Secure email a "daunting challenge"




I have spent quite a lot of time fruitlessly urging activists who are quite likely to be hacked that they should just encrypt everything. For some psychological reason they do not want to face up to the technological realities of their situation.


Humans are inherently lazy and do a bad job of associating today’s bad habit with tomorrow’s bad luck. The same basic reason they don’t want to encrypt every file they own is the same basic reason they get fat and are unable to shed the weight.

Without motivation no habits will be changed. I would have thought the Snowden leaks would be sufficient, but for some dumb reason there’s still a strong current of “well I have nothing to hide, who cares??” style thinking.

I guess until people are actually damaged in some way that they are forced to confront, adoption will be limited.


I remember the early days of PGP. The program was clunky. It was never made available as a library that could be linked in to other software. Phil Z was torn between desire to commercialize it vs. desire to see it in widespread use, resulting in some frustrating decisions about license terms. Even today, those problems persist. The most widely used PGP version is GnuPG, and it’s still not available as a library and still isn’t BSD license. (The author of that program simply can’t understand that software accesses components as linked libraries through dlopen, not as standalone executables.)
The NSA got very very lucky that Phil Zimmerman was “leading” things, and then got very very lucky with the release of GnuPG.
There are alternatives coming:


It’s the same problem as with PKZIP, the other great one-hit wonder of half-open software. You have something that is valuable as a standard and a creator who doesn’t want to let go but isn’t able to lead the implementation side of things.


Why don’t we all just print out the emails instead, and send them in sealed containers, so we can tell if they’ve been opened and read?


Seriously beschizza, do we really need an animated slide show next to the text of this Boing Boing item? Features like this make me think about unsubscribing to feeds. I can’t read text when something to the left or right of it is moving!

#8 out of the netherlands is in beta with a ‘secure’ email service. Not really sure if it’s secure or not, but they say that they encrypt everything. I haven’t used it yet, just got notice I’m getting a beta account this week. They’re still taking signups at I don’t know the EU laws on secret orders for access to data, so that’s one thing that has me concerned.


I think that’s called a letter. In an envelope. Mailed using postal services.
Pretty safe actually, as long as you are not targeted individually. And use a typewriter.


Thanks for the tip, I just signed on. You can’t be part of the beta testing anymore, but you’re on the list for an account when the service starts running next year. In the meantime, you’ll get a newsletter.


The US Post Office takes digital images of most letters simply as a part of the automated sorting process. If the mail’s pre-sorted with bar codes, it doesn’t need to do much with them; if it’s typed it does easier OCR, and if it’s hand-written it does much harder OCR. 20 years ago, OCRing hand-written zip codes was cutting edge, but Moore’s Law is your friend for technologies like that.

Has the FBI or NSA gotten them to keep all those images? Doing a mail cover of just about everybody is easier today than doing mail covers of Usual Suspects was 30 years ago. Getting laws passed or court orders issued to let them do it has also gotten much easier. Keeping all the images isn’t that hard, and storing all the text when that’s available is trivial. And if Moore’s Law continues to cut storage costs in half every year or two, for roughly double your initial storage budget, you can keep it all forever.


In other words: they collect metadata on snail mail. Didn’t think of this, but yeah, figures. You wouldn’t even need to store the digital image, filing the OCR data gives you all the information you need.


It isn’t merely an implementation problem, unfortunately: Getting people to securely store keys is… not really in the cards on most of the flyblown computers of today, and the classier brand of geek mercs (looking at you VUPEN) claims to have zero-days on tap for practically every OS you can buy, not just the usual windows trojans. Somebody needs to get non-backdoored HSMs down to a consumer price point, fast.

The other devil of the details is webmail. You want your email anywhere, nice and easy? Well, that means that your provider has to have the cleartext, so they can webpagify it and send it to you without any client software. Even today, setting up GnuPG isn’t that hard; but it more or less necessarily ties you to only those computers where you have an appropriate mail client and GnuPG set up. Even if the setup were effortless, encrypted email would still be garbage on any computer you don’t control and have time to install the client on.


I can’t even convince people to use good passwords (It’s shocking how many people use child’s name+birthyear). Getting them to use real crypto is next to impossible.


Getting people to use real crypto is easy; but only real crypto systems that, perhaps, trust certain parties who don’t really deserve it…

SSL/TLS, for instance, have mostly been a gigantic success, in terms of making sniffing the wire useless to any casual attacker with a copy of wireshark and a malicious open access point. It’s also dead simple for even users who wouldn’t recognize it by name to use.

Against a sophisticated or state-powered attacker with access to certs generated (by covert infiltration or by legal demand) by a trusted CA, though, SSL is toast.

Email is in a far more primitive state, in terms of level of rollout; but the tradeoffs are pretty similar: If you want crypto so easy that even a noob can do it, your corporate/institutional IT department can probably roll out hierarchical PKI and S/MIME, all handily enforced by policy, in fairly short order. But, of course, that just means that anybody who wants to read your email can get everything they need in one place. Getting everybody to use GnuPG and carefully safeguard their own keys, and the web of trust? Much safer; but Good Luck With That.


This topic was automatically closed after 5 days. New replies are no longer allowed.