Hi there,

I recently launched a website that has a private messaging system.

Just wondering if it's common for a web application to encrypt private messages (using some kind of salt), so that those who have to maintain the database aren't exposed to their content?

Thanks in advance.

I would imagine not. Email generally isn't even encrypted--neither in transport nor in storage. But, whether you encrypt user messages should be dependent on a few things:

can you trust your DB maintainers?
does the nature of your site imply that level of security?
is privacy critical to the nature of your site?
can your system handle encrypting all that data?
is it reasonable to encrypt every message and decrypt it on every access given the nature of and expectations on your site?
have you safeguarded your site to a reasonable level against attacks?

Some of those are sort of the same question. But imo, it's often good to phrase the same concept a few ways to get a broader perspective on it.

I'm just curious about possible legal issues, as well as protecting user communication from those who maintain the database. The issue for me is not so much trust, but ethics. Even the most trustworthy person should not be reading private correspondence that isn't intended for them.

Emails may not be encrypted but if my ISP wanders in and has a browse through my private emails, they're in huge legal strife..

Emails may not be encrypted but if my ISP wanders in and has a browse through my private emails, they're in huge legal strife..
Don't count on it. Several employees at your ISP have probably already seen your mail. There's a good chance they even read it for fun. And there might even be clauses in their service/privacy policy that explicitly allow them to see your mail for maintenance purposes.

I can't say what the ISP I worked at had for a privacy policy or disclaimers. But, I can say for sure that email wasn't encrypted. And I can say that we often had to open people's mail files to correct formatting issues that arose from concurrency problems.

I'm just curious about possible legal issues, as well as protecting user communication from those who maintain the database. The issue for me is not so much trust, but ethics. Even the most trustworthy person should not be reading private correspondence that isn't intended for them.
As far as legal implications, you would have to ask a lawyer to be certain. My understanding is that you can write a disclaimer and privacy policy to remove your liability either way. So, in my humble opinion, if you can easily implement some sort of encryption, do it. But, in any case, write a disclaimer and privacy statement that conforms to what you've implemented. And, include a clause that makes it clear that you're not responsible for the malicious activity of 3rd parties (hackers and 3rd party servers through which their messages are channeled to reach yours).

But, don't put a huge tax on server performance for the sake of people's privacy. Unless your site is founded on messaging of the most private and sensitive nature, I think you're probably going for extra credit with any kind of encryption. So, if you do want to introduce some encryption to prevent messages from catching your maintainers' eyes (purely on accident, of course), make the encryption simple, standard, and possibly even keyless. It's not worth encrypting someone's messages if they're all lost forever when the user forgets his/her password.

Know what I mean?