back to article The secure mail dilemma: If it's useable, it's probably insecure

The sudden closure of two secure email services may cause many privacy-conscious people to begin looking for alternatives. However, security experts warn that any service provider may be put under pressure to comply with authorities, and this might kill off secure mail as we know it. Lavabit's Levison: No more palaver, I'm …

COMMENTS

This topic is closed for new posts.
  1. ElReg!comments!Pierre

    PGP is simple enough

    There are numerous ways of sending anonymous or encrypted messages using PGP on the desktop... the most obvious one being PGP-encrypted text attachments (from a one-time free webmail addy for poor-man's anonymization if needed).

    Of course if you want good security/anonymisation, then you probably want to avoid email altogether. Person-to-person communication is very difficult to secure, the dropbox approach (as in spy flicks, not as in the cloud storage company) is probably better. Put your secrets in a public place, encrypted well enough that only the intended recipient can decipher it. Usenet is quite good for that as it's decentralized and hard to monitor, but it's kinda fading out, drowned by the paid-for-by-ads "free" web services...

    1. Yet Another Anonymous coward Silver badge

      Re: PGP is simple enough

      But it is a little impractical for all employees of Airbus to meet on the same park bench in Brussels everytime they want to discuss something without it being copied to Boeing.

  2. Anonymous Coward
    Anonymous Coward

    What is needed...

    Is a system where the individual holds the keys to his or her email. Second, the ability to use all forms and strengths of encryption and not just those that are officially approved. Most packages today only use AES which I simply do not trust given the DES debacle.

    I am sorry to see Silent Mail go the way of the DoDo, but they should have waited until they were served and then done a Lavabit style Mea Culpa before turning off the pipes.

    “They who would give up an essential liberty for temporary security, deserve neither liberty or security”

    Benjamin Franklin

    1. Yet Another Anonymous coward Silver badge

      Re: What is needed...

      The problem is that they did have the keys - so waiting to get a court order would have meant turning over all their servers to the Feds and then shutting down.

      This way they get to wipe them before the men in dark glasses arrive.

      1. TheOtherHobbes

        Re: What is needed...

        "The problem is that they did have the keys"

        Any key-based system is vulnerable to direct attacks that either steal the keys, or force the key owner to release them through physical and/or legal intimidation.

        So it doesn't matter how good your encryption is if your device has a back door or you can bullied into handing over the keys by a court order.

        Truly secure encryption would:

        1. Use something other than personal email, so there's as little evidence as possible that communication is taking place

        2. Not use keys or pass phrases known to any user, or copyable by any digital or physical method

        3. Limit device access to authorised users, with secure identification.

        There are a lot of different options in this space, some more obvious than others.

        The NSA should worry that all they've done is forced comms to innovate out of their reach.

        1. Wzrd1

          Re: What is needed...

          "The problem is that they did have the keys"

          That is one thing that El Reg's article gave me heartburn over, their need to pull things out of their asses, rather than consider that metadata and plaintext would be available, as Snowden did leave computers home when he fled the US. Knowing him, he left his private keys on some or all of those machines.

          (Yes, I met him. He was and is a prima dona and barely competent as an administrator, but sucked at securing systems quite badly.)

          "This is all complete guesswork on our part and all we know for sure is that Lavabit shut itself down to avoid complying with something it found intolerable while it takes its case to the Fourth Circuit Court of Appeals."

    2. Anonymous Coward
      Anonymous Coward

      Re: What is needed...

      Most packages today only use AES which I simply do not trust given the DES debacle.

      What about AES is untrustworthy? It is by far the most scrutinized and tested symmetric encryption standard. And besides, other encryption systems like Blowfish etc, have implmentations avilable in most programming languages, if for some reason you prefer them.

      The only way your AES encrypted files will be "got" by anyone, including the NSA, is if you or whoever you trusted with your encryption did a poor job of implementing it. And sad to say, that is probably a lot of applications, programs, websites.

    3. The Man Who Fell To Earth Silver badge
      Pirate

      Re: What is needed...

      It's not just the encryption, it's the metadata the NSA values because that maps the organization for you. One needs a method to at least complicate the that part as well.

