Feeds

back to article The secure mail dilemma: If it's useable, it's probably insecure

The sudden closure of two secure email services may cause many privacy-conscious people to begin looking for alternatives. However, security experts warn that any service provider may be put under pressure to comply with authorities, and this might kill off secure mail as we know it. Lavabit's Levison: No more palaver, I'm …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

PGP is simple enough

There are numerous ways of sending anonymous or encrypted messages using PGP on the desktop... the most obvious one being PGP-encrypted text attachments (from a one-time free webmail addy for poor-man's anonymization if needed).

Of course if you want good security/anonymisation, then you probably want to avoid email altogether. Person-to-person communication is very difficult to secure, the dropbox approach (as in spy flicks, not as in the cloud storage company) is probably better. Put your secrets in a public place, encrypted well enough that only the intended recipient can decipher it. Usenet is quite good for that as it's decentralized and hard to monitor, but it's kinda fading out, drowned by the paid-for-by-ads "free" web services...

2
0
Silver badge

Re: PGP is simple enough

But it is a little impractical for all employees of Airbus to meet on the same park bench in Brussels everytime they want to discuss something without it being copied to Boeing.

12
0
Anonymous Coward

What is needed...

Is a system where the individual holds the keys to his or her email. Second, the ability to use all forms and strengths of encryption and not just those that are officially approved. Most packages today only use AES which I simply do not trust given the DES debacle.

I am sorry to see Silent Mail go the way of the DoDo, but they should have waited until they were served and then done a Lavabit style Mea Culpa before turning off the pipes.

“They who would give up an essential liberty for temporary security, deserve neither liberty or security”

Benjamin Franklin

1
0
Silver badge

Re: What is needed...

The problem is that they did have the keys - so waiting to get a court order would have meant turning over all their servers to the Feds and then shutting down.

This way they get to wipe them before the men in dark glasses arrive.

8
0
Anonymous Coward

Re: What is needed...

Most packages today only use AES which I simply do not trust given the DES debacle.

What about AES is untrustworthy? It is by far the most scrutinized and tested symmetric encryption standard. And besides, other encryption systems like Blowfish etc, have implmentations avilable in most programming languages, if for some reason you prefer them.

The only way your AES encrypted files will be "got" by anyone, including the NSA, is if you or whoever you trusted with your encryption did a poor job of implementing it. And sad to say, that is probably a lot of applications, programs, websites.

7
0
Pirate

Re: What is needed...

It's not just the encryption, it's the metadata the NSA values because that maps the organization for you. One needs a method to at least complicate the that part as well.

What is needed to to at least help obfuscate the connections would be to do something like the following: Have an email client that automatically encrypts the message, splits it into N pieces, emails those N pieces out via N email addresses hosted by N independent email providers to the true recipient's M email addresses (M <=N) also hosted at M independent email providers, the recipients email client gathering those N email sub-messages, assembling the intact original encrypted email message, and decrypting the original encrypted email message.

0
1
Silver badge

Re: What is needed...

"The problem is that they did have the keys"

Any key-based system is vulnerable to direct attacks that either steal the keys, or force the key owner to release them through physical and/or legal intimidation.

So it doesn't matter how good your encryption is if your device has a back door or you can bullied into handing over the keys by a court order.

Truly secure encryption would:

1. Use something other than personal email, so there's as little evidence as possible that communication is taking place

2. Not use keys or pass phrases known to any user, or copyable by any digital or physical method

3. Limit device access to authorised users, with secure identification.

There are a lot of different options in this space, some more obvious than others.

The NSA should worry that all they've done is forced comms to innovate out of their reach.

1
0
Silver badge
Big Brother

Re: What is needed...

Why not use something bittorrent like?

encrypt the message, make it part of the "global message list" (for the sake of the list not getting TOO long, we say a message is only on the list for a week. Messages can be posted to the list by anyone. Each message is encrypted by the recipient's public key, then the message goes to EVERYONE.

