The Failure of Email Encryption

about | archive

[ 2005-January-24 20:13 ]

Encryption for email has been around for a long time, but unfortunately no one uses it. Last week I was thinking about this issue because I needed to send a form with personal information. I had been communicating with this person via email, but I won't trust my personal information to the wide-open email system. Instead, I sent it by fax. Since I am a big geek, I don't have a fax machine but I do have a fax modem, so I sent the form via my computer anyway. If we had widespread email encryption I would have just emailed it, which would be much more convenient. The worst part is that these days, many fax numbers forward the faxes to an email address, meaning that it isn't any more secure than sending an email anyway.

How often would email encryption be useful? I would only use it occasionally. However, I imagine that others would have much more use for it, like sales representatives, bankers, doctors, and lawyers. The challenge is that for encryption to be useful a large fraction of email addresses must support it. How can we reach that critical mass? As I see it, there are two major problems: First, everyone must agree to a single standard; Secondly, encryption must be trivial to use.

The standards battle is probably the harder of the two and also matters less. It is more difficult because it requires consensus from a large majority of vendors who mistakenly believe that they little to gain by cooperating with others. It matters less because 99.9% of the users don't understand encryption; they just want it to work. It is really up to the implementers to get their act together. They need to stop creating new email protocols, and collaborate on something workable. It would be beneficial to everyone if a single standard for email encryption was supported. In the field of cryptography, like many others, a rising tide lifts all boats.

The usability challenge is more of a design problem. So far, the best email client that I have found is Apple's Mail. If you have an S/MIME digital certificate, Mail shows a seal icon next to your emails, indicating that it will be signed. If the recipient has a certificate, and you have received a signed email from them, it also presents you with a lock icon allowing you to encrypt your message for that person. However, it turns out that getting a digital certificate is hard. You can get a free digital certificate from Thawte, but it is a long and complex process. There is a very good guide to Apple Mail and digital certificates that describes exactly how to do it, and includes screenshots of the UI.

The grand challenge, as the author of the Apple Mail tutorial says, [widespread use of email encryption] is most likely impossible as long as the process of acquiring a certificate is as difficult as it is today. Why is this process difficult, and how can we make it easier? Getting a digital certificate is difficult because it is supposed to prove who you are. In the real world, we use government issued ID for this purpose. When I show my passport, it shows that the Canadian government asserts that the information about me is true. In the digital world, certificates are supposed to fill the same role. Unfortunately, it is relatively easy to fool S/MIME, mostly due to the weaknesses in the procedure for acquiring certificates and in the UI of email applications that use them.

The identity problem is a huge one, but I have a radical suggestion that seems like a good start: don't worry about certificates. I think of this as the "SSH approach," because I imagine it working similar to SSH. The first time you communicate with a user, you get a warning message asking if you wish to trust this person's identity. Afterwards, your computer verifies that the key does not change. If it does, you get another warning indicating that you may wish to be cautious. This eliminates a lot of hassle, and would allow email clients to automatically generate keys. This system could be potentially extended to rely on certificates for additional identity verification.

This very simple approach would have solved my problem, and likely would solve the problem for many others. It does not solve all the problems that digital certificates can, but at this point, I think the choice is between email encryption with weak identity guarantees or no email encryption at all. I would rather have any security above what we have today. If the system was cleverly designed, it might be possible to layer digital certificates on top. Interestingly enough, this seems to be the approach taken by Ciphire Mail (Wired News article is taking. However, I don't like their approach because there is no UI that shows if your emails are secure or not, plus everything is proprietary. However, at least this shows that I'm not totally mad to think that we can make a system work with weak identity guarantees.