It should go without saying that if the company can get access to the plain text of the e-mails stored on its servers then somebody else can as well. Needless to say even if an online service proclaims they securely store your data and it can not be accessed that is not usually true. The only secure option is to encrypt the data while it’s still on your machine and then send it out. For instance I backup much of my data to an online store service. Before the data leaves my system it’s put into a TrueCrypt partition. Only I have the key to decrypt the partition so even if a government entity forced my storage provider to hand over my data there is no way for that provider nor the government to decrypt it (obviously I mean before I die, they could brute force the key but it would take practically a century and I doubt I’ll still be alive when they find out my encrypted partition contained nothing important nor incriminating).
Posted by rlssec