Only the recipient can view the message. there is no header to trace who the message was going to. noone can read the contents.

It's not the most efficient way to handle the matter, but it should resolve both content spying and metadata spying.

1
0
Pirate

Re: What is needed...

Or a dynamic peer-to-peer network analogous to a torrent.

0
0
Bronze badge

Re: What is needed...

"The problem is that they did have the keys"

That is one thing that El Reg's article gave me heartburn over, their need to pull things out of their asses, rather than consider that metadata and plaintext would be available, as Snowden did leave computers home when he fled the US. Knowing him, he left his private keys on some or all of those machines.

(Yes, I met him. He was and is a prima dona and barely competent as an administrator, but sucked at securing systems quite badly.)

"This is all complete guesswork on our part and all we know for sure is that Lavabit shut itself down to avoid complying with something it found intolerable while it takes its case to the Fourth Circuit Court of Appeals."

0
2
Anonymous Coward

Difficult to see what the problem is here ...

the first rule of secure communication is to assume the channel is compromised. That's why you no only encrypt but encipher too.

By all means, let the opposition read my communications in the clear. If they can work out that

"Did shopping yesterday, so as to have time to mow the lawn today. Hope your BBQ went well, sorry we missed it, but looking forward to seeing you for Sunday lunch."

actually means

"Location 51.092010/-0.196709-Time 15:00 BST-1st Floor gents toilet"

then all the best !

2
6
Silver badge

Re: Difficult to see what the problem is here ...

That works if you are deep in enemy territory trying to just get the single word "tinker, tailor, soldier or spy" out.

It's trickier if you are trying to run a non-US multinational, a political party, a group opposing an oil pipeline or anything else that is considered an enemy of the state.

6
0
Anonymous Coward

Re: Difficult to see what the problem is here ...

Though of course if you oppose a keystone oil pipeline then you are part of the state and not considered an "enemy", for now anyway, at all.

Plus for a significant proportion of those who comment here it would appear that they would regard Republicans as enemies of the state and deserving of surveillance anyway, as do multi-national companies that don't (according to them) pay their "fair share" of taxes.

1
2
Silver badge

Re: Difficult to see what the problem is here ...

In the land above the land of the free you get to be on your glorious leader's new enemies list if you somehow doubt the wisdom of building bitumen pipelines through seal sanctuaries.

1
1
Coat

Re: Difficult to see what the problem is here ...

There are no gent's toilets there, unless you want to nip into the woods at the back. Maybe you meant to say the BBQ was actually on a Saturday?

0
0
Bronze badge

Re: Difficult to see what the problem is here ...

The woods are nature's gent's toilet.

Also bear's toilet, or so I've heard.

1
1
Anonymous Coward

RFC:

I wonder if some sort of P2P arrangement would work, maybe fido over TOR?

It seems to me that in order to stop spam and encourage people to run the servers some sort of payment might be in order - if a protocol could be constructed that required a small exchange of BitCoin between the Sender, intermediaries and the receiver this would provide incentive to support infrastructure and effectively destroy the spamming business model.

If it were possible to know that a number of servers were run by different groups, they message could be XOR'd with a random binary sequence and a third sent to each server - not enough for any one party to even think about dencrypting the content but with an inherent back up in the event of a server failure.

Any open source programmers out there fancy having a stab at it?

0
0
Anonymous Coward

Didn't MS suggest something similar a while back ?

I vaguely recall they suggested paying for email as a way to kill spam. Say a cent per email ?

That said, even when junk mail costs to physically print and post, there still seem to be floods of it, so I wouldn't actually have any confidence it would stop spam.

1
1
Silver badge

Sounds like you have a hammer

That problem looks awfully like a nail from where you stand, I gather. That's an extremely convoluted scheme with a number of accidents waiting to happen. BitCoins are going to put off a lot of people; piggybacking on TOR actually makes the potential vulns add up. TOR was built to be somewhat-synchronous, which is good for surfing but is a hindrance when it comes to mail-like activities. And XOR? C'mon.

