Email is not secure even if it is encrypted.
There are a couple of noteable sites that have simply shut down and ceased to exist under the cloud of US Government surveillance. These services include Lavabit, Silent Circle and most recently Groklaw.
Lavabit is an encrypted email service that was linked to Edward Snowden and has recenly decided to shutter all services and cease to operate under the threat of being forced to comply with an order to turn over its customer data. The owner of Lavabit, Ladar Levinson released a public statement on the now dead site for lavabit stating that he as been forced to shutdown the service to avoid having “to become complicit in crimes against the American people”. The wording of the statement also allows people to speculate that he is under a pretty far reaching gag order.
Silent Circle is a privacy serivce that supplies encrypted phone, chat and mail services and has just recently shut down it’s encrypted mail service while leaving other methods of encrypted communication running. This is a clear indication that email is inherently not secure by design as it cannot offer end to end encryption. Mail uses a set of protocols like POP, IMAP and SMTP which typically allows too many leaks to guarantee total privacy and the fact that the email is stored on SIlent Circle servers makes the organisation subject to compliance orders from the US government. CEO Michael Janke states that this is not the only reason. He says that due to the level of clientele serviced by Silent Circle and the security levels they operate at he could not allow Silent Mail to continue to risk exposing clients.
The latest to shut down under the PRISM threat is Groklaw, an award winning legal news website run by blogger Pamela Jones. The security of email and the shutdown of Lavabit was the final straw for Jones who went on to say “The owner of Lavabit tells us that he’s stopped using email and if we knew what he knew, we’d stop too, There is no way to do Groklaw without email. Therein lies the conundrum.”
So it is pretty clear that if you have secure information to transmit, email is NOT the way to get it done if US based servers are used at any point in the transfer of email.
Email is known as a store and forward technology where communications are held in proxy on a server until it is picked up by the end users computer. This convenience means that we can manage our own communications on our own schedules. There is no need to set up a time to have both parties online at the same time to transfer information.
It seems that answers to securing email is to never deal with a company that operates under US jurisdiction or to find new technology that fully encrypts ALL of the message.