I am an e-mail administrator for a non-profit organization that communicates extensively via e-mail with public interest environmental lawyers and human rights activists, a high percentage of whom live and work in either developing countries or countries with poor human rights track records. The organization ostensibly values highly the confidentiality of it's communications and the safety of its partners yet it's e-mail communications have traditionally been carried out entirely in clear text.
I am relatively new to the organization and have been pushing for the adoption of PGP encryption and the addition of a confidentiality disclaimer on outgoing messages. I was surprised at the level opposition to both of these suggestions on the basis that they would bring unwanted scrutiny from our partners' domestic security agencies that may be monitoring their citizens' e-mail traffic for "disruptive" activity. Some have suggested that, barred from the opportunity to freely read the e-mail, the authorities might resort to less passive methods to find out what our partners are up to. Even a confidentiality disclaimer on a plain text message, it has been argued, could spark an unwanted level of attention. Is anyone aware of real research, or anything other than anecdotal evidence, to support the idea that adopting encryption and legal disclaimers might have negative personal safety impacts in some countries? I would appreciate any links you might have to papers or just a solid argument in support or against based on your experience. My general feeling is that the internal security apparatus in these countries already know who the political troublemakers are and if they're interested would already be (and probably are) intercepting their e-mail. This makes me think avoiding the use of available privacy tools to duck attention is rather like an ostrich sticking its head in sand. Glenn
