Private email conversations are impossible, says secure email provider

By on August 19, 2013, 8:30 AM
nsa, email, privacy, lavabit, silent circle, conversation

Louis Kowolowski, technical operations manager at the recently closed secure email provider Silent Circle, has stated that the days of private email conversations "are long over", explaning on Friday why the service had to shut down. According to Kowolowski, it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols.

The easiest part of the email to secure is the actual content, but the rest of the metadata must go unencrypted if the email is to be read by standard messaging protocols. This means that, regardless if you use a web client or a more secure desktop client, it's possible to intercept some information about an email conversation, such as the sender's IP address, to and from fields, the time of sending, subject lines, and encryption protocols used.

With this data in hand, other parties, such as a government, can easily discover who is communicating and how often. Kowolowski says this information "may be just as damaging as the content of the email. For example, a freedom fighter working in an oppressive country, trying to get the word out."

Silent Circle closed down its email service as a precautionary measure earlier this month, as they could no longer promise complete privacy to their users. The move followed the closure of Lavabit, a similar service used by former NSA contractor Edward Sowden, who famously leaked the NSA's controversial PRSIM data collection program.

Although Silent Circle no longer provides a secure email service, they still have faith in other forms of secure communication, including phone, text and instant messaging. With services such as Silent Phone and Silent Text, it's much easier to secure all communications end-to-end, rubbing out any possibility of unencrypted metadata interception.




User Comments: 14

Got something to say? Post a comment
2 people like this | Lurker101 said:

it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols

I can't be the only one who instantly thinks "well develop new protocols, then". If it means you have to develop new client software instead of having it browser accessible, go ahead. There will be a big enough market in this climate to make it financially viable.

Guest said:

Whoooooooo CARES!!??!?!

If you dont want the Government to monitor your emails, DONT EMAIL STUFF YOU SHOULDNT BE!!!!

If you are doing something illegal, You Deserve To Be Caught!

1 person liked this | cliffordcooley cliffordcooley, TechSpot Paladin, said:

Whoooooooo CARES!!??!?!

If you dont want the Government to monitor your emails, DONT EMAIL STUFF YOU SHOULDNT BE!!!!

If you are doing something illegal, You Deserve To Be Caught!

And everyone deserves to pay higher taxes, so that a large department of people can monitor everything everyone does. Meanwhile hardly anyone gets caught, especially the ones that are causing the most harm. Sheesh give me a break with the BS.

jobeard jobeard, TS Ambassador, said:

it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols

I can't be the only one who instantly thinks "well develop new protocols, then". If it means you have to develop new client software instead of having it browser accessible, go ahead. There will be a big enough market in this climate to make it financially viable.

The assumption that's necessary to "keep compatibility with existing protocols" is the problem.

Keeping compat does allow the meta-data problem discussed in the article. Tossing compat and we would get a better, faster, secure and more private email system. The email client solution would not be so difficult, but adoption by the Internet and rollout time/costs would be excessive. IMO, the web-based email access would be fare more difficult as the server side changes would be more complicated than the client side.

Now you know WHY there has not been a new email protocol favoring security.

4 people like this | davislane1 davislane1 said:

Whoooooooo CARES!!??!?!

If you dont want the Government to monitor your emails, DONT EMAIL STUFF YOU SHOULDNT BE!!!!

If you are doing something illegal, You Deserve To Be Caught!

I've always found it hilariously ironic that people who feel the right to privacy is little more than trivial frequently publish their view under 'Guest'.

Guest said:

Well... meteors are coming our way anyways so ...

MilwaukeeMike said:

The easiest part of the email to secure is the actual content, but the rest of the metadata must go unencrypted if the email is to be read by standard messaging protocols. This means that, regardless if you use a web client or a more secure desktop client, it's possible to intercept some information about an email conversation, such as the sender's IP address, to and from fields, the time of sending, subject lines, and encryption protocols used.

So create an email address called YahooDailyDeals12561@yahoo.com and make your subject line 'New Items on Sale!!!' then send it from some free wifi or public library PC. If you're that serious about privacy then take some extra precaution.

Mortalife Mortalife said:

Why doesn't somebody create a messaging system that works the same way that Bitcoin does? Sure it will still have some issues but as far as my knowledge of bitcoin goes, it could work pretty well..

amstech amstech, TechSpot Enthusiast, said:

If its online, its accessible.

Logic Overflow said:

If its online, its accessible.

I have to agree with this statement. If you want to keep things private, keep it off the internet. If you want to keep items 100% private on your computer, throw a whole disk encryption on there and never connect it to the internet... you can even go as far as removing the LAN port and Wireless chipset.

Guest said:

The idea is to minimize what the government can monitor. The fact that we even need to do this is ridiculous. We're suppose to have a right to privacy. Bogus loopholes, and then the people who mindlessly support anything our government does. "It's for our protection" ... No.

"Those who surrender freedom for security will not have, nor do they deserver, either one."

-- Benjamin Franklin

Darth Shiv Darth Shiv said:

it's simply not possible to encrypt all the information sent by an email and keep compatibility with current protocols

I can't be the only one who instantly thinks "well develop new protocols, then". If it means you have to develop new client software instead of having it browser accessible, go ahead. There will be a big enough market in this climate to make it financially viable.

Yes agreed. It is not rocket surgery.

Darth Shiv Darth Shiv said:

If its online, its accessible.

Accessible doesn't mean readable though.

Guest said:

"Accessible doesn't mean readable though."

Well maybe if we lived in a world where the internet was simple and reading the contents of an email was the only issue... maybe. Also, anything is readable if it's readable in the first place. Any algorithm we use today can be hacked. ANY ALGORITHM. Maybe not practically, but that maybe DOES go both ways.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.