There is a thing currently being developped, called GNUnet, which is supposed to be a secure and anonymous P2P protocol with messaging capability built in. Maybe that's closer to the mark. It's embryonic for now, but who knows? There are also other asynchronous networks (freenet and the like) that have working messaging systems; I'm told FMS works quite well, for example. These networks are content-agnostic and have peer caching built in (it's their operation model actually: each peer stores a bit of the whole network, which becomes entirely decentralised), which makes them exactly what you want to build by bolting fido onto TOR, only better (built-in is always better that bolt-on).

In any case with the use of asymmetric encryption the need for spam mitigation is less evident. You encrypt for one specific recipient, meaning that you cannot just fire off one message with 2.76 gazillions of recipients and let the backbone cope with the strain: you actually have to encrypt your message 2.76 gazillion times and send them separately; much more costly. There may still be spam (there probably will) but probably much more targeted, much lower volume. So much less of a hassle.

3
0

Might be better to join an existing project

Keep an eye on the PRISM Break site for suggestions for alternatives. Bitmessage is working on an approach that is a similar to what you describe. I am sure there are others as well.

1
0

Re: Sounds like you have a hammer

"[B]uilt-in is always better tha[n] bolt-on"

Hear, Hear!

Perhaps this series of events will prompt a whole change in the way people think about the systems they put to work for them. Hopefully, everyone will finally give the aphorism that built-in is better than bolt-on, together with the end-to-end dependability concept, the respect they deserve.

I won't hold my breath, though.

1
0
Bronze badge

It's called a one-time pad

"... they message could be XOR'd with a random binary sequence and a third sent to each server - not enough for any one party to even think about dencrypting the content but with an inherent back up in the event of a server failure."

One-time pads are unbreakable. I used them while I was in the Army. Imagine Alice burns a DVD full of random data. She sends a copy of that to Bob through USPS registered mail in a secured container. (USPS registered mail is good enough for official secret documents, and is placed under secured storage while in USPS transit.) When Alice sends something to Bob, it's XORed with data on the DVD. After a while, both Alice and Bob destroy their DVDs and Alice sends Bob a new DVD.

As for open source, the problem isn't the services, it's the governments' demand to view the users' data. Where can the data go where a business can thrive? What country absolutely allows private encrypted data to remain private? Any in the first world? Any in the third world? Would you want to be part of a distributed network, which means that at any time government agents could burst in and seize your computer?

0
0
Silver badge

Re: Sounds like you have a hammer

"built-in is always better that bolt-on"

There's a big problem with a built-in, though. What if the built-in BREAKS? Like a digital wristwatch whose reading light goes out. Now you can only see it in daytime unless you use an external light. At least with a bolt-on you can always bolt OFF if it breaks and bolt something else on.

1
1

Re: Sounds like you have a hammer

"There's a big problem with a built-in, though. What if the built-in BREAKS? Like a digital wristwatch whose reading light goes out. Now you can only see it in daytime unless you use an external light. At least with a bolt-on you can always bolt OFF if it breaks and bolt something else on."

Not in this case. Since qualities like security, reliability and performance are what you might call system attributes, you need to consider those properties quite early in the system's life (like during the concept and design phases). The system will never exhibit a quality if it was not specifically and deliberately included during the system's design - no matter how the system is finally implemented. Worse yet, there is no component you may later bolt on to the system that will cause it to exhibit that quality.

Of course, once the specific property is included in the system design, the design may specify that the system will have a modular structure, that would allow the system's various functions to be implemented via removable components. Nonetheless, a system _function_ is not a system _attribute_, and neither is equivalent to the system's structure. Replacement or failure of a component in a system with modular structure, may invalidate a system attribute; but if the system never had the attribute in the first place, no component will grant the system that attribute. That is particularly true for qualities like security or performance.

