The Apple – FBI tempest got me thinking about email security. (Even though that fight was over device security, not email platform and transmission security.)
Email security has improved over the past couple of years, no doubt in part due to the Snowden – NSA revelations. Many providers of hardware, software, internet infrastructure, and online services have taken steps to implement encryption in general, and to plug the gaps in the chain where encryption was missing. Some, for example, had gaps as they passed email to other mail providers unencrypted, even if they encrypted it while they had it. Encryption while in transmission is the baseline everyone should be working towards.
Anyone with their own mail server can enable TLS (transport layer security) to encrypt email that travels to other servers that use TLS. That encrypts server to server. (If your company has its own email server – ask about it.) Some clients require their law firms to use TLS.
Webmail applications should in addition to using TLS, use https (take a look if you use one) to encrypt communication between your own desktop and their web server. Our IT manager tells me that not all webmail applications use TLS.
While email doesn’t always have total end-user to end-user encryption, it’s a lot better than it used to be, and certainly a lot more seamless to set up and use than email encryption used to be. It used to be said that email was no more secure than a postcard. That’s no longer true.