling, as of February 2017, at least as far as US courts are concerned, the answer is “yes.”
What Other “Authority” Does The US Government Have?
Let’s use the world’s most popular email service provider as a quick example – Gmail. Quite literally, everything you do on your Gmail account is accessible by Google at any given moment in time. After-all, you are using their service. If the US Government ever wants to see your account or any of the information on it, then all they have to do is pull up the file of a generic document, insert your name on top of it, print it out and just like that they magically have a “subpoena” to obtain all of your information from Google.
Despite how simple of a process this is, it is all groundbreaking stuff too. Believe it or not, it was not until May 2016 that the US government even needed to get a warrant or legal document of any kind to search through all of your personal emails. Don’t believe me?
Read More – Email Privacy Act of 2016: https://www.congress.gov/bill/114th-congress/house-bill/699
For you international folk out there, the news isn’t much better. You see, the US Government has its own private court known as a FISC court which, historically speaking, blindly grants “99.96%” of all warrant request brought in front of it – but who’s counting, right?
With that out of the way, all of the information above only goes to show how easy it is for the US Governments to go about obtaining all your data “legally.” But as I think we are all aware by now, agencies like the NSA or CIA do not necessarily care about US law and have the very real authority to act outside of it – #PatriotAct. To be fair, this does not necessarily mean that someone working for the US Government is literally watching/reading every single email you write every minute of the day, but they theoretically could be if/whenever they wanted to.
To that very point, early in 2016 Google came out with a press release addressing how “state-sponsored hackers” had breached over 1 million Gmail accounts over the course of that year. This was also not an isolated incident and it’s not just Google which has been targeted by these types of breaches. Literally hundreds of millions of Yahoo and Hotmail accounts have also been exposed over the years.
Read More – 3 Billion Yahoo User Accounts Hacked, Including 500 Million Email Addresses: http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html
So far I have only addressed how easy it is for the US Government and/or law enforcement agencies to access all of your personal accounts/information, this does not even account for all of the non-Government organizations or hackers out there or oppressive regimes located in countries all over the world. In fact, I am willing to bet that at least 95% of all hackers worldwide are non-Government affiliated. Moreover, Hillary Clinton, the DNC, CIA, John Brennan and John Podesta should all serve as evidence for just how easy it can be for hackers to compromise anyone’s email account if they really want to – even some of the most powerful people in society.
Quite frankly, there is a reason why politicians and members of the Armed Forces are told never to use their own personal or private email accounts, because none of these services are properly protected or encrypted! While members of the Government and Armed Forces use their own private versions of encrypted email services which are NOT open or available to the public sector, thankfully, there are a number of free and paid email encryption services out there open to the general public.
Mailfence is a relatively new company globally, but one which I have already placed at the top of all encrypted email service providers. Mailfence operates their servers out of Belgium, a country internationally renown for having some of the strongest and most resolute privacy laws in the world. Unlike the United States, every surveillance request or request for information inside Belgium, including on Mailfence’s servers, must be legally brought in front of a Belgium judge and proven in court as legitimate. In this way Belgium protects user data and business confidentiality in a way that no other country in the world does.
Sign Up/Create an Account Here: https://mailfence.com
This email service provider offers free end to end encryption and hosts its servers in Switzerland, outside of US jurisdiction – theoretically. When signing up, at no point in time are you asked for any personal information and you do not need to attach any other emails account or phone numbers in order to register. This service also utilizes 2-factor authentication to log in, preventing hacking attempts. ProtonMail has also partnered with humanitarian organizations around the world, such as Amnesty International, in order to help fight back against Government surveillance and cyber censorship in developing countries around the world.
On a lighter note, if you are a fan of the Television drama “Mr. Robot” this is Elliot’s email provider of choice on the show.
Sign Up/Create an Account Here: https://protonmail.com/
This is another free encrypted email service that has become quite popular in recent times. In fact, earlier in 2016 Tutanota officially surpassed 1 million accounts – becoming the world’s largest encrypted email service provider. In 2017, Tutanota then went on to surpass 2 million accounts, furthering the countries rock solid reputation as an industry leader.
What makes Tutanota unique is that the company makes their source code “open source,” meaning that security researches investigate for themselves the level of encryption they are receiving. For all you n00bs out there, making your source code public record and still not having it hacked proves just how good the code really is.
Sign Up/Create an Account Here: https://tutanota.com/
Categories: Cyber Security