Trusting Email

It appears that DCU has made a decision to use Google for internal email. Which is fine as long as you don’t mind that the American National Security Agency may be regularly trawling through your emails for its own purposes.

For the techno-politics of all this, follow Bruce Schneier’s Blog

http://www.schneier.com/crypto-gram-1308.html

(Wouldn’t it be great if in this country we had technical journalists of this calibre?)

With good old fashioned email, emails were supposedly stored on a server until the user downloaded them to their own hard disk, where they would be relatively safe. While residing on the server they were of course vulnerable, and in fact there is no guarantee that the Internet Service Provider will permanently delete them – indeed they may be bound by law to store them for a minimum period. So chances are that that angry email you sent 10 years ago is still out there somewhere.

Web based/Cloud based email is just so convenient. You can pick it up from anywhere, on any device. The downside is that your emails, all of your emails, are out there in the cloud forever and accessible to the Cloud owner. That cloud owner can read your emails out of idle curiosity, or to make it easier to target you with advertisements, or to detect and delete Spam on your behalf. Or on foot of a warrant, they must of course obey the law of whatever land they live in and make your emails available to a lawful authority.

But what if you really want to keep your emails private? Well you are at liberty to try and do that, but be warned – it is not so easy. You may encrypt your emails yourself before sending them, but that means you have to look after cumbersome cryptographic keys. Or your cloud provider may encrypt your emails for you and also offer to manage your keys on your behalf. However as a colleague of mine has succinctly put it – Keys + Data = Trouble. A government agency can at any time, using a valid warrant, insist that the individual or the cloud provider hands over the crypto keys to enable it to decrypt your emails. In the latter case you may not even know about it.

Note that we are talking here about an eavesdropper who is trawling through bulk emails, or who may have little technical ability but still wants to look at your emails. What we call passive attacks. If a serious National Security Agency is targeting you in particular, then there are a multitude of active attacks by which they can get at your data, by hacking into your computer, and generally exploiting a raft of increasing aggressive and invasive tricks of the trade. There is no real defence against that.

As a cryptographer you might expect me to come up with solutions that work against passive attackers. So I will try.

Perhaps the University should set up its own private cloud based email system. Surely we can trust University authorities not to pry into our email. Think again.

http://www.thedailybeast.com/articles/2013/03/12/harvard-snooping-on-employee-emails-without-asking-is-no-shock.html

Let’s face it, if they can, eventually they will.

Another idea is to use good old PGP to encrypt our emails. PGP uses classic tried and tested Public Key Cryptography. It’s been around for a long time, analysed in depth, and its security is a given at this stage. One of the most mature products is Hushmail.

www.hushmail.com

Also gnuPG is very good - the Germans apparently like this a lot. The learning curve is a bit steeper.

http://www.gnupg.org/

However it is quite awkward to use. You have to remember or somehow keep secure a long complicated passphrase – a short password will not suffice.  And your recipient has to sign up for it before you can send them an encrypted email. So if they are not as least as paranoid as you are, it is not going to work.

A newer idea from Cryptography is to use so-called Identity-Based Encryption (IBE) for email. This has been pioneered by Voltage, an American company

http://www.voltage.com/products/securemail/

Using IBE you can encrypt an email to a colleague without prior arrangement with them, and they then will have to go and get a secret key to decrypt it. Which they will probably do out of sheer curiosity if nothing else. However these secret keys must be issued by a trusted third party, and if they are coerced they can reveal the keys. Sigh.

So it turns out that securing email in a way in which you don’t have to trust anyone except yourself is a very hard problem. And just who can you trust? The problem is that emails must be stored somewhere in an encrypted from, and so there must be a cryptographic key to decrypt it, and that key must in turn be managed and protected. Somehow.

Another problem with email is the so-called meta-data. Email leaves a trail behind it, and so is easily subject to what used to be called traffic analysis as it passes through the internet. Here the attacker is interested in who is talking to who, when and from where, rather than necessarily in the content of the email. An encrypted email still has a recipient which obviously cannot be encrypted, or else how can it be delivered? The answer to this is anonymity, and the solution is Tor - https://www.torproject.org/ . Apparently it is very popular with criminals…

In fact Instant Messaging (a peer-to-peer application where nothing is stored long-term except on your own computer) is a much better medium for secure communication than email. Here we can deploy cryptographic techniques such that after the communication has completed, there are no keys left behind. Such systems can easily be made “forward secure”, so that even if your encrypted communication is recorded, they is no way anyone can subsequently decrypt it, as the keys used were ephemeral and were never known to anyone. You can’t access the keys even with a warrant if no keys exist.

These arguments are well made here

https://silentcircle.com/

who market some nice “Instant Messaging” type products (this is from the same people who invented PGP – so it has a good pedigree). Note that they have recently abandoned their secure email product for the reasons outlined above.

So can I offer anything better? The solution is I suspect to confront that issue of trust head-on. You are going to have to trust some-one. So why not distribute that trust? The idea is simple – devise a system whereby your emails are shared among n entities such that all n of them need to be subverted to reveal your email. Imagine a cloud based email provider which distributes your encrypted emails among 10 different servers in 10 different jurisdictions. To decrypt your email an attacker needs to serve warrants in 10 different countries with 10 different legal systems. 9 out of the 10 may betray your trust but it just takes one hold-out and your data is secure. For some interesting research into this kind of solution keep an eye on http://www.dyadicsec.com/ .