There are at least two problems with the concept of encrypting email:
1) The number of email relationships that someone has is so large that exchanging keys with everyone is non-trivial. And if you decide that you want only encrypted email then there's bound to be someone with whom you desire to communicate who doesn't have the ability. So there's always a hole.
2) Even if you send someone an encrypted email there's no way to prevent them from forwarding it once they've decrypted it to someone else. So there's always another hole.

Put it all together and email is one of those things that it's hard to force into the "always-encrypted" model. And if it isn't always encrypted, it might as well not be encrypted at all.
posted by Runes at 4:56 PM on August 13, 2013 [3 favorites]

Certainly this is speculation, but I expect it's some variation of:

1. Currently, certain groups of people are able to trivially read all email you have sent and received.

2. There's no reason to believe that the group from (1.) will not grow substantially larger through either technical or legal means.
posted by 256 at 5:00 PM on August 13, 2013

I have always assumed, since the 1980s, that my email was readable by anyone sufficiently motivated. My motto is "never send anything by email that you wouldn't want to see on the front page of the New York Times."
posted by overleaf at 5:11 PM on August 13, 2013 [6 favorites]

You might be interested in following this discussion on HackerNews.
posted by aroberge at 5:12 PM on August 13, 2013 [3 favorites]

No matter what the encryption status of the email itself (and, frankly, nobody I know who tries to send encrypted email really has their workflow down right), I think we can assume at this point that the headers of the email are public knowledge. This means that even if a government agency can't tell what, exactly, you said, they can see that you communicated with a given person at a given time, and the size of the payload of the email.

For a simple view of what access to all of that metadata might mean, see Keiran Healy's notes on using metadata to find Paul Revere.

It's been regularly asserted by various legal experts that we commit several felonies every day. My sister was recently caught up in legal circumstances which made her a target of law enforcement, and eventually ended up pleading guilty to a trumped up felony as a package that included a reduced sentence to someone else.

So imagine a scenario where someone close to you is busted on charges that might put them away for a decade or two. DA comes to you and says "metadata on these email exchanges seems to be enough to take you to trial, but if you'll take an F3 [for destruction of evidence or obstruction of justice] and probation, we'll drop the charges on your loved one down to five years with time off for good behavior".

You can almost certainly beat the charges at trial, at huge expense, but if you go to trial then the DA's gonna play hardball with your loved one.

This is almost exactly what happened to my sister. Substitute "phone call to a relative of one of the other people involved" for email.
posted by straw at 5:21 PM on August 13, 2013 [10 favorites]

This interview with Lavabit's founder is fairly telling and provides more context to the quote, I think.
posted by averageamateur at 5:32 PM on August 13, 2013

> Levinson wasn't talking about the privacy/security holes related to encrypted (or even regular) email.

I didn't get this from the quote and I'm not sure where you're getting it from. I think he is specifically talking about the privacy/security issues inherent in email, which is to say, a medium that is 99% plaintext, un-encrypted, trivial to intercept / forge, etc.

Aside from that, email is a pretty nice medium. It's robust, it's been around forever, basically everyone can use it, there aren't any major SPOFs (aside from, increasingly, Gmail), it's an open protocol with many open implementations, etc.
posted by Kadin2048 at 6:27 PM on August 13, 2013 [2 favorites]

Here is a link to an interview with Ladvar. Here is the meta thread where it is discussed. I understood that quote to mean that if you wish privacy and security, email is not a good solution. If you care about privacy or security, don't use email. If you read this article posted today in the NYTimes, it gives a flavor of what it takes to be secure. Essentially you need an "air gap" or a computer that has never connected to the internet.

These two links posted by Homunculus help. Watch the video if you can rather than read the transcripts. I think it helps to see and hear Ladvar.

homunculus: "Democracy Now: Owner of Snowden’s Email Service on Why He Closed Lavabit Rather Than Comply With Gov’t

Former Internet Provider Gagged by National Security Letter Recounts How He Was Silenced For 6 Years"
posted by JohnnyGunn at 6:30 PM on August 13, 2013 [1 favorite]

overleaf: "I have always assumed, since the 1980s, that my email was readable by anyone sufficiently motivated. My motto is "never send anything by email that you wouldn't want to see on the front page of the New York Times.""

