Monday, September 9, 2013

Does PSMail keep my metadata private?

Does PSMail keep my metadata private?

Recent revelations about email metadata (like in this Forbes article) have highlighted the importance of metadata for any discussion about email security. They’ve also raised a very troubling question: can email ever be really secure?

The answer, for PSMail customers, is “yes.” To explain, let’s first take a look at the basics: What is metadata?

In the context of email traffic, metadata refers to the to/from information in an email. It contains the who, the when, and (sometimes) the where of an email exchange. While this limited information might seem trivial, there are a variety of ways that metadata information can be used to betray the privacy of a trusted email exchange. For example, a person’s social network/associations can be analyzed using this metadata information, giving someone a clear picture of who a user communicates with and the frequency of this communication. (The example image given here is from MIT’s software Immersion.)

So, “How can this metadata information be gathered?” There are several ways some can gather email metadata information (listed here from easiest to most difficult):

1.     Sniffing the network communications wire and collect all unencrypted data (or decrypt data if the encryption is weak and exploitable).
2.     Collecting log information from the email service providers.
3.     Installing software on all users’ computers that sends metadata information to a central location.

While it is true that the Forbes article and those like it have identified a significant problem with email security, there are several ways that PSMail has avoided the article’s pessimistic conclusion:

1. Metadata is protected in transit using TLS (Transport Layer Security) and VPN (Virtual Private Networks)

PSMail has been using this approach for over 10 years. We provide TLS security during all network communications and opportunistic TLS when reaching other email providers (if they support such a service; for more information click here). This strategy helps to keep email communications on our network – including their metadata! – safe and secure.*

2. Log and contextual data about PSMail users is kept isolated and is released only under applicable laws.

PSMail takes a very cautious approach with all information relating to your email communications. This information is kept in safe, secure storage, ensuring that not only are your emails kept private, but the metadata surrounding them as well.

PSMail exists to keep your email communication private and safe; it’s what we do! That’s why we go the extra mile to protect all the information related to the emails you send and the emails you receive. If there’s a security weakness with your email, it is unlikely to be found with us. Take note, however, that PSMail cannot account for the security of your external contact, an outside service provider, or your own neglect of our recommended email safety practices. No matter how secure PSMail makes your data, take care who else you are sharing information with and through what provider.

* While encrypted communications can be decrypted using large super computers and by taking advantage of vulnerabilities in the vendor implementation of these protocols, the task requires dedicated attention and resources. These expenditures will only be deployed in cases where additional information (outside the email in question) justifies such a through investigation.

No comments:

Post a Comment