A lot of fuss has recently been made about the abuse of personal data that users share via social media, but seemingly half the planet has forgotten that we all still use email on a daily basis, and that email is far from secure. 3.7bn people have an email address, and between them they send 269bn emails every day. So why do we fail to pay attention to the security risks and the privacy dangers? Is it only because we are moved by fashions, and when we become used to something we stop worrying about the dangers?
There are many good reasons to love email. It is free, commonplace, and it can be relied upon to work, allowing anybody to send a message, and attachments, to anybody else. There are 3.7bn people you can contact just by knowing their address, which makes email an incredibly powerful tool, as spammers and phishers appreciate. The ubiquity of email prevails even though email was never intended to be secure. When it comes to preventing an unauthorized user from intercepting or altering a message, the words of an email might as well be written on a postcard. Worse still, many are addicted to sending supposedly important documents and other files as attachments, irrespective of the ease with which they may be copied by anyone with access to the communication chain. One of the great strengths of email is also a weakness; there is reluctance to make changes that would affect the widespread interoperability of email between different systems and users.
A new academic paper entitled “Securing Email” by Jeremy Clark, P.C. van Oorschot, Scott Ruoti, Kent Seamons and Daniel Zappala discusses how to improve the protections around email. Broadly speaking, the authors recognize the tensions between solutions that rely on centralized authorities to oversee security and those which seek to encrypt messages from end to end. Reliance on authority reduces the burden on users, but begs questions about who is trusted to be the authority, and the decisions that the authority will make, especially as governments have an interest in snooping on emails too. Encrypting messages from sender to recipient requires no central authority, but the story of PGP, the most popular encryption protocol, demonstrates that it will never be popular because of the burden placed on users.
“Securing Email” is a longish read but rewarding, giving a clear and comprehensive account of the history of each major attempt to improve the security of email, analysis of why those attempts failed to gain more extensive support, and synthesis of potential solutions that draw on the lessons learned. The paper should be essential reading for anyone wanting a decent understanding of how to secure electronic communications and the barriers that get in our way. The authors cogently explain how different users have different security and privacy objectives, and why this leads to clashes when anyone proposes a universal enhancement to email. Put simply, there is no one-size-fits-all solution for email security. There are competing objectives instead, and gaining an appreciation of the tensions would help anyone to understand conflicts when making decisions about comms security and privacy in other contexts too.
It is worth ruminating on the authors’ observation that conflicting human priorities pose more of a security challenge than technological mastery. As they put it:
Those affirming the view that all secure email products should allow warranted law enforcement access by design should never be expected to agree with the traditional supporters of end-to-end encryption. Email service providers and organizations placing high value on malware and spam filtering methods that require plaintext access are also implicitly opposing (current) end-to-end encryption technologies, whether or not they are philosophically opposed. Ironically, even those favoring end-to-end encryption might put up road-blocks due to their own internal divisions; e.g., on whether S/MIME is better than PGP or vice-versa.
“Securing Email” can be found on the Cornell University Library Website; see here.