Comments on: Why did email encryption never catch on?

Question: Why did email encryption never catch on?

skryche — Thu, 10 Nov 2005 05:26:48 -0800

Why did email encryption never catch on? Is it a matter of laziness or are there sinister conspiracies at work?

By: Leon

Leon — Thu, 10 Nov 2005 05:35:57 -0800

It wasn't bundled with Outlook Express.

By: Ryvar

Ryvar — Thu, 10 Nov 2005 05:38:39 -0800

Partly a matter of laziness, but mostly because encryption was not required by the protocol spec. Since you didn't know if people on the other side could transparently read your encrypted email, by default you wouldn't send encrypted emails.

If you really want to do something about it, create an SMTP-like protocol with a strong default encryption system that is flexible and extendable, give it a really snazzy name, and hype the fuck out of it. Write it up in an RFC. Maybe setup some tie-ins with ISPs like AOL (they're trying to paint themselves as security-conscious this year) or systems retailers like Dell or try talking MS into supporting your protocol in Outlook Express. Or Thunderbird. Get Slashdot buzz. Whatever.

By: Plutor

Plutor — Thu, 10 Nov 2005 05:39:03 -0800

Lots of reasons. Sure, laziness. Non-bundledness. Necessity of a universal standard, combined with egotistical corporations (just look at SPF/Sender ID/DomainKeys for a similar conflict). The perceived unnecessity of it.

By: chrismear

chrismear — Thu, 10 Nov 2005 05:39:46 -0800

It's not easy enough. I'm a pretty savvy computer user with a vague interest in this kind of thing. Heck, I've even been to a keysigning party. But I still haven't managed to muster up the motivation to figure it out and get it set up.

What do I use? PGP? Is that built into Mail.app? No? What's this other thing? I need a certificate for that? Where do I get one of those?

By: mischief

mischief — Thu, 10 Nov 2005 05:53:51 -0800

Extending from what chrismear wrote, it's not invisible to the user.

Address, type message, send; that should be all it takes. Nowadays, the text of a growing percentage of the email I receive is in the subject line. The body is empty, or contains the words, See Subject.

Users can't be bothered and businesses don't see a return on investment.

By: smackfu

smackfu — Thu, 10 Nov 2005 06:06:44 -0800

BTW, a lot of business email platforms have it built in, and it is very easy. For instance, in Lotus Notes, it's just a matter of checking boxes that say "Sign" and "Encrypt".

By: Godbert

Godbert — Thu, 10 Nov 2005 06:07:24 -0800

I think that encryption not being part of the spec, or bundled with major e-mail programs and enabled by default, kept it from taking off initially. Now, that inertia, coupled with the fact that a lot of people check their e-mail through a web interface, keeps it from catching on now. That, and a lot of people send mail that doesn't really need to be encrypted; people who have a need to exchange communication in a secure manner will find a way.

(In college, I was part of a team working on a project to provide a PGP-enabled webmail system. I should keep working on that.)

By: chunking express

chunking express — Thu, 10 Nov 2005 06:22:04 -0800

It's not just laziness, though I agree that's a big part of it. For one, most people just don't care enough. Most people probably think, and rightly so, that people don't care enough to read their mail. Two, distributing keys and what not is actually non-trivial.

(In college, I was part of a team working on a project to provide a PGP-enabled webmail system. I should keep working on that.)

See HushMail.

By: mathowie

mathowie — Thu, 10 Nov 2005 06:25:37 -0800

I think it has everything to do with user experience. I know in Apple Mail it's pretty slick and clean, but it's still a pain to get a key and set it all up.

It needs to be super easy, built into applications, and completely invisible to users. It's never been all three of those things.

By: KirkJobSluder

KirkJobSluder — Thu, 10 Nov 2005 06:33:25 -0800

Well, for me one of the problems is that at various stages in my career, I'd be using between 3-12 different computers over the course of a week, most of which don't give me permission to instal pgp or gpg.

By: Wild_Eep

Wild_Eep — Thu, 10 Nov 2005 06:35:03 -0800

If you want a nice lead-you-by the hand way to get a free certificate for MacOS X's Mail application, go here.

By: tommasz

tommasz — Thu, 10 Nov 2005 06:51:45 -0800

I tried setting up encrypted email between work (Outlook 2003 on WinXP) and home (Mail.app on OS X). It took a lot of work to get something that: a) worked at all on each mail program, b) was recognized by the other side and c) seemed worth the effort. I never used it. I had to get a new work laptop and I haven't bothered to reinstall. To be honest, a flash drive is easier to use and doesn't restrict attachment size so I use that to transport files back and forth.

By: Godbert

Godbert — Thu, 10 Nov 2005 06:56:27 -0800

chunking express : See HushMail.

