On the contrary. End to end encryption is secure against a National Security Letter unless the NSL is served on either the sender or the receiver.
The only problem has been that end-to-end email has been too hard to use until now.
This is the scheme I am currently working on. We currently have two competing standards for end to end email security, PGP and S/MIME. When I was Principal Scientist of VeriSign and Jon Callas was CTO of PGP we would periodically meet and discuss ways to see if our two companies could come together and break the logjam. We even came very close to doing something about it and then the spam crisis hit and so DKIM became the priority and it was the wrong time.
There are some papers out at the IETF but they are somewhat technical and assume the reader already understands PKI at a very high level. There is a set of podcasts in production that should be out soon which are designed as an introduction.
But briefly, the solution is to apply a technology called public key encryption in which Bob has a public key that is published in 'some sort' of directory and a private key that only Bob knows and nobody else. Knowledge of the public key allows anyone to encrypt a message but not to decrypt. Only the holder of the private key (Bob) can decrypt.
My theory of why we haven't succeeded so far is that PGP and S/MIME are OK as far as usability goes but to succeed at Internet scale an application needed to be better than OK in the mid 90's, it had to be good. Today an application has to be great.
We have to make it as easy to send mail encrypted as to send regular mail.
The reason the NSA is not going to interfere is that:
- They are going to be rather busy with internal disputes for a couple of years,
- Quite a few NSA insiders agree with me that the real national security problem the US faces is the threat of PRISM etc. level attack on US and NATO infrastructure,
- The Web has added about 5% to global GDP as a result of the security that we added, the politicians are likely to buy my argument that we might add another tenth of that if we secure the other Internet killer application. 0.5% of global GDP is about 400 billion or a billion dollars a day.
- The NSA needs this security more than anyone else.
- They tried harassment last time round and it didn't work.
There is open source code up on sourceforge now. We are looking to have the system ready for alpha by the London IETF.
I do not claim that my system is the best one possible but I do claim that I have proof of concept. I have verified the design approach with numerous experts in the field and the very worst response was 'I don't see any reason it shouldn't work right now'.
The testbed is written to allow other researchers to share it though. So anyone who has different ideas to mine (combine PGP, PKIX and Certificate Transparency approaches) they can use my platform as a testbed.