Anything less would be folly, there are so many hops where people could be listening in on your data (starting with the cable that runs from your keyboard to your computer) that even an email sent to your 'drafts' box on your own IMAP server is probably not secure. Unless you own the co-location facility and all the infrastructure between where you sit and where you store the mail.
The whole security thing to me is a matter of economics. I assume that any data that is not worth reading is collected and that anything that is worth more than it would cost to collect and read is read.
Maybe that's a paranoid view of the state of affairs but at least I won't be surprised or disappointed. My main bulwark against wholesale exposure of the contents of my inbox is a 'Rob'. Rob is a veteran sysadmin who configured and set up my machine and I trust him (I have to, since he has access).
Rob is secure in the sense that he's an honorable person, and that I believe that there is no offer that could be made that would make him break our bond of trust. So short of blackmailing Rob (which is hard, and I would definitely forgive him if that were to happen) my stored email is reasonably secure, but any email in transit is fair game and will probably be caught somewhere along the line and I treat all email that I send and receive as public as a consequence of that.
Van Eck phreaking. Optical Time-Domain Eavesdropping . Zero-Day exploits on operating systems, browsers, etc. Built-in vulnerabilities to processors. Backdoors in encryption algorithms. Acoustic Keyboard analysis . Laser Audio detection . Hard drive recovery. DRAM recovery. 
If I wanted to send (very) secure email, I think I would want a Kindle-like device, with an ePaper display, no physical keyboard just a touchscreen, no bluetooth or wifi or 3G or microphone - just a single USB port. I'd install the software I want on it, and then I'd physically destroy the USB port. I'd want 4 AA batteries, no recharge port. I guess it would need a camera, as well. And it would have its own Faraday cage. And a built-in, non-electronic method that slags the RAM and storage with acid; possibly by pulling a pin out. I'd wipe the screen clean, every time I used it.
How do I get data out of it? I drop data into a QR code sending system. It would generate one full-screen QR-code like image every second or so. On another computer, I'd have a camera that I'd show the device to, and it would read the QR codes, and reconstruct the data. I can reverse the process to send data to it. Show it my computer screen, and it decodes the QR codes to a data file.
And if I personally wanted to increase the security, I would buy three completely different hardware random generators, XOR their output together, and make a giant One Time Pad. I'd invent a way to keep track of where you and I were, in that pad. (You'd start at one end, and I at the other.) I'd physically copy that data onto my secure-Kindle, and your secure-Kindle, and then physically destroy the random number generating system in its entirety. (And then destroy the USB port on both Kindles.) If I ever got a suspicious message from you (re-using One Time Pad, etc.), I'd slag my secure-Kindle. And you and I would invent pass phrases that we would use to communicate messages in secret.
My secure-Kindle would also have a password to let me power it on. And it would have one or more dummy passwords. If I entered a dummy password, the system would act completely normally in every way, but it would secretly insert the phrase "[COMPROMISED, DO NOT TRUST!]" or something like it, in the middle of every message I send.
I might need to have the dummy password electronically wipe the system, to help protect you from a government forcing me to decrypt messages you sent me.
But I honestly don't think there's a good way to stop this. If they have physical possession of the device, and of me, they can force me to reveal my passwords, and there's nothing I can do to stop them.
Even if you use the "technically challenging" PGP (i.e. challenging for the layman), then the metadata still leaks relationships.
We need a replacement that is secure by default and easy to use, so that 'Mom and Pop' can make the easy switch. Get that right and you can replace email.
In my opinion, a company like Yahoo is in the perfect position to write, sponsor and open source an new innovative messaging solution, that is secure by default (and cannot be made insecure) and cannot be monitored. External validation of the source code and cryptographic implementation would be paramount. A whole ecosystem of new "secure messaging" servers and clients could spring up. It could be the next paradigm shift on the internet.
Yahoo are slowly getting back on their feet. If there ever was a perfect time to release a killer app that would resonate with the majority, it would be this. From trampled and downtrodden to the golden boys (and girls) again.
Go on Yahoo. I dare you!
So, either Petraeus was a blundering fool, or there exists no privacy for anyone...
I'm guessing that Petraeus was no blundering fool.
He was appointed to the CIA directorship after a career in the Armed Forces, where one would not have expected him to gain such security skills.
