Physical & Digital Security
Emails are extremely vulnerable to privacy violations during their lifetime. Firstly, emails are often archived for many years as users accumulate a large number of emails that are spread in the cloud. Also, security breaches, service provider insiders, deliberate data mining, implementation vulnerabilities, and weak user passwords, are among the factors that lead to most people’s emails being compromised at some point in time. In addition to the vulnerabilities related to senders and related providers, the privacy of an email, as soon as it is sent, depends on the recipient’s providers in the cloud, and on the recipient’s devices and security habits. The recent vulnerability discovered on SSL, the digital security layer of web servers, called HeartBleed, further highlights the challenges faced.
Is it even possible to attain email privacy? The EPRIVO email privacy service combines government-grade digital security (e.g., AES-256 encryption) with the idea of physical security or separation implemented in the cloud.
Physical separation, achieved through third-party email accounts/carriers, storage providers and EPRIVO, is the best type of privacy that exists. Even intuitively, physical separation makes content (and related information) more private than in a shared space with the associated access, regardless of how well the shared space is digitally shielded/protected. In fact, physical separation allows seamless secret-sharing, key management and unique digital security implementations for the authentication of each email. At the same time, it cuts the cord from vulnerabilities associated with any of the involved party’s security policies and their enforcement. Even if one or more of your email passwords get compromised or someone breaks into one of the carriers, the users’ email privacy remains intact. Any email/cloud carrier or storage provider utilized as part of the solution would not have enough information to compromise a user’s privacy, even if broken into (e.g. by hackers or insiders). EPRIVO email does not fully exist anywhere except in users’ devices. EPRIVO does not store email.
EPRIVO also manages privacy in recipients’ devices. Through its cloud service it maintains each email’s privacy as required by the sender, including confidentiality and access rights, as well confidentiality at rest. This idea of sender-controlled email privacy, enforced both in the cloud and recipient devices, and for the entire lifetime of an email, is another pioneering and cornerstone feature of EPRIVO. Special privacy features for sender control include recall/delete, one-time view, time-based expiration, privatized sender and subject lines, and completely privatized metadata.