The extramarital affair scandal engulfing former CIA director David Petraeus has brought massive public attention to the convoluted U.S. laws governing e-mail privacy. We've got some quick tips for keeping your electronic communiques private.
Before getting into the more technical side of things, there are some simple behavioral changes you can make.
Always log out of your e-mail when you're done using it. This goes for any online service, including social networking sites. Logging out prevents a cached password from keeping you signed in even after the browser has been restarted.
Never use your preferred personal e-mail account for highly sensitive communication. Set up a new e-mail account that's not connected to you in any way, and is only used for communicating with that one person. It's a good idea to keep sensitive information out of your subject line, too.
Change your location so that your IP address changes. Pick up your butt and head across town to a restaurant or cafe with Wi-Fi that's not in your usual haunts list, some place that's not near your home, office, or hotel. Access your alternative e-mail account only from one of these alternative locations, and do not under any circumstances log on to any of your "regular" accounts from that alternative location. Those easily could be used to track your movements and connect your "secret" account to your main ones.
Masking your IP address sounds technical, but it can be as simple as installing a program. E-mail is less like a sealed letter, and more like a postcard -- with the proper know-how, it's not all that hard to flip it over and read it. The most direct way to do it is to use a reputable service like TOR (download for Windows | Mac) or HotSpot Shield (download for Windows | Mac).
Using PGP encryption remains the most effective way to make the inherently insecure e-mail a safer way to communicate. PGP is not particularly easy, however, and works best with a desktop e-mail client like Outlook or Thunderbird -- both of which are falling out of use as webmail continues to dominate. There is no major webmail service that supports PGP encryption, although there are services like CounterMail (which I haven't used yet) that do.
The best way to avoid the pitfalls of Petraeus is to simply think about what you're doing, of course, and maybe to knock off cheating on your spouse if you're in a high-level government position dealing with national security concerns.