Email, much like the old-fashioned postal mail that it's all but displaced, isn't a secure way to communicate. For both paper and electronic mail, messages make many stops en route from sender to recipient, and each point in that journey represents another opportunity for someone to intercept a message and make off with any sensitive information it might contain. Indeed, in many ways it's easier to misappropriate an email than the dead tree-variety, and to do so without the knowledge of either party.
Simply put, to communicate securely over email, messages must be encrypted. But doing so typically requires special infrastructure, setup procedures and software—in short, a general level of expertise, effort and expense that puts it out of the reach of most professionals and small businesses.
Enlocked aims to make secure communication via encrypted email almost as simple and cost-effective as using ordinary email, and for the most part, it hits the mark.
Getting Started with Enlocked
First, set up an account (which is free) on the Enlocked website. Enlocked supports OpenID authentication, though, so if you use one of the four major Web-based email providers—AOL, Gmail, Yahoo or Microsoft's Hotmail/Live Mail/Outlook.com (or whatever they decide to rename it next) logging into one of those services also automatically creates your Enlocked account and logs you into it.
Figure 1: Installing the Enlocked plug-in for Outlook or your Web browser adds a "Send Secure" button to your message compose interface.
Once Enlocked knows who you are, downloading the appropriate plug-in for your mail client or Web browser lets you compose an email just as you normally would, but it adds a "Send Secure" button to your compose message interface. Enlocked provides plug-ins for Outlook 2007/2010 as well as Internet Explorer, Chrome, Firefox and Safari; plug-ins for Mozilla Thunderbird and Apple's Mac OS X mail program are currently under development.
If you use a mail client or provider other than the ones listed above—or you're just not in the position to install the plug-in/app on the computer you're using—you can use Enlocked's own Enlocked Anywhere browser-based app.
When you send a message securely via Enlocked, it arrives at the recipient's inbox with an introduction, which you can customize when you send your message, explaining that the message is secure and can be read by visiting Enlocked's website or downloading one of the aforementioned plug-ins. The actual message contents are contained within an encrypted attachment. If recipient already has an Enlocked plug-in, it automatically decrypts the message contents.
Enlocked provides (free) apps for mobile devices as well. Android and iOS are currently available, and the company is also working on an app for BlackBerry. All Enlocked plug-ins and apps can be found here.
How Enlocked Secure Email Works
When you click that "Send Secured" button, the outgoing message gets transferred to Enlocked servers to be encrypted (the message is transmitted via a secure SSL connection and then encrypted using PGP), then Enlocked puts the encrypted message back into your email account's outbox for delivery.
Figure 2: When someone receives an Enlocked message for the first time, an introductory message instructs them how to access and decrypt the contents.
It's worth noting that because Enlocked encrypts messages on its own computers rather than on the sender's computer, it doesn't provide the end-to-end encryption (i.e. information is encrypted before leaving its point of origin) that you get with some—usually more complicated-- mail encryption products and services.
Alas, this is the price to be paid for Enlocked's comparative ease of setup and use. Although lack of end-to-end encryption may be a problem if you're bound by certain governmental privacy regulations or you're conducting, um, clandestine operations for the CIA, for most users, Enlocked's level of security should be more than sufficient.
Note that even though messages are not encrypted en route to Enlocked, they are still transmitted over an encrypted connection (SSL). The company says it doesn't retain any messages, and that it discards them as soon as they're encrypted.
Incidentally, maximum message size is limited to 10MB, which is less than what most email providers impose (usually 25 MB). Although 10 MB is probably sufficient for most people most of the time, it's not hard to envision lengthy legal or financial documents that could weigh in somewhat larger. Enlocked says it's open to increasing the message size based on customer feedback.