Saturday, October 5, 2013

RIP Secure Email

Last month, as you may know, two American providers of secure email services exited the business.   In announcing his company's "corporate suicide," Lavabit's founder said:
"I feel you deserve to know what's going on – the first amendment is supposed to guarantee me the freedom to speak out in situations like this," Levison wrote. "Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."
This kind of language has stimulated a wide round of hand-wringing at this latest example of the assault on privacy.  Many have suggested that a key to email privacy, in the new world order, is to avoid using service providers that have any physical ties to the United States.  But is this kind of extreme reaction justified?

I'll argue that it isn't, not because the problem isn't real but because there are no useful solutions.  I have no doubt that it's a horror show out there; in fact, I believe that the situation is far worse than the most doom-and-gloom commentators have been saying it is.  Those commentators fear that privacy is in mortal peril, but I would argue that privacy is no more endangered than a week-old roadkill carcass.  It's been dead long enough that you really should have noticed by now that it's beyond further harm, and is best spoken of only in the past tense.

For starters, email never was private to begin with.  The earliest email systems were only as secure as the administrative login on a mainframe.  Networked email was even less secure, vulnerable as it was in transit to eavesdropping and alteration.  While there have been occasional developments that seemed to move the momentum back towards privacy, such as S/MIME, PGP, and services like Hushmail, Silent Circle, and Lavabit, it must be said that these have been almost complete failures.  Their security improvements have always been offset by reduced convenience, a fatal tradeoff on today's Internet.  As I've often said, users want security at any price, so long as it's free.  And when a service like Lavabit was finally getting a bit of traction on the technical side, it was totally subverted by the hidden hand of the security state.

We can and should continue to assert the need for a secure email system, but we ought to recognize that, with few exceptions, we've never had one.  Email as we know it simply should not be used for genuinely sensitive information.  Instant messaging, when used with suitable transport encryption and no message retention, is a rather better bet for would-be conspirators, but not for anyone who wants to keep records.

It seems likely to me, however, that the essence of email service includes qualities that are fundamentally incompatible with security in today's world.  Email users are accustomed to being able to communicate easily with anyone, to retain messages for as long as they like, and to allow company monitoring of corporate email.  Each of these requirements is a significant roadblock to true privacy.

Nor should you get your hopes too high about the nationality of a provider.  It is probably true today that you could use a service in another country without the US government being able to see your data -- if you are lucky enough to choose a country that doesn't have any secret arrangements with the US.   But even then, as more people do that, how long will it take before it's made illegal to use services outside the reach of US pressure?

There are still ways to communicate secretly.  If you're planning a corporate takeover, an extramarital affair, or a heinous act of terrorism, you can find ways to use the various communication tools of the modern age to protect your plans from prying eyes.  It's just that you have to work much harder to do it, so you aren't likely to do so over small matters, which means that minor embarassments will be revealed far more often that major crimes.  (And, tragically, every evidence of strong privacy will be seen as suggestive of a possible crime.)

Email is like a crowded train station.  Most of what you say won't get noticed by anyone else, but you never know if you're standing next to a listening device or a human eavesdropper.  I'm afraid that either we shall all be living our lives in a state of constant fear, or we will have to dispense with secrets altogether.   The best response to the loss of privacy may be the growth of tolerance, so that fewer secrets will need to be kept in the first place.


  1. I argue that people should learn to adopt the two party privacy methodology. You don't email secrets, and the rest of the world doesn't look for them in email. A search warrant should be enough, based on reasonable suspicion. But to get there, we maybe have to go through rocky times.

  2. I'm just going to leave this here...

  3. But what if you want to be heard? It seems to me that the contrived fears of the financial-political complex have created a civic tragedy of biblical provenance. This foolish and senseless security state has eyes, but does not see; has ears, but does not hear; noses, but does not smell; intelligence, but does not comprehend.

  4. I have a major problem with people voluntarily wanting to communicate in private and a government that does not respect that private communication. Our founders would have exactly the same problem with any government that endeavors to prevent or witness all private communication. Today's government is Obama. It is disingenuous to say "government is spying" without admitting that "Obama is spying".

  5. I agree that whoever is currently president is spying, and that we have a right not to be spied on. I just don't think we have a practical possibiity of not being spied on. This kind of spying is like death -- the fact that it's apparently inevitable doesn't mean we shouldn't rage against the dying of the light, just that we should expect the light to die no matter how much we rage.