Having listened to the past two episodes made me think some more about email in a professional context, particularly legal practice. Email messages and attachments are not, by default at least, encrypted. This doesn’t overly matter if both sender and recipient are running their own IMAP servers on their own hardware because all legs (sender’s email client to sender’s server, sender’s server to recipient’s server and recipient’s server to recipient’s email client) use encrypted tunnels. However, the messages sit on the servers (for some period if POP and indefinitely if IMAP) as unencrypted data. Even if the mail service has superlative security that prevents a bad actor from accessing it, that data is subject to legitimate subpeona. Further, there is strong argument that as it’s in the hands of a third party, it’s no longer privileged (that may not be the case in the US, but I don’t practice there!).
Has @macsparky (or anyone else) any thoughts? Do you just not use email for potentially privileged communications? iMessage/ Whatsapp/ Telegram would be fine (as long as you don’t backup to iCloud) as there messages are encrypted end-to-end. Using and email service that provided some form of full disk encryption (like Filevault) would also work, providing you (not the service provider) could generate the key.
As I said, thoughts on the issue most welcome.