      What is needed to to at least help obfuscate the connections would be to do something like the following: Have an email client that automatically encrypts the message, splits it into N pieces, emails those N pieces out via N email addresses hosted by N independent email providers to the true recipient's M email addresses (M <=N) also hosted at M independent email providers, the recipients email client gathering those N email sub-messages, assembling the intact original encrypted email message, and decrypting the original encrypted email message.

      1. Oninoshiko
        Big Brother

        Re: What is needed...

        Why not use something bittorrent like?

        encrypt the message, make it part of the "global message list" (for the sake of the list not getting TOO long, we say a message is only on the list for a week. Messages can be posted to the list by anyone. Each message is encrypted by the recipient's public key, then the message goes to EVERYONE.

        Only the recipient can view the message. there is no header to trace who the message was going to. noone can read the contents.

        It's not the most efficient way to handle the matter, but it should resolve both content spying and metadata spying.

      2. The Man Who Fell To Earth Silver badge
        Pirate

        Re: What is needed...

        Or a dynamic peer-to-peer network analogous to a torrent.

  3. Anonymous Coward
    Anonymous Coward

    Difficult to see what the problem is here ...

    the first rule of secure communication is to assume the channel is compromised. That's why you no only encrypt but encipher too.

    By all means, let the opposition read my communications in the clear. If they can work out that

    "Did shopping yesterday, so as to have time to mow the lawn today. Hope your BBQ went well, sorry we missed it, but looking forward to seeing you for Sunday lunch."

    actually means

    "Location 51.092010/-0.196709-Time 15:00 BST-1st Floor gents toilet"

    then all the best !

    1. Yet Another Anonymous coward Silver badge

      Re: Difficult to see what the problem is here ...

      That works if you are deep in enemy territory trying to just get the single word "tinker, tailor, soldier or spy" out.

      It's trickier if you are trying to run a non-US multinational, a political party, a group opposing an oil pipeline or anything else that is considered an enemy of the state.

      1. Anonymous Coward
        Anonymous Coward

        Re: Difficult to see what the problem is here ...

        Though of course if you oppose a keystone oil pipeline then you are part of the state and not considered an "enemy", for now anyway, at all.

        Plus for a significant proportion of those who comment here it would appear that they would regard Republicans as enemies of the state and deserving of surveillance anyway, as do multi-national companies that don't (according to them) pay their "fair share" of taxes.

        1. Yet Another Anonymous coward Silver badge

          Re: Difficult to see what the problem is here ...

          In the land above the land of the free you get to be on your glorious leader's new enemies list if you somehow doubt the wisdom of building bitumen pipelines through seal sanctuaries.

    2. Nick 65
      Coat

      Re: Difficult to see what the problem is here ...

      There are no gent's toilets there, unless you want to nip into the woods at the back. Maybe you meant to say the BBQ was actually on a Saturday?

      1. Michael Wojcik Silver badge

        Re: Difficult to see what the problem is here ...

        The woods are nature's gent's toilet.

        Also bear's toilet, or so I've heard.

  4. Anonymous Coward
    Anonymous Coward

    RFC:

    I wonder if some sort of P2P arrangement would work, maybe fido over TOR?

    It seems to me that in order to stop spam and encourage people to run the servers some sort of payment might be in order - if a protocol could be constructed that required a small exchange of BitCoin between the Sender, intermediaries and the receiver this would provide incentive to support infrastructure and effectively destroy the spamming business model.

    If it were possible to know that a number of servers were run by different groups, they message could be XOR'd with a random binary sequence and a third sent to each server - not enough for any one party to even think about dencrypting the content but with an inherent back up in the event of a server failure.

    Any open source programmers out there fancy having a stab at it?

    1. Anonymous Coward
      Anonymous Coward

      Didn't MS suggest something similar a while back ?

      I vaguely recall they suggested paying for email as a way to kill spam. Say a cent per email ?

      That said, even when junk mail costs to physically print and post, there still seem to be floods of it, so I wouldn't actually have any confidence it would stop spam.

