Two major secure email services shut down earlier this month, with the people who run them claiming that email was a medium that was inherently not private. To keep operating would give their clients a false sense of security.
On Friday afternoon one of the companies, Silent Circle, posted further explanation of its argument. Basically it comes down to this: it may be possible to encrypt the contents of email to prevent someone else from reading it. But there is no way for an email provider to secure the information about who is communicating with whom. And over the past few months it has become clear that this kind of metadata surrounding electronic communications may be as desirable as the content of the messages themselves.
This has always been a potential vulnerability with email, but it has been difficult to exploit it until relatively recently, wrote Louis Kowolowski, SIlent Circle’s technical operations manager, on the company’s blog:
In the past, securing the body of the message was sufficient. The tools and techniques used for snooping were not on a large enough scale to allow the metadata to be useful. With the tapping of backbone internet providers, interested parties can now see all traffic on the internet. The days where it was possible for two people to have a truly private conversation over email, if they ever existed, are long over.
There are two technical issues that lead to this insecurity. The first is that encrypted messages are sent by the recipient and the sender exchanging encryption keys — tools that scramble a message and allow only the intended recipient to unscramble it . To do this, both parties need to be online whenever a message is sent. This is not how people use email. Secondly, current technical standards for email require that some information remains unencrypted, such as information about the identity of the people communicating, the time messages were sent, and the subject. “So, a PGP-encrypted message with the subject line ‘Pricing info for blasting caps’ may be sort of ridiculous,” writes Kowolowski.
There are some situations where this matters, and others where it does not. Email can be secured if the only goal is to make sure that no one can intercept sensitive information being passed along over it. One example is a company trying to protect its intellectual property. The parties aren’t worried about someone finding out they are in communication with one another. But in other instances, like activists organizing political activity, a record of who is communicating could be just as important as what they are saying. In an analysis earlier this summer, for instance, an associate professor of sociology at Duke showed how simple information about which American dissidents were involved in which organizations during the 1700s could have led the British to Paul Revere’s door before he had a chance to ride.
There is widespread agreement among security experts that digital privacy seems much more complicated in the wake of recent discloses about the National Security Agency’s surveillance practices. Some believe that the challenges will simply serve as a way to spark innovation to solve those issues. But doing so with email will likely require a change in the way that all links of the email change work. A single email provider can’t make its communications secure, argues Kowolowski. It would take all of them.
