Email Privacy, Security and Runbox

In recent weeks (for some reason) we have seen an increase in demand for information about whether Runbox collaborates with any government law enforcement agencies when it comes to the email sent and received by our members.  We have also had numerous enquiries asking what we do to ensure the privacy of email sent and received by Runbox members.

It seems like a good time to review what Runbox does and doesn’t do.

Monitoring by Law Enforcement & Security Agencies

Runbox is not involved in any routine exchange of members’ data with anyone.

All email data is stored in a secure facility in Norway and access to the data center is very strictly controlled.

Casual requests for information about Runbox members and their email are categorically rejected.  More formal requests are always directed to the Norwegian court system.  Only if a valid Norwegian court order is received, and the proper procedures have been followed, will the request be considered. At that point it will be referred to our legal representatives.

We adhere to our own strict Terms of Service as well as Norwegian laws and regulations, and if we become aware of activity that is contrary to those we will take appropriate action.

Details of laws and regulations as they apply to Runbox can be found on our Email Privacy and Offshore Email page.

Email Privacy and Security

In recent weeks certain claims have been made that email can be intercepted by government agencies as it crosses international borders. Regardless of any truth or otherwise in these claims, the security of email transfer is essential.

It is important to distinguish between three points of security.

  1. Security of the connection between you and the Runbox email service.
  2. Security of the connection used between the Runbox email service and other email services.
  3. Securing the content of your email in addition to 1 and 2 above.

In the case of the first point Runbox provides the facility for email to be encrypted during transmission to and from our members. All that the member needs to do is use our server with the appropriate settings.

On the second point, we employ encryption techniques when sending to and receiving from other email services. However, this is only available if the other service also offers this facility.  If it doesn’t then we have to use an unsecured connection.

The third point is entirely under user control.  If a message’s content is encrypted before sending or receiving through Runbox, then whether it is transmitted securely or not is much less important because only the sender and recipient will be able to decrypt the message and read it.

Runbox is planning to provide a method of allowing members to encrypt and decrypt messages using PGP (Pretty Good Privacy) within the Runbox Webmail.

The best way to encrypt messages with your Runbox account today is to use the Thunderbird email client with the Enigmail Open PGP add-on.

For more information about email security see our page on Secure Transfer of Email.

Continue Reading →

Regarding concerns over US surveillance legislation

There are some who are concerned about US authorities’ ability to monitor their citizens’ data. According to the EU report “Fighting cyber crime and protecting privacy in the cloud” (PDF, 1.3 MB), a little known piece of legislation could give US authorities the right to access foreign users’ data stored in the US as well.

Data stored outside the US, for instance in Norway where all the Runbox email servers are located, is not affected by this legislation.

If you have any concerns about the privacy of your Runbox email, please see our Privacy Policy and our article Email Privacy and Offshore Email.

Continue Reading →

Regarding usage of Google Analytics

Recently the Norwegian Data Protection Authority concluded that usage of Google Analytics might be illegal in Norway.

As Runbox is based in and operates from Norway, a number of our users has expressed concerns regarding whether Runbox does use Google Analytics and how.

Runbox users do not need to worry. We have stopped using any type of Analytics and you can read about it here.

Runbox does indeed use Google Analytics on public pages, such as to gain statistical information about where visitors come from, how much time they spend reading various public pages, e.g. about our pricing plans etc. However, Runbox does not use Google Analytics on logged-in pages.

Norway gives strong protection to personal data and Runbox has a strict privacy policy. Runbox does not allow third parties to access your information. Therefore, once a user reached the pages which require authentication, neither Google Analytics nor any other third party service is allowed to monitor their activity, as theoretically such third party could obtain information about user’s private information, such as their contacts and email contents. At Runbox we guard users’ privacy and such leak of information would be non-acceptable.

Continue Reading →

Google chief fears for Generation Facebook

In an article, Google chief Eric Schmidt expresses concerns over the amount of personal data people publish online without considering the possible privacy implications.

Personal data will increasingly become a monetizing commodity among the social network and search engine services, while privacy and protection from data exploitation will diminish until its true value is appreciated.

While social network services bring functionality that allow people to connect in new and unexpected ways, email is inherently private and personal to the sender and recipient, as long as that privacy is enforced with a balanced policy.

Continue Reading →