In recent weeks (for some reason) we have seen an increase in demand for information about whether Runbox collaborates with any government law enforcement agencies when it comes to the email sent and received by our members. We have also had numerous enquiries asking what we do to ensure the privacy of email sent and received by Runbox members.
It seems like a good time to review what Runbox does and doesn’t do.
Monitoring by Law Enforcement & Security Agencies
Runbox is not involved in any routine exchange of members’ data with anyone.
All email data is stored in a secure facility in Norway and access to the data center is very strictly controlled.
Casual requests for information about Runbox members and their email are categorically rejected. More formal requests are always directed to the Norwegian court system. Only if a valid Norwegian court order is received, and the proper procedures have been followed, will the request be considered. At that point it will be referred to our legal representatives.
We adhere to our own strict Terms of Service as well as Norwegian laws and regulations, and if we become aware of activity that is contrary to those we will take appropriate action.
Details of laws and regulations as they apply to Runbox can be found on our Email Privacy and Offshore Email page.
Email Privacy and Security
In recent weeks certain claims have been made that email can be intercepted by government agencies as it crosses international borders. Regardless of any truth or otherwise in these claims, the security of email transfer is essential.
It is important to distinguish between three points of security.
- Security of the connection between you and the Runbox email service.
- Security of the connection used between the Runbox email service and other email services.
- Securing the content of your email in addition to 1 and 2 above.
In the case of the first point Runbox provides the facility for email to be encrypted during transmission to and from our members. All that the member needs to do is use our server secure.runbox.com with the appropriate settings.
On the second point, we employ encryption techniques when sending to and receiving from other email services. However, this is only available if the other service also offers this facility. If it doesn’t then we have to use an unsecured connection.
The third point is entirely under user control. If a message’s content is encrypted before sending or receiving through Runbox, then whether it is transmitted securely or not is much less important because only the sender and recipient will be able to decrypt the message and read it.
Runbox is planning to provide a method of allowing members to encrypt and decrypt messages using PGP (Pretty Good Privacy) within the Runbox Webmail.
The best way to encrypt messages with your Runbox account today is to use the Thunderbird email client with the Enigmail Open PGP add-on.
For more information about email security see our page on Secure Transfer of Email.
Continue Reading →
When a web browser connects to a website protected with SSL or TLS (indicated by a padlock icon in the browser) it receives the public key from the server, which is then used to encrypt the subsequent communication. The data can only be decrypted using the private key, which resides on the server.