This past February a US judge ordered Google, an American based tech company, to honor the search warrants of American law enforcement agencies, requiring the company to hand over data, emails – et cetera – stored on servers located outside the United States. The ruling came in direct contradiction to a previous ruling by a Federal Appeals Court in August of 2016, which upheld a US Circuit court ruling from July 2016 prohibiting the US Government from seizing data stored on servers located outside of US borders.
The principle behind these cases is very simple to understand, does the United States Government have the right to demand businesses in foreign countries hand over their records if that company happens to do business with a US citizen? Are foreign nations forced to abide by the the laws and legal requests of the United States? According to the most recent ruling, as of February 2017, at least according US courts, the answer is technically yes.
What Other “Authority” Does The US Government Have?
Lets use the worlds most popular email service provider as a quick example – Gmail. Quite literally, everything you do on your Gmail account is accessible by Google at any given moment in time. After-all, you are using their service. If the US Government wants to see your account or any of the information on it, then all they have to do is pull up the file of a generic document, insert your name on top of it, print it out and just like that they have a “subpoena” to obtain all your information from Google whenever they want.
Keep in mind that despite how simple of a process this is, it is all groundbreaking stuff too. Believe it or not, it was not until May 2016 that the US government even needed to get a warrant or legal document of any kind to search through all of your emails. Don’t believe me? Read the following link: https://www.congress.gov/bill/114th-congress/house-bill/699
For you international folk out there, the news isn’t much better. The US Government has its own private court known as a FISC court which, historically speaking, blindly grants “99.96%” of all warrant request brought in front of it – but who’s counting right? You can learn more about this court here: http://www.fisc.uscourts.gov/
— Alternative Medi4 (@Alt_Medi4) March 29, 2017
All of the information above shows how easy it is for the US Governments to go about obtaining all your data “legally.” But as I think we are all aware by now, agencies like the NSA or CIA do not necessarily care about US law and have the very real authority to act outside of it – #PatriotAct. To be fair, this does not necessarily mean someone working for the US Government is literally watching/reading every single email you write every minute of the day, but they theoretically could be if/whenever they wanted to. For example, I had my personal Gmail account hacked by the CIA after I leaked them material from an alias Gmail account.
To that very point, early in 2016 Google came out with a press release addressing how “state-sponsored hackers” had breached over 1 million Gmail accounts over the course of that year. This was also not an isolated incident and it is not just Google which has been targeted by these types of cyber breaches. Literally hundreds of millions of Yahoo and Hotmail accounts have also been targeted in the past.
Yahoo says hackers stole personal information in 500 million user accounts https://t.co/iuhXEXcrns
— Yahoo News (@YahooNews) September 22, 2016
So far I have only addressed how easy it is for the US Government and/or law enforcement agenices to access all of your personal accounts, this does not even account for all of the non-Government hackers out there. Remember, in a previous article I explained that at least 95% of all hackers out there are non-Government affiliated. Moreover, Hillary Clinton, the DNC, CIA, John Brenan and John Podesta should all serve as evidence for how easy it is for hackers to access personal email accounts of even some of the most powerful people in society.
There is a reason all of these politicians and military officials are told not to use their own personal or public accounts, none of these services are protected or encrypted! While members of our Government and Armed Forces use their own private versions of encrypted email services that are not open to the public,thankfully, there are a number of free encryption and paid services that are open to the general public.
What are the best encryption services & where can you find them?
This email service provider offers free end to end encryption and hosts its servers in Switzerland, outside of US jurisdiction – theoretically. At no point in time are you asked for any personal information when signing up and you do not need to attach any other emails account or phone numbers in order to register. This service also utilizes 2 factor authentication to log in, preventing hacking attempts. ProtonMail has also partnered with humanitarian organizations around the world, such as Amnesty International, to help fight back against Government surveillance and cyber censorship in developing countries around the world.
On a lighter note, if you are a fan of the Television drama “Mr. Robot” this is Elliot’s email provider of choice on the show.
Sign Up/Create an Account Here: https://protonmail.com/
This is another free encrypted email service that has become quite popular in recent times. In fact, earlier in 2016, Tutanota surpassed 1 million accounts becoming the worlds largest email encryption service provider. In 2017, Tutanota went on to surpass 2 million accounts, furthering the countries rock solid reputation.
What makes Tutanota unique is that the company makes their source code “open source,” meaning that security researches investigate for themselves the level of encryption they are receiving if and when they sign up. For all the n00bs out there, making your source code public record and still not having it hacked proves how good the code really is.
Sign Up/Create an Account Here: https://tutanota.com/
Closed in 2013, this was the email service provider of choice of none other than Edward Snowden himself. At the time LavaBit was the worlds largest email encryption service provider, reportedly encompassing over 400,000 customers, but much like Ghostmail the founder of Lavabit was pressured to close the service after refusing to comply with and hand over customer records to law enforcement agencies.
LavaBit officially went back online in January of 2017 and the only reservations I have about the service today is that the company hosts its servers out of Texas, meaning it is obliged under penalty of law to divulge customer records to the US Government – unlike the other providers listed above.
Sign Up/Create an Account Here: https://lavabit.com/
How to secure your email account, regardless of your service:
First off, even if you are using ProtonMail or Tutanato, if you do not have the proper password to secure your login page, then any level of encryption you use on individual emails is literally pointless. Believe it or not, the majority of hacked accounts come as a result of poor log in credentials/weak passwords, not actually hacks performed on individual emails.
How To Create & Remember Strong Passwords: https://altmedi4.com/2017/07/16/how-to-write-an-un-hackable-password/
Never open a single email from a sender you do not know, or click on any random links you are unfamiliar with. It might seem harmless, but the simple act of opening an email or clicking a link can send the IP Address of your computer to the sender of that email/link. Once a hacker has your IP, they essentially might as well have your computer and everything on it.
Believe it or not, there are even free and public services that allow a person to secretly attach a program to any given email which automatically transmits your IP, the time of day you opened the email and how long you read the email back to its original sender as soon as you click it. Outside of that, the most common form of “trap-link” found on the internet is known as an “IP-logger,” which logs the IP of whichever device you happen to have used to click a hyperlink in that email. Once again, regardless of the legality of it all, it is a really simply process for a hacker to do this and these programs are very easy to find if you know where to look.
Needless to say, always use caution when clicking on links in any email, online chat, message or social media network – especially from people/sources/senders you do not know or have never done business with directly.
Categories: Cyber Security