1
0
Anonymous Coward

Re: It's called a one-time pad

"As for open source, the problem isn't the services, it's the governments' demand to view the users' data. Where can the data go where a business can thrive? What country absolutely allows private encrypted data to remain private? Any in the first world? Any in the third world? Would you want to be part of a distributed network, which means that at any time government agents could burst in and seize your computer?"

Yup.. that's more of less the problem!

Once-up-on-a-time government agencies had to get a warrant to open our post or tap or phone line, but we've been sleep-walking in to a surveillance society for the last 10-15 years or so... when did the "state" get the automatic right to see *everything* and without a *warrant*.

Why have we got PRISM and other communications intercept programs?

Why do we need an automated "drag net" of surveillance?

What happened to "evidence lead policing"?

Why do we need draconian measures like the NSA Security Letters, and provisions in the RIPA that gag us? Why do we have to go to jail for refusing to give out a crypto key?

What the hell is wrong with our governments and the state?

Perhaps PRISM and the like will serve (finally) as a wake-up call to us all?

G

2
0

Re: Sounds like you have a hammer

"[B]uilt-in is always better tha[n] bolt-on"

And that is why I use TrulyMail for secure messaging. It doesn't use add-ons and skips email servers altogether. It does use their servers (it's not peer-to-peer) but at least it's all encrypted on my desktop before being sent to their servers (and decrypted on the recipient's desktop).

End-to-end? Works for me.

0
0
Bronze badge

Re: Sounds like you have a hammer

GNUnet, a new version of Freenet? ;)

Seriously though, one could always own one's own encrypted server, with keyserver for public keys. With an encrypted filesystem out of one's own domicile.

First, they'd have to get your key to unlock the filesystem. Then, have to get assorted other keys from you.

Which is where you typically are at anyway, as if you know your key, they can attempt to force that key out of you.

Indeed, as I recall TrueCrypt offered a duress key and a real key just go avoid such unpleasantness. Briefly.

Still, just to twig their nose, I've taken to sending encrypted e-mails to my wife when she's upstairs on her computer.

2
0
Bronze badge

Re: Sounds like you have a hammer

"Not in this case. Since qualities like security, reliability and performance are what you might call system attributes, you need to consider those properties quite early in the system's life (like during the concept and design phases)."

Then, one has to wonder if a government demands a backdoor be installed into the system, at a system level, by the software vendor.

One recalls Windows source code with "NSA hooks" from some years back...

0
0
Anonymous Coward

Re: Sounds like you have a hammer

"Indeed, as I recall TrueCrypt offered a duress key and a real key just go avoid such unpleasantness."

Still does, sort of, as you can use hidden containers within other encrypted containers allowing you to reveal the outer container and keeping the bit inside a secret.

0
0
Anonymous Coward

Looks like Mixmaster is still working for Quicksilver users. There are a lot of new messages every day on alt.anonymous.messges.

0
0
DJO
Bronze badge

Secure messages

How about a system where you write or print the message onto some ephemeral material such as paper then wrap that in some form of sealable package which is then delivered by a trusted third party in exchange for a small fee, it might take a day or so but if the package is well sealed any tampering would be evident.

It's novel but it might just work.

0
2

Re: Secure messages

And, of course, the Security Services never were in the business of clandestinely intercepting, opening, reading/ copying, re-sealing and sending on the type of instrument you describe. And your 'trusted third party' would never cooperate in such activities (even at the direction of the State). Ever. Like, never-ever.

Right?

http://www.aarclibrary.org/publib/contents/church/contents_church_reports_vol4.htm

Oh....

The Idiot

1
0

Re: Secure messages

Read : The Defence of the Realm by Christopher Andrew..

1
0
DJO
Bronze badge

Re: Secure messages

Read "Spycatcher" and what he has to say about envelopes sealed with sellotape.

0
0
Bronze badge

Re: Secure messages

"How about a system where you write or print the message onto some ephemeral material such as paper then wrap that in some form of sealable package which is then delivered by a trusted third party in exchange for a small fee, it might take a day or so but if the package is well sealed any tampering would be evident."