    2. ElReg!comments!Pierre

      Sounds like you have a hammer

      That problem looks awfully like a nail from where you stand, I gather. That's an extremely convoluted scheme with a number of accidents waiting to happen. BitCoins are going to put off a lot of people; piggybacking on TOR actually makes the potential vulns add up. TOR was built to be somewhat-synchronous, which is good for surfing but is a hindrance when it comes to mail-like activities. And XOR? C'mon.

      There is a thing currently being developped, called GNUnet, which is supposed to be a secure and anonymous P2P protocol with messaging capability built in. Maybe that's closer to the mark. It's embryonic for now, but who knows? There are also other asynchronous networks (freenet and the like) that have working messaging systems; I'm told FMS works quite well, for example. These networks are content-agnostic and have peer caching built in (it's their operation model actually: each peer stores a bit of the whole network, which becomes entirely decentralised), which makes them exactly what you want to build by bolting fido onto TOR, only better (built-in is always better that bolt-on).

      In any case with the use of asymmetric encryption the need for spam mitigation is less evident. You encrypt for one specific recipient, meaning that you cannot just fire off one message with 2.76 gazillions of recipients and let the backbone cope with the strain: you actually have to encrypt your message 2.76 gazillion times and send them separately; much more costly. There may still be spam (there probably will) but probably much more targeted, much lower volume. So much less of a hassle.

      1. Canecutter

        Re: Sounds like you have a hammer

        "[B]uilt-in is always better tha[n] bolt-on"

        Hear, Hear!

        Perhaps this series of events will prompt a whole change in the way people think about the systems they put to work for them. Hopefully, everyone will finally give the aphorism that built-in is better than bolt-on, together with the end-to-end dependability concept, the respect they deserve.

        I won't hold my breath, though.

        1. John 179

          Re: Sounds like you have a hammer

          "[B]uilt-in is always better tha[n] bolt-on"

          And that is why I use TrulyMail for secure messaging. It doesn't use add-ons and skips email servers altogether. It does use their servers (it's not peer-to-peer) but at least it's all encrypted on my desktop before being sent to their servers (and decrypted on the recipient's desktop).

          End-to-end? Works for me.

      2. Charles 9 Silver badge

        Re: Sounds like you have a hammer

        "built-in is always better that bolt-on"

        There's a big problem with a built-in, though. What if the built-in BREAKS? Like a digital wristwatch whose reading light goes out. Now you can only see it in daytime unless you use an external light. At least with a bolt-on you can always bolt OFF if it breaks and bolt something else on.

        1. Canecutter

          Re: Sounds like you have a hammer

          "There's a big problem with a built-in, though. What if the built-in BREAKS? Like a digital wristwatch whose reading light goes out. Now you can only see it in daytime unless you use an external light. At least with a bolt-on you can always bolt OFF if it breaks and bolt something else on."

          Not in this case. Since qualities like security, reliability and performance are what you might call system attributes, you need to consider those properties quite early in the system's life (like during the concept and design phases). The system will never exhibit a quality if it was not specifically and deliberately included during the system's design - no matter how the system is finally implemented. Worse yet, there is no component you may later bolt on to the system that will cause it to exhibit that quality.

          Of course, once the specific property is included in the system design, the design may specify that the system will have a modular structure, that would allow the system's various functions to be implemented via removable components. Nonetheless, a system _function_ is not a system _attribute_, and neither is equivalent to the system's structure. Replacement or failure of a component in a system with modular structure, may invalidate a system attribute; but if the system never had the attribute in the first place, no component will grant the system that attribute. That is particularly true for qualities like security or performance.

          1. Wzrd1

            Re: Sounds like you have a hammer

            "Not in this case. Since qualities like security, reliability and performance are what you might call system attributes, you need to consider those properties quite early in the system's life (like during the concept and design phases)."

            Then, one has to wonder if a government demands a backdoor be installed into the system, at a system level, by the software vendor.

            One recalls Windows source code with "NSA hooks" from some years back...

      3. Wzrd1

        Re: Sounds like you have a hammer

        GNUnet, a new version of Freenet? ;)

        Seriously though, one could always own one's own encrypted server, with keyserver for public keys. With an encrypted filesystem out of one's own domicile.

        First, they'd have to get your key to unlock the filesystem. Then, have to get assorted other keys from you.

