Sep 10, 2013

Considering Your Email Encryption Options: Software Vs Service

If email encryption is such a great idea, why don't more people use it? Since you found this web page, I can assume that you are in the market for an email encryption software product, and that you've been looking closely at the various solutions out there. What I would like to do here is tell you how our product, PDF Postman, may fit into your email encryption strategy. We recognize that not everyone is a perfect fit for PDF Postman. By discussing the product's strengths and weaknesses, we hope to inform you about whether this product is the best fit for your needs.

PDF Postman's Email Encryption buttons displayed in Outlook 2013 toolbar.
PDF Postman Encrypt buttons in Outlook 2013.
PDF Postman is an add-on for Microsoft Outlook. It integrates tightly into Outlook's menu system. The goal of PDF Postman is to provide a method of communication that is both secure and practical for the sender and the receiver.

First off, if you are spy or a reporter trying to thwart NSA surveillance, then PDF Postman is probably not a very good answer for you.  PDF Postman is a symmetric key or password encryption system. Password systems tend to be easier to use for both the send and recipient. The same password is used to send and open a message.  The parties need to agree on a password, an exchange that is typically done in person or over the telephone.  This key exchange requirement introduces the possibility that the password may be intercepted. In the case of the U.S. Government's NSA, intercepting a password that is spoken over the telephone would be a very simple matter.  If you are Glenn Greenwald, reporter for The Guardian newspaper, who has attracted the attention of the NSA by publishing Edward Snowden's leaked documents, we would not recommend PDF Postman for you.

For extreme situations where the highest degree of privacy is required between sender and receiver, both parties will need to take the time to implement public key encryption software, such as the open source Gnu Privacy Guard (GPG), an excellent piece of open source work, but very difficult to implement. In a public key system, each person has a public key that they can share with anyone.

This public key is used by others who want to send you an encrypted message.  A corresponding mathematically related private key is then used by the recipient to decrypt the message.  Public key encryption works on the premise that some mathematical equations are easy to solve, but difficult to undo. The private key lets you undo the encryption that was accomplished with the related public key.  For small office professionals, and especially for their customers, implementing GPG is probably not a practical option because of the complexity of the software.

Another option available for secure email communication is to use an intermediary service, such as  Lockbin also includes an add-on for Microsoft Outlook.  Again, if you've attracted the attention of the NSA, using an intermediary service is the best option for you, since U.S. court orders can influence the operators.  To Lockbin's credit, the company has begun publishing a transparency report on their blog each month. If they stop publishing the report, you can assume that they have received a gag order.

While intermediary services like Lockbin can simplify the processes of communicating securely between sender and receiver, the trade off is the potential for man-in-the-middle interception of the communication. Again, for most businesses and individuals, intermediaries provide an easy way to communicate securely without the difficulty of implementing managing your own hardware and software.

PDF Postman is used most frequently by smaller office professionals, where there is a high degree of trust between the sender and receiver.  PDF Postman works best on a uni-directional flow of protected information, from the professional to the recipient as a convenience.  Normally, the information being conveyed is a report of some sort, and a bi-directional flow information is not critical.

The benefit to the recipient is an instant understanding of the password concept (everyone uses passwords daily, and knows that they need to be kept private). A secondary benefit is the ease of decoding a PDF Postman message;  usually no additional software needs to be installed on a computer or device because of the popularity of the PDF platform.

What PDF Postman accomplishes for the sender is not very different than if the sender wrote his email in Microsoft Word, saved it as a PDF file, encrypted the PDF file, attached it to a new email message and created a short dummy message with instructions for the recipient.  The convenience of PDF Postman is that it accomplishes all of these steps in single click and manages the passwords, improving the efficiency of the sender.  Passwords can be stored in PDF Postman's database and recalled the next time a message is sent to the recipient.

To summarize, PDF Postman is best used in environments where:

  • There is a high degree of trust between sender and recipient
  • The recipient has a limited technical support ability
  • Bi-directional communication is not required
  • A low technical burden must be placed on the recipient
  • Cross platform and multi-device operations need to be accommodated
PDF Postman can also be used alongside other email encryption systems.  One client of PDF Postman is a department within a large U.S. bank that manages wealth for high net worth individuals.  The bank uses PGP, but PDF Postman is also installed to assist the bankers in communicating reports back to customers who are not technically savvy enough to implement a public key infrastructure.


If PDF Postman is a good fit for your needs, download a free trial. The best way to find out if it's right for you is to use it free for 15 days in your office environment. 

No comments:

Post a Comment