And one ponders sealed orders that misdirected Nazis during WWII, where the sealed orders were planted on a deceased man in uniform by British forces.

Later to receive the envelope back intact, but the message had been rolled, removed, copied, re-rolled and reinserted and unrolled into the envelope.

Worked well, as I recall. Pulled the wool well and truly over the Nazis eyes.

0
0
ql
Bronze badge

Submitting to their appetite for data

Surely the issue is not the absolute unbreakableness of any given message, which few would expect ever to be possible. Rather, it's to ensure a reasonable level of non-snooping. RIPA etc can already legally compel us to hand over the keys to decrypt any given message, but does not (yet) say that you are not allowed to send encrypted data in case the snoopers want to index your traffic. In other words, if the snoops are interested in something, they can ask ^H^H demand it, so why simply roll over and say, "oh well, you really want all my data so here it is." Sod 'em. We should be making it as difficult and expensive as possible for these rabid snoops to do this morally reprehensible routine and blanket surveillance.

0
0
Bronze badge

Re: Submitting to their appetite for data

Or more generally, security is not a binary value, there are many categories of threats, and sometimes mitigating some threats is valuable even if other threats still exist.

Really, both the article and most of the discussion are remarkably naive and unrealistic. If you're personally targeted by the State, secure email is not going to make you bulletproof. But it does remove attack paths and increase work factors for other threats, such as mass data collection, amateur WiFi snooping, and the like.

If someone wants to steal my car,1 lack of an ignition key and locked doors are not insurmountable barriers. But they're enough of a hassle to make it a much less attractive proposition than if, say, I just left it running with the doors open all the time.

1This is purely hypothetical. My car is old enough to drive itself, and wasn't any good when it was new. Walking is usually a better alternative.

0
0
Gold badge
Flame

NB EU Date Retention Directive Made In Britian

In the wake of the Madrid rail bombings and not supported (or asked for) by the Spanish, despite their long history of fighting the ETA, perhaps because they knew what a real fascist dictatorship feels like.

Another little present from those wonderful civil servants at the Home Office.

Thank you so verymuch.

It seems if you want privacy and personal freedom destroyed electing an (allegedly) socialist government run by a lawyer is a pretty good idea.

3
0
Anonymous Coward

Re: NB EU Date Retention Directive Made In Britian

It should be noted, by the way, that the data retention directive has been resisted by a number of countries. Notably in former "Eastern Bloc" countries it has either not been implemented, or it has been enacted into law (as a way to feign compliance with the EC) only for it to be struck down by the courts, at least in one case at the lawmakers own request.

0
0
Silver badge

Thunderbird+Enigmail?

How well does this combination solve the problem? Aren't the public/private key pairs totally under the user's control, with no decryption keys held on anyone else's server?

1
0
Silver badge

Re: Thunderbird+Enigmail?

The problem is that they still know it comes from you. They suspect you and bring you in. Bring in the rubber hoses or (in Britain's case) the threat of a mandatory two-year sentence, not to mention the black mark on your record.

Sounds almost like a Catch-22. How can you prove to Bob you're Alice while at the same time not allowing Gene or Mallory to know that? And Alice has no way to meet Bob personally?

1
0
Silver badge

Re: Thunderbird+Enigmail?

I guess it depends what you want out of it. If you want your communication to be totally secure such that even the fact of the communication is hidden, then you're going to be very interesting to certain people and will have to work hard at it.

I submit that most people don't need that level of secrecy - what they need is simply an enhanced level of privacy. My own point of view is that I don't expect to be able to hide the fact that I'm talking to someone, but I do have the right to ensure that the communication is as private as possible.

2
0
Bronze badge
Boffin

Re: Thunderbird+Enigmail?

"Sounds almost like a Catch-22. How can you prove to Bob you're Alice while at the same time not allowing Gene or Mallory to know that? And Alice has no way to meet Bob personally?"

If you do think of a solution, let everyone know won't you. That one's been bothering cryptographers for years.