        Which is where you typically are at anyway, as if you know your key, they can attempt to force that key out of you.

        Indeed, as I recall TrueCrypt offered a duress key and a real key just go avoid such unpleasantness. Briefly.

        Still, just to twig their nose, I've taken to sending encrypted e-mails to my wife when she's upstairs on her computer.

        1. Anonymous Coward
          Anonymous Coward

          Re: Sounds like you have a hammer

          "Indeed, as I recall TrueCrypt offered a duress key and a real key just go avoid such unpleasantness."

          Still does, sort of, as you can use hidden containers within other encrypted containers allowing you to reveal the outer container and keeping the bit inside a secret.

    3. Graham Cobb Silver badge

      Might be better to join an existing project

      Keep an eye on the PRISM Break site for suggestions for alternatives. Bitmessage is working on an approach that is a similar to what you describe. I am sure there are others as well.

    4. Brian Miller

      It's called a one-time pad

      "... they message could be XOR'd with a random binary sequence and a third sent to each server - not enough for any one party to even think about dencrypting the content but with an inherent back up in the event of a server failure."

      One-time pads are unbreakable. I used them while I was in the Army. Imagine Alice burns a DVD full of random data. She sends a copy of that to Bob through USPS registered mail in a secured container. (USPS registered mail is good enough for official secret documents, and is placed under secured storage while in USPS transit.) When Alice sends something to Bob, it's XORed with data on the DVD. After a while, both Alice and Bob destroy their DVDs and Alice sends Bob a new DVD.

      As for open source, the problem isn't the services, it's the governments' demand to view the users' data. Where can the data go where a business can thrive? What country absolutely allows private encrypted data to remain private? Any in the first world? Any in the third world? Would you want to be part of a distributed network, which means that at any time government agents could burst in and seize your computer?

      1. Anonymous Coward
        Anonymous Coward

        Re: It's called a one-time pad

        "As for open source, the problem isn't the services, it's the governments' demand to view the users' data. Where can the data go where a business can thrive? What country absolutely allows private encrypted data to remain private? Any in the first world? Any in the third world? Would you want to be part of a distributed network, which means that at any time government agents could burst in and seize your computer?"

        Yup.. that's more of less the problem!

        Once-up-on-a-time government agencies had to get a warrant to open our post or tap or phone line, but we've been sleep-walking in to a surveillance society for the last 10-15 years or so... when did the "state" get the automatic right to see *everything* and without a *warrant*.

        Why have we got PRISM and other communications intercept programs?

        Why do we need an automated "drag net" of surveillance?

        What happened to "evidence lead policing"?

        Why do we need draconian measures like the NSA Security Letters, and provisions in the RIPA that gag us? Why do we have to go to jail for refusing to give out a crypto key?

        What the hell is wrong with our governments and the state?

        Perhaps PRISM and the like will serve (finally) as a wake-up call to us all?

        G

  5. Anonymous Coward
    Anonymous Coward

    Looks like Mixmaster is still working for Quicksilver users. There are a lot of new messages every day on alt.anonymous.messges.

  6. DJO Silver badge

    Secure messages

    How about a system where you write or print the message onto some ephemeral material such as paper then wrap that in some form of sealable package which is then delivered by a trusted third party in exchange for a small fee, it might take a day or so but if the package is well sealed any tampering would be evident.

    It's novel but it might just work.

    1. Peladon

      Re: Secure messages

      And, of course, the Security Services never were in the business of clandestinely intercepting, opening, reading/ copying, re-sealing and sending on the type of instrument you describe. And your 'trusted third party' would never cooperate in such activities (even at the direction of the State). Ever. Like, never-ever.

      Right?

      http://www.aarclibrary.org/publib/contents/church/contents_church_reports_vol4.htm

      Oh....

      The Idiot

      1. Alan Firminger

        Re: Secure messages

        Read : The Defence of the Realm by Christopher Andrew..

      2. DJO Silver badge

        Re: Secure messages

        Read "Spycatcher" and what he has to say about envelopes sealed with sellotape.