Also being head of an organization does not imply that one necessarily has the skills to do the work of the organization.
From a simpleton POV... there is a wire from my computer to an ISP. Then from that ISP to another ISP. Then from that ISP to a recipient. At any point some one can intercept and decode. So, AFAIAC, that's an end to it. Even if the data can be secured from being read, there is proof that one computer talked to another computer about something. That's often enough "evidence". Its an opening.
Frankly I don't see how the internet can be secure. AFAIK, it never was.
Tor/i2p mostly solve that problem.
> Frankly I don't see how the internet can be secure. AFAIK, it never was.
"internet" is not secure, but you can build secure communications over insecure transports as long as you are able to do initial key-exchange somehow securely (ie. face-to-face meeting). Something like OTR with Tor hidden services is very secure.
Ann has a key. Ann must know that the key is Bob's key. If Ann isn't sure that the key is Bob's key there's a bunch of bad stuff that might happen.
So now Eve can get the metadata, and be pretty sure that the stuff sent to Bob actually is sent to Bob, and not someone else, because it's encrypted with Bob's public key.
Eve can't decrypt anything. But my post wasn't about Eve getting any content, it was about Eve getting metadata that's cryptographically tied to an identity.
Where am I going wrong?
The point is that the headers of an email aren't encrypted (otherwise it couldn't be delivered). In the headers is who the message is to, who it's from, the subject, the time, and if you're lucky, the ip of the sender. All of that isn't encrypted and free for the taking and has nothing to do with the id attached to the key used to encrypt the content.
Without strong encryption you have metadata that can be tied to an identity using statistics with enough data.
With strong encryption you have metadata that can be tied to a key and an identity using statistics with enough data.
I trust providers that offer encryption to prevent basic things like my ISP looking at data or maybe casual eavesdropping if I'm in a foreign country. But the idea of hosted services that completely protect you even against the government of the hosting country, which is how these services seem to be sold, is sort of unrealistic.
And in the broader sense, I trust something like Lavabit less than Gmail. Permanently losing access to my email without any warning is a bigger threat to me than whatever ill defined privacy line Lavabit claims was being crossed. Email for me is primarily about convenient communication. If I want extra security for some reason, I'll use something else or combine GPG with email.
Of course, it all depends on what your threat model is. Are you a target of the NSA, or a jealous spouse? That's what this comes down to. Neither Lavabit nor Silent Circle could have given encrypted and unattributable email service - so if that's what you needed, you're SoL. If server-to-server encryption was all you were interested in, then the distros of pgpu they used would have been fine for you.
It's hard to think of a threat that would be stymied by server-to-server encryption alone. Maybe someone else has a good idea of what that might be, but it's too early for me.
Lava happened to have a known, admitted national security threat as a client/user. It is expected, legal, and proper for a national security letter to be used in this context.
It is possible that the NSL was demanding things that were way too broad, but I imagine that this was not the case (and rather that Lava had an ethical issue with the whole process).
I knew that well funded government agencies could probably get access to anything, so with that caveat yes, I trusted a few providers.
In general if it's important you shouldn't trust anyone. Use GPG, but do so carefully after reading all the documentation.
Yes I'm aware of GPG etc but no one else is.
Mixmaster remailers might add a little something wrt meta data -- but not enough to trust that difference IMNHO (assuming a large part of mixmaster servers are run by, or grants access to, various NATO-allied intelligence services).
In essence, secret keys and trust in public keys needs to be managed by the participants -- no third party can meaningfully manage it.
Not that GPG is particularly secure in the real world -- but it is much more secure than not using any form of encryption.
As have been mentioned elsewhere, a scheme where a provider encrypts email for you can never be provably secure, because it's almost impossible to show that the session keys used to encrypt data aren't selected from some predictable subset of the keyspace (say 1M keys derived from every date stamp with hour precision, keyed up with creation time?).
Or in a simpler sense; do you put your letters in an envelope, or do you just put a stamp on the paper?
If one of your risks is a well-funded agency of the US / UK government then these probably aren't a suitable option. Also, you'll want to change your OS to something hardened; and also your computer; and also put better locks on the doors; and also move to a building with no ground floor windows and some nice high fences with CCTV and good access controls.