The closest to a solution is practically a motto; Eventually you have to trust someone, choose well.

2
0
Anonymous Coward

Re: Thunderbird+Enigmail?

One solution in encryption + steganography + posting in a public place.

If you encrypt a message, insert in a jpeg, then post it on 4chan from a public connection, it's pretty much the equivalent of a dropbox. If your jpeg was something people wanted, then you'd get a lot of random downloads as well.

0
0

Re: Thunderbird+Enigmail? @Phuzz

So, what if you were to have a distributed "caching" server. You upload it with the intended recipient after using their public key and some extra information through in there for a little bit of entropy, including the information that contains the location of the content of the message (2 seperate parts that can be sent at different times*).

After that you are able to successfully process the message and validate you are the correct recipient the server will send you the encrypted message. When your local client receives it, you can delete it.

That way the body of the message is seperated from the content making it harder to get messages for a specific person, and only that person can receive the message.

You could have multiple levels of encryption between and for the messages.

*I am not sure how you could send the recipient first if it is to include where the content is located. The message could be sent first then later the recipient, even over seperate channels/proxies and could even break up the messages into multiple and each contains reference to the other.

If someone creates this, please, atleast give me a free account.

0
0

PGP email

PGP works fine, but with email, only encrypts the body of the message and attachments.

The fly in the ointment is the severe problem that using standard SMTP to exchange email, the subject and to/from (in fact all the headers) are in plain text rendering a lot of snooping (who are you talking to, how often and what about) completely open.

Email needs re-architecting and probably needs to move away from SMTP altogether to make traffic analysis and web-of-correspondent tracking hard to do. At the same time one might as well incorporate other messaging types to include text, voice and video messaging all in the one encrypted package. At the very least everything needs to be encrypted and not to leak information if someone happens across / intercepts the whole message or its parts.

As far as I'm aware even PGP/GPG encrypted messages will yield up the key ID of the person they are encrypted to, allowing interception to perform at least some analysis of correspondent webs, but there may be an option to turn that off.

Thunderbird and Enigmail work very well and actually take very little effort to set up and understand, if all you care about is confidentiality of the message body. But watch what you put in the subject line!

A root-and-branch look needs to be taken at this, as sticking plaster solutions aren't going to work. PGP is probably an important component but the protocols, key exchange and transport mechanisms need serious work to keep the bastard's noses out of private correspondence. And they aren't going to like it.

2
0

Re: PGP email

Completely agree. Security is a _system attribute_ not a component you can bolt on or otherwise retrofit.

0
0
Anonymous Coward

Re: PGP email

Easy fix: screw the headers and SPAM!

Say I want to send a message to jsmith@microsoft.com. Take jsmith and encode it with a key.

Then encrypt your message with a different key.

Send your message to a mailing list full of servers. (encodedname)@servername.domain

Most will reject it, as should your intended recipient. But the intended recipient then periodically scans his junkmail/rejected mail lisy for anything that decrypts to his name-or some other identifier- using a known key or set of keys.

throw in a bit of obfuscation- stenography, splitting up parts of the cyphertext, etc and suddenly the NSA has to invest massive resources in ALL spam to have a chance of finding your message. Throw in a couple of intermediary machines to throw off a routing analysis and suddenly their job becomes nigh-impossible again.

0
0
Silver badge

grrr

I am glad the NSA is doing this (sarcasm). After all its more important to archive all information on US citizens that to actually respond to terrorist threats even when another government tells us clearly who our terrorists are (Boston Bombers). When in doubt to change the conversation call for a month long vague orange alert.

1
0
Silver badge
Thumb Up

Re: grrr

On some level I am actually glad the NSA is doing this. Since the investigation of Phil Zimmierman in the mid-90s I haven't heard so much caring about encryption or secure communication.

It's awesome in that we are now talking about what we have to do to prevent statistical metadata attacks. That discussion wasn't even on anyone mind a year ago.

1
1

Page:

This topic is closed for new posts.