That was part of the idea to do the project; what this project was designed to do differently was provide more security for the underlying keys (by not storing them on a central server where they could potentially be compromised).

I'm getting off-topic now. If, for whatever reason, anyone wants to know more, my e-mail is in my profile.

By: Mitheral

Mitheral — Thu, 10 Nov 2005 07:36:39 -0800

It's really the necessity for an awkward key swap that has stopped it. What is needed is something like the finger command applied to mail servers.

1) You compose an email and check the encrypt box.
2) your mail server fingers the recipients mail server for their public key
3) if the recipient doesn't have a public key specified the mail server generates a temporary key pair.
4) either way your mail server encrypts the mail message using the supplied public key.
5) when the recipient receives the email message she hits her decrypt button on the message. If they are paranoid the mail package prompts for a pass phrase and then uses that pass phrase to unlock the locally stored private key. The more trusting stores the private key on the mail server and asks the mail server to automatically decrypt all mail before handing it to the mail package. The same can be done for mail server generated key pairs.

Get MS to make something like the about the default in Exchange and it would take off. Unfortunately encrypting stuff imposes a significant load on the server.

By: profwhat

profwhat — Thu, 10 Nov 2005 07:46:53 -0800

Widespread use of public key encryption would require an effective infrastructure for securely distributing and authenticating public keys. Otherwise, the only way to get someone's public key is for them to have given it to you, and that's rife with practical problems and security problems.

Although it's technologically feasible to create a public key infrastructure (and many companies have tried), no single infrastructure ever gained enough people's confidence to be useful to anyone.

By: Mitheral

Mitheral — Thu, 10 Nov 2005 07:54:09 -0800

Oh I forgot the mail server's themselves would need key pairs so that the recipent's mail server could sign the public key being provided to the senders server. That way the sender's mail server could verify it was supplied with the correct key. So you still need a trusted public clearing house for mail server keys. Your back at square one but at least it's now IT professionals dealing with key swapping rather than every clueless tom, Dick, and Mary.

By: cactus

cactus — Thu, 10 Nov 2005 08:05:34 -0800

profwhat: I'm not sure you what you mean when you say there are security problems inherent in giving someone your public key yourself, versus them getting it from some repository. I thought what was meant by the term 'public key' was that you could give it to anyone without compromising your security.

By: odinsdream

odinsdream — Thu, 10 Nov 2005 08:07:46 -0800

I'm a highly technical user, and even I haven't successfully set up encrypted e-mail with any mail clients. I think Pine has something that makes it really easy, but I'm probably in a dwindling minority of Pine users.

What, in my opinion, is more influential is the fact that nobody -cares- about encrypting their e-mail. Tell someone that sending e-mail is like writing a postcard, everyone that handles it can read it, and they'll likely shrug a "So what?" Rightly so - the majority of my e-mail is non-critical. The stuff that isn't, well, that would be encryption-worthy, but at that point you have to have:

1. Topic requires encryption
2. Both parties want to encrypt
3. Both parties know how to encrypt
4. Both parties have software that is compatible
5. Key exchange nightmare

...it's just cumbersome.

By: odinsdream

odinsdream — Thu, 10 Nov 2005 08:08:51 -0800

cactus; that's correct. Carry on.

By: kcm

kcm — Thu, 10 Nov 2005 09:12:47 -0800

Papers have been written on this: Why Johnny Can't Encrypt.

By: RustyBrooks

RustyBrooks — Thu, 10 Nov 2005 09:23:37 -0800

The reason it's important to protect the process of giving out public keys is this: Let's say alice wants to send a message to bob. So she wants his public key and goes to, say, a key server to get it. No problem right? Except Carol has inserted HER public key in place of bobs. Whoops -- now bob can't decrypt it, but Carol, CAN.

So, noone can harm you using your public key, but if they can substitute their public key for yours, then they can read any traffic intended for you.

If you can hand someone your public key yourself, or through a trusted forum, then it's fine. But the former is cumbersome and the latter comes with security problems of it's own.

By: nakedcodemonkey

nakedcodemonkey — Thu, 10 Nov 2005 10:35:02 -0800

Phil Zimmerman, the inventor of PGP, talked to ITConversations about this . He cited many of the reasons above, and noted that even he almost never digitally signs email. Why? Not for lack of knowledge, that's for sure. It's because his lawyers insist on it.

There are a lot of corporations that could be using encryption and signature technology, but they choose not to because the benefits come with very big risk of having made it easier for someone to successfully prove the source of some employee's ill-thought email.