    2. Wzrd1

      Re: Secure messages

      "How about a system where you write or print the message onto some ephemeral material such as paper then wrap that in some form of sealable package which is then delivered by a trusted third party in exchange for a small fee, it might take a day or so but if the package is well sealed any tampering would be evident."

      And one ponders sealed orders that misdirected Nazis during WWII, where the sealed orders were planted on a deceased man in uniform by British forces.

      Later to receive the envelope back intact, but the message had been rolled, removed, copied, re-rolled and reinserted and unrolled into the envelope.

      Worked well, as I recall. Pulled the wool well and truly over the Nazis eyes.

  7. Anonymous Coward
    Anonymous Coward

    Submitting to their appetite for data

    Surely the issue is not the absolute unbreakableness of any given message, which few would expect ever to be possible. Rather, it's to ensure a reasonable level of non-snooping. RIPA etc can already legally compel us to hand over the keys to decrypt any given message, but does not (yet) say that you are not allowed to send encrypted data in case the snoopers want to index your traffic. In other words, if the snoops are interested in something, they can ask ^H^H demand it, so why simply roll over and say, "oh well, you really want all my data so here it is." Sod 'em. We should be making it as difficult and expensive as possible for these rabid snoops to do this morally reprehensible routine and blanket surveillance.

    1. Michael Wojcik Silver badge

      Re: Submitting to their appetite for data

      Or more generally, security is not a binary value, there are many categories of threats, and sometimes mitigating some threats is valuable even if other threats still exist.

      Really, both the article and most of the discussion are remarkably naive and unrealistic. If you're personally targeted by the State, secure email is not going to make you bulletproof. But it does remove attack paths and increase work factors for other threats, such as mass data collection, amateur WiFi snooping, and the like.

      If someone wants to steal my car,1 lack of an ignition key and locked doors are not insurmountable barriers. But they're enough of a hassle to make it a much less attractive proposition than if, say, I just left it running with the doors open all the time.

      1This is purely hypothetical. My car is old enough to drive itself, and wasn't any good when it was new. Walking is usually a better alternative.

  8. John Smith 19 Gold badge
    Flame

    NB EU Date Retention Directive Made In Britian

    In the wake of the Madrid rail bombings and not supported (or asked for) by the Spanish, despite their long history of fighting the ETA, perhaps because they knew what a real fascist dictatorship feels like.

    Another little present from those wonderful civil servants at the Home Office.

    Thank you so verymuch.

    It seems if you want privacy and personal freedom destroyed electing an (allegedly) socialist government run by a lawyer is a pretty good idea.

    1. Anonymous Coward
      Anonymous Coward

      Re: NB EU Date Retention Directive Made In Britian

      It should be noted, by the way, that the data retention directive has been resisted by a number of countries. Notably in former "Eastern Bloc" countries it has either not been implemented, or it has been enacted into law (as a way to feign compliance with the EC) only for it to be struck down by the courts, at least in one case at the lawmakers own request.

  9. Anonymous Coward
    Anonymous Coward

    Thunderbird+Enigmail?

    How well does this combination solve the problem? Aren't the public/private key pairs totally under the user's control, with no decryption keys held on anyone else's server?

    1. Charles 9 Silver badge

      Re: Thunderbird+Enigmail?

      The problem is that they still know it comes from you. They suspect you and bring you in. Bring in the rubber hoses or (in Britain's case) the threat of a mandatory two-year sentence, not to mention the black mark on your record.

      Sounds almost like a Catch-22. How can you prove to Bob you're Alice while at the same time not allowing Gene or Mallory to know that? And Alice has no way to meet Bob personally?

      1. Anonymous Coward
        Anonymous Coward

        Re: Thunderbird+Enigmail?

        I guess it depends what you want out of it. If you want your communication to be totally secure such that even the fact of the communication is hidden, then you're going to be very interesting to certain people and will have to work hard at it.

        I submit that most people don't need that level of secrecy - what they need is simply an enhanced level of privacy. My own point of view is that I don't expect to be able to hide the fact that I'm talking to someone, but I do have the right to ensure that the communication is as private as possible.

      2. phuzz Silver badge
        Boffin

        Re: Thunderbird+Enigmail?

