Missionary Email Security in Sensitive Areas

When doing Christian mission work, it is often necessary to consider the effects of email and the Internet when going into areas with opposition. Much mission work goes on in technologically advanced, developed countries. (That isn’t a good description of where I work, but I did take this picture within about 200 meters of a mobile phone sales booth.) Although I work in a country where I can be open about what I do, some don’t. One brother asked me for advice on email security in his country, which is less friendly than mine to Christians. Here is my answer to him and brothers and sisters like him:

* Be like Jesus. He doesn’t lie, but He doesn’t tell everyone everything, and often uses parables. Choose wisely what you reveal to whom and how.

Don’t say things that attract terrorist attention. Avoid saying things that sound like blasphemy or illegal activities. Avoid using religious key words that a terrorist might look for, or at least be very careful of the context of that use. Keeping the text clear of incendiary comments and personally identifying information and exact locations is a good practice when operating in some areas, but that should never be all that you do. It isn’t enough.

Be anonymous. Don’t get real specific about identifying information of individuals and locations. Maybe a common first name, pseudonym, or initial is enough to talk about a person. Use large geographic units (like “Southeast Asia” or “North Africa”) instead of precise addresses. Use of a specific country name may or may not be OK, depending on the country. Consider carefully what pictures to send, and how to crop or selectively blur them. If someone with murder in his heart intercepted your email and decided that he hated you and what you do, but couldn’t identify or find you or your brothers and sisters, then that email leak did no actual harm.

Use generic email addresses. There should be nothing to capture unwanted attention or reveal too much identity in either the user name part of an email address or in the domain name. There should be nothing incendiary that pops up if you visit http://www.networksolutions.com/whois/index.jsp with the domain name or surf to the corresponding web site. Something like imaketents@gmail.com or languagestudent@yahoo.com is much better than something like Joseph_David_Smith@name-of-disliked-organization-here.org.

* Use link encryption. For most people, that means requiring TLS or SSL connections between their email server and their email client. Some commercial mail clients automatically use link encryption, but they aren’t the cheapest solution, and not as easy to integrate with GnuPG. With standard email clients, like Thunderbird, Outlook Express, Eudora, etc., there is usually a little non-default setup that needs to be done. Link encryption is supported by all good email providers and email programs. If yours doesn’t, get another one that does. You can get free email accounts supporting encryption at gmail.com and other places, and high-quality free email software that supports encryption, so this need not cost money. Exactly how you set it up depends on your ISP and your email program. Thunderbird, in the account settings box, the “SSL” or “TLS” radio buttons should be checked, depending on what your ISP supports. Another option is to use SSH or VPN tunneling instead of or in addition to SSL or TLS, but that most likely requires some expert help to set up. Note that link encryption just protects the privacy of the email from your computer to the server and back, and does nothing to protect it on the server, on your local computer, in transit between the server and your correspondents, or on their computers. That might not seem like it is worth much, until you consider that it probably covers the portion of the email route where the worst threats are.

* Use a mail server in friendly territory, preferably in the country where most of your email correspondents live. There is no guarantee that email between your server and others will not pass through an enemy’s server, but the odds of that happening are lower than if you choose a mail server in a land populated primarily by the kinds of people you would least like reading your email.

* Use secure web mail. Web mail access is great on the road. Make sure the connection is secure, however, with https, not http. Don’t use web mail from untrusted cybercafes and stranger’s computers. Using your own notebook computer at a wireless hotspot is better.

* Use GnuPG where practical. Unfortunately, that isn’t in very many cases, unless you set it up for people… but if you really want to pour your heart out in an email, it may be just the thing if your intended recipient also is set up to handle GnuPG mail. This takes planning ahead, and it probably means having at least one GnuPG expert per working group. Once set up, it is really easy to use, if you use GnuPG with Enigmail and Thunderbird. (If you are using an email solution that doesn’t have OpenPGP integration, you should consider getting another account and email client for this task.) There are some other similar combinations that work, too, but I like Thunderbird + Enigmail + GnuPG, because it works for me on Windows, Linux, and Mac OS, and because it is really easy to use once set up. GnuPG is not a realistic thing to expect all of your partners to use, though.

* Practice safe computing. Enable a firewall. Protect yourself from viruses. Don’t install unnecessary software on your working computer. Don’t leave sensitive information unencrypted on your computer. Sensitive information is anything that would cause you significant concern if your computer was stolen and you were thinking about the thieves looking at it, like maybe bank account information and passwords, personal correspondence, etc. Scan for spyware and viruses regularly. Your email can be perfectly secure, but if you have a keystroke logger reporting your passwords and email contents to someone else, someone else can get it all, anyway.

* Encrypt the email (and other sensitive documents) stored on your disk. The easiest way I have found to do that is to use TrueCrypt (http://www.truecrypt.org) to create an encrypted volume, then install the PortableApps version of Thunderbird in that volume. The encrypted volume can be on a large capacity USB memory stick, if you like. See http://portableapps.com/ for more about portable applications. All of the care protecting the transmission of your email isn’t worth much if your computer (or memory stick) is suddenly stolen, and the data isn’t encrypted. Do this before you need to do it. (In other words, shut the barn door before the cattle stampede across the highway, even if you don’t see the kid with firecrackers hiding in the barn.) Some versions of Microsoft Windows allow you to encrypt certain directories with your login credentials. This feature is easier to use than Truecrypt, but I prefer to use Truecrypt for several practical reasons, including the ability to backup and recover from disk disasters in a more straight-forward manner. (There are other disk encryption programs, but Truecrypt is free, uses sound cryptography, and I know how to use it.)

* Separate your sensitive and non-sensitive data. Make a habit of keeping your sensitive data in an encrypted volume on your computer, and backing it up to an encrypted volume on a memory stick that you keep in a separate place. Most of your non-sensitive data is also probably worth backing up, but you don’t have to keep it encrypted.

* Use good passwords/passphrases. Don’t use things that are easy to guess, things that are in any dictionary, etc. Use first letters of a long phrase. Throw in some special characters. Make it long. Make it easy for you to remember and very hard for others to guess, even if they have automated help guessing. Longer passwords are usually better (as long as you don’t forget them). Even long passwords that you use regularly aren’t all that hard to remember.

* Keep remote backups in a safe place. If you have some really important data, make sure you back it up and store it in a separate place, preferably in another country. If it is sensitive data and you have any doubts about if it will be intercepted in transit or stolen from its destination, encrypt it. Remember the password to decrypt it.

Ask correspondents not to forward or post newsletters. There are things you might like to tell your partners in your home country that might not be appropriate to share with all of your neighbors. One forward to a mailing list with a public list archive that gets indexed by search engines could drastically increase the potential readership of your newsletter.

* Protect home and office networks. Use encryption (WPA or WPA2) on wireless networks. Don’t share more than you intend to via network. Turn off file sharing if you don’t need it. If you do, only share specific directories for specific purposes.

* Be careful what you publish to the world via the Internet. Make sure what you say is appropriate for your current situation, especially if you have a personal web site, blog, or photo-sharing site. Consider carefully how your near neighbors may view what they find out about you on the World-Wide Web. Google finds some amazing things.

*Items marked with an asterisk are good advice for missionaries even if they are not in places where terrorist attacks are likely.