So how would encrypting the contents of your email work?
The most popular method of email encryption is PGP, which stands for “Pretty Good Privacy.” It is not free. It is a product of the Symantec Corporation. But its creator, Phil Zimmermann, also authored an open-source version, OpenPGP, which is free. And a third option, GPG (GNU Privacy Guard), created by Werner Koch, is also free. The good news is that all three are interoperational. That means that no matter which version of PGP you use, the basic functions are the same.
When Edward Snowden first decided to disclose the sensitive data he’d copied from the NSA, he needed the assistance of like-minded people scattered around the world. Privacy advocate and filmmaker Laura Poitras had recently finished a documentary about the lives of whistle-blowers. Snowden wanted to establish an encrypted exchange with Poitras, except only a few people knew her public key.
Snowden reached out to Micah Lee of the Electronic Frontier Foundation. Lee’s public key was available online and, according to the account published on the Intercept, he had Poitras’s public key. Lee checked to see if Poitras would permit him to share it. She would.
ABOUT THE AUTHOR
Kevin Mitnick (@kevinmitnick) is a security consultant, public speaker, and former hacker. The company he founded, Mitnick Security Consulting LLC, has clients that include dozens of the Fortune 500 and world governments. He is the author of Ghost in the Wires, The Art of Intrusion, and The Art of Deception.
Given the importance of the secrets they were about to share, Snowden and Poitras could not use their regular e‑mail addresses. Why not? Their personal email accounts contained unique associations—such as specific interests, lists of contacts—that could identify each of them. Instead Snowden and Poitras decided to create new email addresses.
How would they know each other’s new email addresses? In other words, if both parties were totally anonymous, how would they know who was who and whom they could trust? How could Snowden, for example, rule out the possibility that the NSA or someone else wasn’t posing as Poitras’s new email account? Public keys are long, so you can’t just pick up a secure phone and read out the characters to the other person. You need a secure email exchange.
By enlisting Lee once again, both Snowden and Poitras could anchor their trust in someone when setting up their new and anonymous email accounts. Poitras first shared her new public key with Lee. Lee did not use the actual key but instead a 40-character abbreviation (or a fingerprint) of Poitras’s public key. This he posted to a public site—Twitter.
Sometimes in order to become invisible you have to use the visible."
'via Blog this'