        "Sounds almost like a Catch-22. How can you prove to Bob you're Alice while at the same time not allowing Gene or Mallory to know that? And Alice has no way to meet Bob personally?"

        If you do think of a solution, let everyone know won't you. That one's been bothering cryptographers for years.

        The closest to a solution is practically a motto; Eventually you have to trust someone, choose well.

        1. Yeik

          Re: Thunderbird+Enigmail? @Phuzz

          So, what if you were to have a distributed "caching" server. You upload it with the intended recipient after using their public key and some extra information through in there for a little bit of entropy, including the information that contains the location of the content of the message (2 seperate parts that can be sent at different times*).

          After that you are able to successfully process the message and validate you are the correct recipient the server will send you the encrypted message. When your local client receives it, you can delete it.

          That way the body of the message is seperated from the content making it harder to get messages for a specific person, and only that person can receive the message.

          You could have multiple levels of encryption between and for the messages.

          *I am not sure how you could send the recipient first if it is to include where the content is located. The message could be sent first then later the recipient, even over seperate channels/proxies and could even break up the messages into multiple and each contains reference to the other.

          If someone creates this, please, atleast give me a free account.

      3. Anonymous Coward
        Anonymous Coward

        Re: Thunderbird+Enigmail?

        One solution in encryption + steganography + posting in a public place.

        If you encrypt a message, insert in a jpeg, then post it on 4chan from a public connection, it's pretty much the equivalent of a dropbox. If your jpeg was something people wanted, then you'd get a lot of random downloads as well.

  10. Mike Banahan

    PGP email

    PGP works fine, but with email, only encrypts the body of the message and attachments.

    The fly in the ointment is the severe problem that using standard SMTP to exchange email, the subject and to/from (in fact all the headers) are in plain text rendering a lot of snooping (who are you talking to, how often and what about) completely open.

    Email needs re-architecting and probably needs to move away from SMTP altogether to make traffic analysis and web-of-correspondent tracking hard to do. At the same time one might as well incorporate other messaging types to include text, voice and video messaging all in the one encrypted package. At the very least everything needs to be encrypted and not to leak information if someone happens across / intercepts the whole message or its parts.

    As far as I'm aware even PGP/GPG encrypted messages will yield up the key ID of the person they are encrypted to, allowing interception to perform at least some analysis of correspondent webs, but there may be an option to turn that off.

    Thunderbird and Enigmail work very well and actually take very little effort to set up and understand, if all you care about is confidentiality of the message body. But watch what you put in the subject line!

    A root-and-branch look needs to be taken at this, as sticking plaster solutions aren't going to work. PGP is probably an important component but the protocols, key exchange and transport mechanisms need serious work to keep the bastard's noses out of private correspondence. And they aren't going to like it.

    1. Canecutter

      Re: PGP email

      Completely agree. Security is a _system attribute_ not a component you can bolt on or otherwise retrofit.

    2. Anonymous Coward
      Anonymous Coward

      Re: PGP email

      Easy fix: screw the headers and SPAM!

      Say I want to send a message to jsmith@microsoft.com. Take jsmith and encode it with a key.

      Then encrypt your message with a different key.

      Send your message to a mailing list full of servers. (encodedname)@servername.domain

      Most will reject it, as should your intended recipient. But the intended recipient then periodically scans his junkmail/rejected mail lisy for anything that decrypts to his name-or some other identifier- using a known key or set of keys.

      throw in a bit of obfuscation- stenography, splitting up parts of the cyphertext, etc and suddenly the NSA has to invest massive resources in ALL spam to have a chance of finding your message. Throw in a couple of intermediary machines to throw off a routing analysis and suddenly their job becomes nigh-impossible again.

  11. asdf

    grrr

    I am glad the NSA is doing this (sarcasm). After all its more important to archive all information on US citizens that to actually respond to terrorist threats even when another government tells us clearly who our terrorists are (Boston Bombers). When in doubt to change the conversation call for a month long vague orange alert.

    1. Oninoshiko
      Thumb Up

      Re: grrr

      On some level I am actually glad the NSA is doing this. Since the investigation of Phil Zimmierman in the mid-90s I haven't heard so much caring about encryption or secure communication.