One of the problems with email even if you are aware of it's essentially public nature is the people you correspond with often fail to maintain proper awareness. Those people's indiscretion can implicate you even if you never say anything you wouldn't publish.
posted by Mitheral at 6:37 PM on August 13, 2013

I don't read this as a hint that there's some big secret about email either—just that trying to run a secure email service revealed how insecure most email really is. Before I learned a little more about network protocols, my mental model of email was almost entirely wrong. I suspect most webmail users have similar, completely inaccurate conceptions of how email actually works. Here's how my model diverged from reality. (Sorry if you're already clear on all this—it's always tough to judge, and hopefully useful to others).

I put most of my postal mail in an envelope. This keeps letter carriers from casually reading my correspondence, but lets them see the address of the recipient. If it's important, I might use a tamper-proof envelope that makes it clear whether it's been opened along the way. The US government does photograph the outside of all the mail I send and receive and store it in a database, but the content inside is protected by law. (Of course, there's not much physical security. It would be easy for a determined attacker who didn't care about the law to intercept and read all my mail).

The icon for every mail client I've ever used is an envelope, but it ought to be a postcard. Email was just not designed with envelopes in mind: for the most part, the address and content are both sent over the network in plaintext. And really, it ought to be an unusually big, very serious postcard, because an email message stores much more metadata than a postal address, and contains longer messages that typically say more than "Thinking of you in Rio!"

Those who really trust the USPS might be comfortable with a postcard-only mail system. The messages would stay inside the postal system, and maybe nosy employees would get fired or sued or something. But emails pass through lots of untrusted hands before reaching their destination, and there are fewer, weaker laws about reading them in transit and storage. Unlike real mail, which I throw out or shred, my webmail accumulates in a searchable archive, which becomes an easily-subpoenaed business record after 180 days. And the cost in time, effort, and space of collecting everything is even lower than intercepting physical mail: with a little help from service providers, it's cheap and easy to tap the biggest fiber optic cables, suck up everything, and store it forever, which seems to be what the NSA is doing (or aspires to do).

Something like PGP encryption is the equivalent of an email envelope that protects the content and prevents tampering. Better, even, since code protects the content instead of law. Unfortunately, encryption isn't as nearly as easy—imagine a world where envelopes are arcane, unfriendly technology impossible for most people to use correctly.
posted by ecmendenhall at 6:51 PM on August 13, 2013 [10 favorites]

> using email for trivial correspondence.

This is much harder to do than you might expect.

First, even if you just ignore the content of the emails completely — and this is true of encrypted email as well, incidentally — just analyzing whom you correspond with can leak substantial amounts of information. E.g., even if you exchange nothing but cookie recipes and the most banal pleasantries, if your social circle are all members of the local Anarchists Collective (or suspected Al Qaeda cell, or whatever the threat du jour is) then you could be in trouble.

Second, even if you are extremely careful about what information you transmit, your correspondents may not be quite so careful, and that could get you in trouble. By the time you've received an email with incriminating information in it, it's far too late. Again e.g., you could be exchanging cookie recipes and there's nothing to stop someone else from tacking on "PS - See you at the next Anarchists Collective meetup!!" and then, whoops, you're stuck. Everyone you correspond with has to maintain very good communications discipline to not leak anything.

The safest move, if you are trying to avoid surveillance, is not to get into a cat-and-mouse game with an adversary that has far greater resources (potentially) than you realize; instead you just refuse to play and use some other medium.
posted by Kadin2048 at 6:59 PM on August 13, 2013 [1 favorite]

One slight clarification: email headers are not something you can encrypt, so yes, this means that who you email is always something someone can figure out if your emails cross their servers, even if you encrypted them on your end.

This doesn't, however, imply that the payload length can't be obscured by padding the email with nonsense characters before encrypting. If you padded out all emails to a megabyte or so you'd guarantee nobody would know how big each email's true payload size was.