By: fishfucker

fishfucker — Thu, 10 Nov 2005 10:37:13 -0800

I used to work for a company that sold a pretty slick PKI that basically made encryption invisible to end-users; however, it cost something like $10,000 and would really only cover people within your company (unless you could convince everyone else to also use a PKI and cross-sign your root certs). There's probably space for a really kickass open source solution to this -- maybe something that integrates flawlessly with Thunderbird (our product worked seamlessly with Outlook and was simple enough to use that everyone in our company, including the salesmen, receptionists, etc, used encrypted mail for inter-company communication).

By: substrate

substrate — Thu, 10 Nov 2005 10:41:10 -0800

For encryption to take hold it needs to be like falling off a log. I was religious about encrypting or PGP signing my email for a while but I realized that:

a) Rarely any of my email warranted it
b) Most of the recipients wouldn't have a clue what a PGP signature block was
c) I could count on one hand the number of people I could actually exchange encrypted email with.

For a signature to be meaningful Joe Blow has to recognize it as a signature. Everybody knows what the ball point scribble at the bottom of a contract is. Next to nobody knows what the line noise that is a PGP signature is.

The same goes for encryption but no encryption passes the "can my 79 year old dad understand it?" test.

By: poweredbybeard

poweredbybeard — Thu, 10 Nov 2005 12:07:53 -0800

Whenever encryption comes up, I usually have this thought: If you really truly need to worry about encrypting your email, the FBI already has a trojan or keylogger on your box.

By: fishfucker

fishfucker — Thu, 10 Nov 2005 12:53:40 -0800

Whenever encryption comes up, I usually have this thought: If you really truly need to worry about encrypting your email, the FBI already has a trojan or keylogger on your box.

I guess. I found it handy to encrypt passwords, etc, to send to people without worrying about it.

By: Mike C.

Mike C. — Thu, 10 Nov 2005 20:38:59 -0800

It's just too difficult and abstract for the average email user. Plus, no web-based email service (that I know of) supports it. From personal experience, S/MIME seems to work pretty well and it's built-in to most "modern" email clients... it's a shame so few use it.

Note to chrismear: if you interested in S/MIME I'd be happy to help, contact me through my profile.

By: aaronh

aaronh — Fri, 11 Nov 2005 06:53:41 -0800

Whenever encryption comes up, I usually have this thought: If you really truly need to worry about encrypting your email, the FBI already has a trojan or keylogger on your box.

So I assume you send all of your mail on postcards, too?

By: Rhomboid

Rhomboid — Fri, 11 Nov 2005 21:06:38 -0800

A lot of people have already mentioned the problems of key exchange / key management / web of trust. It is true that this is a hard problem. But it is not true that this is the ONLY way to deal with the issue of email encryption.

The first thing to realize about email encryption is that there are two competing camps: PGP and S/MIME. They each approach the problem differently, and have different strengths and weaknesses.

PGP: This is the one that most people are familiar with. In order to encrypt a message to someone, you need only their public key. However, to be sure that the public key that you have is really theirs, you need to form a chain of trust between you and them. This is the purpose behind keysigning parties, where you actually meet in person, look at someone's drivers license, verify their identity, and then have them initial a printout of their key fingerprint so that you know it is theirs.

To form this web of trust takes a lot of work and most ordinary people are oblivious to it. You can certainly just send off emails to people and trust that their public key is what you think it is, but that's not a great security practice.

Another feature/problem of this method is message signing, which you are probably very familiar with. You've all seen a message that contains stuff like "-----BEGIN PGP SIGNED MESSAGE-----". This "ascii-armored" method of signing is common, but it makes messages look rather fugly, at least in my opinion. There is an alternative, which uses a mimetype of "multipart/signed" and attaches the signature rather that including it in the plaintext. However, certain microsoft crapware doesn't handle this correctly (even though it's been an internet RFC for like 8 years now) and so recipients using LookOut will see a blank message.

Most email programs support PGP with third party plugins.

The alternative to this is S/MIME, which has much better stock support in most email programs. It also does not suffer from the problem of having to use the fugly "ascii armored" crap for signed messages. And it uses the same trust model as HTTPS - there are certificate authorities whom everyone explicitly trusts, whose function is to verify identities and issue certificates. In this model you don't have to manually form you web of trust, but instead you just place all your trust in a firm like Verisign and hope that they never make a mistake. On the surface this is much easier, but it does have problems: getting a cert is not always easy and free. For personal use there are a couple of firms that will issue one for free (like komono) but in general you have to pay, just like you have to pay for a SSL certificate. This has hindered implementation, compared to the more free PGP methods.

So, here you have two competing standards, each with distinct advantages and disadvantages. Both can be made to approximate the "just click here to encrypt" model, but doing so does sacrifice some security (in that you can't always trust the recipient's key.)

When you combine this with the fact that most regular people just do not understand how things like encryption, message signing, and web-of-trust work, and the fact that most people still think, "Oh I don't have anything to hide, why should I bother with signing or encrypting" you get the result that it's hardly used.