back to article US government updates secure email guide for first time in a decade

The US government's technology agency has updated its secure email guide for the first time in a decade and put it out for a month of public comment. The National Institute of Standards and Technology (NIST) guide [PDF] is 81 pages long and provides a surprisingly useful rundown on what to do to get your email secure. Its top …

  1. Anonymous Coward
    Anonymous Coward

    1. Don't use servers based in US, or owned by a US company anywhere.

  2. Herby
    Joke

    Copy requested...

    Please send to hillary@clitonemail.com

    Maybe not so much of a joke!!

    1. Martin Summers Silver badge

      Re: Copy requested...

      How very rude! I don't think you're going to get Hillary on that particular address,something quite different possibly.

      1. Adam 1

        Re: Copy requested...

        Herby's?

  3. Mark 85 Silver badge

    So this agency is coming out and encouraging encryption? I'm shocked that the FBI hasn't been by to persuade them to the FBI line of thought. We really need a scorecard for this... some agencies for better encryption and some not. Although with all the election rhetoric, it'll come down to Congress listening to the fear mongers as usual.

  4. energystar

    NIST is also in the right track.

    Congratulations :)

  5. Anonymous Coward
    Anonymous Coward

    Updated Secure e-mail Guide:

    Don't use e-mail.

    Send you communications by Carrier Pigeon instead.

    1. allthecoolshortnamesweretaken

      Re: Updated Secure e-mail Guide:

      Carrier pigeons are very easy to intercept.

      1. tfewster Silver badge

        Re: Updated Secure e-mail Guide:

        Oh no they aren't!

        https://www.youtube.com/watch?v=sj6-LG5VpGk

        AND there's a standard

        https://www.ietf.org/rfc/rfc1149.txt

      2. This post has been deleted by its author

        1. brotherelf

          Re: Updated Secure e-mail Guide:

          Or steganographic pigeons, hidden in meat pies! Scrambled and hidden, I hear the brits deployed a similar equine-based system a while back.

  6. cantankerous swineherd Silver badge

    just seen the words secure and email in the same sentence.

    1. a_yank_lurker Silver badge

      Oxymoron

      Secure email is the league of oxymorons like military intelligence.

      1. Velv
        Big Brother

        Re: Oxymoron

        the old comparison being "Military intelligence is to intelligence what military music is to music"

  7. John Smith 19 Gold badge
    Unhappy

    As always in IT "It depends"

    Are you running the system for you staff, or to email outsiders? Relevant if you're LM or Boeing or BP. Small companies on one site, not so much.

    Do you management think keeping all email (not just their personal ones) private is important?

    Will management invest if they find the current system can't do the job?

    Are there products and services you can trust to do the job (and afford) that you can buy if the current system can't cut it?

  8. Version 1.0 Silver badge

    Secure email

    Securing the mail server isn't that hard if you are willing to make an effort - it's securing the users that's the real problem - serious security tends to make life harder for your users and, while they will usually not devote much effort to following recommended security procedures, they are often wiling to devote quite a bit of effort to work around them.

    And the NSA adds in a footnote, whatever you do, don't use an iPhone - even the FBI can break into those.

    1. Anonymous Coward
      Meh

      Re: Secure email

      "And the NSA adds in a footnote, whatever you do, don't use an iPhone - even the FBI can break into those."

      "don't use an iPhone, running on old hardware using an out of date OS - even the FBI can break into those."

  9. All names Taken
    Facepalm

    The best of it is?

    That here in the UK central guvmint, local guvmint, voluntary sector, ... organisations tell you that your data are confidential.

    Then say "Can we email you that (confidential) report."

    Or even worse still?

    "Yeh, I'll scan it and send it to main office/sub-office/partner/ ... by email attachment.

    If asked do they use encryption

    "What's that? Oh password protected - no we can't send or receive any password protected emails - policy innit"

    Sort of undermines Private & Confidential stamp that they put on things no?

    Or is it just me?

    PS: my insurance agency at least makes the attempt to password protect documents that I give permission to be sent by email attachments.

    1. Anonymous Coward
      Anonymous Coward

      Re: The best of it is?

      Oh password protected - no we can't send or receive any password protected emails - policy data protection innit

  10. Anonymous Coward
    Holmes

    ISTNay Encryptionay!!!

    ...that or just use AOL and Yahoo! email if you're a lowly functionary like the Chief of the CIA or the Director of National "Intelligence". HEY! Standards are meant to be broken. Just like encryption. At Night. Mostly.

  11. jake Silver badge

    Whatever.

    My take on the subject:

    "Don't use email for anything you wouldn't shout from the rooftops!"

  12. Anonymous Coward
    Go

    Or....

    ...move to as many of people to Protonmail and stick to fingers up at the US government.

  13. amanfromMars 1 Silver badge

    Catch 42

    Security systems and secretive societies have as a much, if not even more of a problem and/or opportunity, with emails to and/or about them, and to myriad others, which are not encrypted and which carry in plain sight text, information and intelligence which vulnerable and compromisable parties would rather not become widespread general knowledge.

    The fact is compounded and strengthened by such vulnerable, compromisable parties, in ways which can be suddenly catastrophic to those parties, if they choose not to engage in a spirit of mutual advantage with such intelligence in state or non state actors, for that non action is an open invitation for information to flow directly elsewhere to what might be considered opposition and competition, where it can surely be used to initial contacts’ great disadvantage.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021