Why isn’t all of our email encrypted when we send it? This seems like a huge security oversight because anybody could read the messages that you and I send.
The more I think about it, the less explicable I find this to be. This could lead to loss of privacy, identity theft, and other potentially damaging situations if the email got into the wrong hands, which is very easy to do. It would not be particularly difficult to implement either – solutions like OpenPGP already exist.
Between the time you send an email, there are multiple points where it could be compromised:
- On your device (or devices), as we have phones, computers, tablets, etc
- Your network’s email provider
- Any connections between you and the recipient
- Finally on the receiving end (their computer, phone, tablet could also be compromised)
There is the fact that you and your recipient need to secure your devices, make sure you have good passwords, etc, but that still leaves a pretty big gap. The servers on your email provider could be compromised or your receiver’s servers could be as well. There are many, many points of failure that could result in identity loss.
I’m not going to go into depth here, but the way it was designed, email is fundamentally insecure. It is however too vital to how we function to abandon. Hmm … quite a challenge we have here, I know, but that’s the problem.
On that note, I will acknowledge that Google and most other web mail providers do use SSL, but the data on rest on an email server would not be encrypted. For those who don’t know, there was a standard published to enable SSL email encryption, RFC 3207. The problem though is that quite a few servers (and we’re not just talking small servers here) turn RFC 3207 off. Perhaps that is due to the CPU use or some other resource. This seems like a pretty big oversight though to do it unless they have a good reason for not encrypting.
Although far from perfect, it seems like encrypting email should be far more widespread. Right now it can be difficult to set up a public/private key and the other necessary parts to get it working. What is needed is an easy, UI friendly way to get public keys from everyone that you are communicating with by email. We need some sort of standardized way to do this. I just don’t understand why more people use it?
I would hesitate to guess most people don’t know or they simply prefer ease over convenience? There are quite a few barriers.
- You must get and manage a chain of public/private key pairs. We need an affordable way to get a credible issuer.
- Publish the right public key in the chain to the relevant recipients.
- Depending on the situation, you may need to publish that key or upload it to the servers.
I suppose you would have to give up searching and perhaps mailing lists (although you could perhaps get the same public key to everyone on a mailing list).
So why doesn’t Google provide end to end encryption? Something like PGP being built into Gmail would be immensely helpful for security. I don’t think that the limitations are technical. They are commercial. In the case of Google and similar companies, I suppose that the other huge barrier is that they use email for targeted advertising of your email contents. In a sense, “we” are the end product of Google and for them to offer PGP would hurt their ability to deliver relevant context-generated ads to us (which reminds we why I use an ad blocker these days). I suppose the other challenge in the case of Google is that email contents can no longer be indexed for search. Another challenge would be that if Google were to do this, they would have to be in effect a key-storing company like Comodo, staking their reputation on the safety of your keys. While not impossible, I suppose that this would create difficulties. Finally, there is the matter of back-doors. I’m alarmed in particular at the government calls for back doors in all encryption and security. It’s pointless if that happens; eventually someone malicious will figure out those doors and compromise them.
There is one more problem. Even that if they could do all of this, it is not foolproof. Anyone reading will be able to see the To/From/Date/Subject line, but that is probably better than the contents. You can also encrypt your attachments if necessary as well.
I guess what is really needed is something that can replace email, but is much more secure.