But yeah, email is about as safe as regular mail. Anyone along the way can open it up and look at it, anyone who receives a message from you can share it with anyone they'd like to, etc.
posted by Precision at 7:38 PM on August 13, 2013

I have one further possible theory, and it starts to verge into the paranoid, but.. Because of the incident mentioned up-thread, I have have been thinking about ways to communicate with family securely. One of those would be to exchange public keys and use something, PGP with email, RetroShare, one of the OpenWhisper packages, for the actions messages...

But confirming public keys means something more than sending the key via email, we would need a second channel to confirm the key to guard against a man-in-the middle rewrite and subsequent intersection.

I had dismissed the notion that there was regular rewriting of message bodies as paranoia, but it is technically feasible in many circumstances, and if those involved in a conversation don't use multiple channels a MitM attack, including spoofing keys and rewriting encrypted content is not beyond conceivable.

And to the comparisons up thread to postal mail, in postal mail you are more likely to notice that the envelope has been tampered with our that the physical letter itself has been replaced. In email you need encryption (or a at least signing)...
posted by straw at 7:20 AM on August 14, 2013

I guess I interpreted Levinson's statement as saying there was a concern about using email at all.

I'm on my city's library board, a volunteer position. We've been warned by the city not to use our personal e-mail accounts for our library board correspondence, and to always use the ones the city provided, because if there was a legal problem and we'd used our personal e-mail for city business then all our e-mail could become public record.

I wonder if he's warning about that sort of thing.
posted by The corpse in the library at 8:58 AM on August 14, 2013 [2 favorites]

But confirming public keys means something more than sending the key via email...

That's what the Key's fingerprint is for: call each other on the phone, and then read the fingerprint aloud to confirm that the fingerprint you derive from the Key that you received is the same as the fingerprint on the Key they sent to you.
posted by wenestvedt at 12:10 PM on August 14, 2013

It might be worth noting that there is an ongoing effort to make GPG email encryption easier to use: STEED. It is not without controversy, as the article notes, since it throws out the "web of trust" model used by GPG in favor of a "trust upon first contact" model, because in practice that's what people do anyway.

It was widely considered to be dead-in-the-water because depending on actual implementation strategy it requires significant changes either in MUAs, mailhosts' DNS configuration, or both, but it is possible that concerns like Levinson's might generate enough interest in securing email to actually move things forward a bit.

Although as I noted in my other answer, even if you encrypt all your correspondence there is still the possibility of traffic analysis. Though that's a problem with just about any communications medium (even paper letters!) so I'm not sure it's a hugely valid criticism.

But the major problem with email is the huge installed base of users creates terrible inertia against any improvements, while some newer system (e.g. encrypted instant messaging?) might have far fewer users but be easier to secure since you don't have to worry about software written back when Bob Dole was a candidate for President.
posted by Kadin2048 at 1:16 PM on August 14, 2013

Re wenestvedt's comment about key fingerprints: Exactly, which is why I mentioned needing a second channel. However, if the MitM attack is deeply entrenched in major service providers, and people are using the "on first contact" that Kadin2048 mentions, well... then...

The reason I've dismissed these fears so far as paranoia is that if you phone the key fingerprint and it doesn't match, then you know you've been MitMed, and we haven't heard many people mention that circumstance publicly. However, that could be because nobody's bothering to confirm keys.

Security isn't about technology, it's about humans following protocols. Technology can make it easier for humans to be careful, or it can make it easier for humans to be horrendously insecure. Email has never erred on the side of security, what I think we're finding is that it's now erring on the side of enabling exploit.
posted by straw at 2:00 PM on August 14, 2013

Recent developments: Lavabit's owner threatened with arrest for shutting down rather than spying on customers. From the BoingBoing post:

This gives additional context to the decision of Lavabit competitor Silent Circle to pre-emptively shut down its own private email service as well, in advance of any sort of court order. If a secret court can issue a secret order requiring you to spy on your customers, and if shutting down the service will land you in jail, then simply not operating the kind of service that spooks find snoopworthy is the only option.

posted by Lexica at 9:38 PM on August 16, 2013

This thread is closed to new comments.