The first thing people often think about when they think about security is encryption. Someone really savvy might have heard about end-to-end encryption, which is the gold standard. That means the service or app can’t ever access the data, because they simply don’t hold the keys to decrypt it. You might have read about the legal stand-off between the FBI and Apple on this very issue.
But email was never designed to be end-to-end encrypted, because with email you don’t get to control what app or service the recipient uses. That’s both the curse and the magic of email. It would take changing thousands of email apps, millions of email servers, and nearly fifty years of inertia and established protocols to support end-to-end encryption in an easy, consistent, and guaranteed manner. As you can imagine, that’s not likely to happen.
That’s why none of the attempts to do end-to-end encryption over email have gotten very far or gained much traction. Either they rely on everyone using the same service/app (good luck converting everyone you email with to use the same setup as you!). Or the emails aren’t really emails, but links to a website where the encryption is then applied. Or you use a clunky external tool to encrypt and decrypt the messages (like PGP). This really only works if you’re willing to give up on email as we commonly understand it. If you absolutely must have end-to-end encrypted email, checkout something like ProtonMail. They have our utmost respect for giving it a go!
But HEY takes a different approach. We accept that end-to-end encryption is not a realistic goal for mainstream email service. This means HEY is not a good avenue for certain forms of high-risk exchanges. If you’re working on human-rights issues in oppressive states, national security matters in any state, or otherwise face extremely sophisticated opponents, or if your life in any way depends on the sanctity of your end-to-end encryption, don’t use email. We highly recommend you look into messaging tools like Signal, but also that you generally educate yourself on operational security.
This is what tradespeople call “threat modeling”. Someone trying to protect their email from your garden-variety scammers and spammers have different needs from those protecting themselves from nation states have different needs from those guarding against abusive spouses. Know your threat, and pick your trade offs accordingly.
With that admission and explanation out of the way, let’s talk about what we actually do encrypt at HEY. Because even if you can’t go end-to-end, encryption still plays a vital role in our approach. That’s why we encrypt data in three ways at HEY: At-rest, at-work, and in-transit.
At-rest encryption means that all our databases, files, and other storages of content have their files encrypted when they’re backed up or otherwise sitting idle. If someone was somehow able to get ahold of a backup of the database, it’d be useless, because they wouldn’t have the key to decrypt it.
At-work encryption means that our main database also deals with encrypted data while it’s working. We’re particularly proud of this bit, as this is not a common approach. It means that every content field in our database is encrypted with its own key, which is then encrypted with a master key. This allows us to introspect, service, and operate HEY without having programmers and administrators inadvertently exposed to private data during the course of their work. They see the metadata connecting everything, so they can resolve bugs, improve performance, and perform maintenance, but they don’t see the content of your emails.
Finally, HEY uses the industry standard TLS encryption when sending email to recipients. Email unfortunately does not have a way to require in-transit encryption, if you want to ensure delivery in all cases. But all the major, modern email services support TLS, so you’re overwhelmingly likely to have your emails encrypted in transit when sending from HEY.