In general, to protect digital communication the following features are important:
- Verification: The addresses of the sender and receiver can be verified to be owned by the expected persons.
- Anonymity: The sender and/or the receiver of a message cannot be associated with an identifier by a third party. If identifiers are available, the identifiers cannot be linked to other identifiers of the real person (ie name, address) with sufficient degree of certainty.
- Privacy: The content of a message cannot be translated into meaningful content with a sufficient degree of certainty by a third party.
- Integrity: The system used for communication behaves as expected by the sender and receiver of a message and cannot be corrupted by a third party
- Content: The expected content of a message is not of sufficient interest for a third party to invest resources to overcome existing barriers to protect the communication.
- Intelligence: The sender and the receiver understand the information and meta-information which is available to a third party as a consequence of their communication and how itmay be exploited for harm.
The “Pretty Good Privacy” (PGP) method is not considered as necessarily safe [Link]. For example, it encrypts a message but does not verify the addresses of the sender and receiver. If somebody creates an email with the name of a friend, contacts you and asks you to share encrypted information, the sent information will not be protected. Only if you are sure that you have the email of your friend (verification), and send the PGP-encrypted message, the contents will be protected. However, the meta-information of pairs of senders and receivers may still allow to create
a social network of electronic address (and the assumed identities of their owners).