      It's awesome in that we are now talking about what we have to do to prevent statistical metadata attacks. That discussion wasn't even on anyone mind a year ago.

  12. LordHighFixer

    It's old, but...

    http://www.speakfreely.org/

  13. tom dial Silver badge

    Email transport w/o readable headers looks at first glance to be a bit difficult. On the other hand, I didn't notice mention of tormail (described at http://tormail.org). Recent reports (~4 Aug) claim it was compromised, but without enough detail to make a sound judgment.

    Perhaps someone with actual knowledge could add a comment.

  14. Busby

    The mega product could be interesting but considering how they hyped there last launch it has me dubious. Especially after the security holes last time.

    Using PGP manually for everyone also doesnt seem an elegant solution either.

    I'm really hopeful that after all the recent attention on online (lack of) privacy someone pops up with a killer product. Surely theres a gap in the market for easy to use secure communication with no connection to ghe US.

  15. brooxta

    Enter the Raspberry Pi...

    There are already a number of disk images available for the Raspberry Pi which make previously tricky setups very easy to achieve _properly_ for even a newbie, eg. asterisk, xbmc.

    What would be great would be to see development of an open source email system with encrypted SMTP, POP, IMAP, webmail etc which could then be downloaded as an image, booted and be up and running with generated keys within minutes.

    You don't need huge processing power for a personal email server. But if lots of people shifted to an encrypted-by-default system like this, running on commodity hardware via their own broadband connection, without the traffic going via a major ISP's mailservers or Google/Yahoo!/Microsoft, then the majority of email users can have their privacy back again without the concern that all their email is being gratuitously read by some nosey parker(s) in Cheltenham/Fort Mead.

    Court orders then become necessarily more targeted because only one person's email, or a relatively small group of people's email (an RPi can't serve huge groups). And you know when you're being targeted because they have to ask you for the keys...

    It seems you can't trust a company to keep your email secure and keep the service running, so people are going to need to do it themselves.

    Perhaps somebody has already done this and I've missed it. If so I'd love to be pointed in the right direction!

    1. Anonymous Coward
      Anonymous Coward

      Re: Enter the Raspberry Pi...

      A network of encrypting R Pis...

      Typical R Pi use an operating system that can be compromised. So put MSDOS on it, and load single apps, use in-line code of ftp to store enciphered files on any public server.

      Share ciphers using ftp on a random agreed file, share location on an out-of-band ( snail mail!!!) comms link.

      I suggest popular Blueray DVDs a a source of use one-time pad. ( pass two or more offsets and XOR them with the message)

      Have R Pis continually run crypt-uncrypt-share with all those in the network to hide in the crowd.

      Guess this post increments me several level in PRISM! (recursive!)

      Is there any advantage in using anonomous coward?

  16. Anonymous Coward
    Anonymous Coward

    Running scared.

    It's one thing to shut your doors from force, but another to shut your doors out of fear of force. This just happens to be an e-mail company, but it could be any other type.

    Setting an example out of fear doesn't help the country with its privacy problems, and it surely doesn't help their credibility with their peers. I much prefer LavaBit's approach to the matter, at least they looked at their options first.

  17. btrower

    So many things...

    Shutting down the systems was the only effective way to maintain security. They did the right thing. These two mail providers are to be commended on a taking a principled stand and 'walking the walk' by taking the action backing it up.

    There are so many issues here and all of them have to be addressed to get even a reasonable sense of security.

    First, this has to be a two pronged attack. A technological solution needs to be supported by a political solution. We need to make it very difficult to invade people's privacy by raising the bar. We also need to reduce the incentives to snoop by making ill-gotten information 'fruit of the poison tree' and by clarifying penalties that the state and its operatives incur if they are caught. The penalties must be high enough to remove any incentive to snoop.

    For the technical aspects, we need to make it so that everything goes into an encrypted distributed pool such that only possession of the keys will allow retrieval and so that routing cannot be traced. These things are doable, but not with our current infrastructure as currently constituted.

    My point is that neither a purely technological nor a purely political solution will do. We need both.

    Data Security has many nuances and as the attacker becomes better armed it becomes increasingly more difficult to defend. As we can see from the current attack on key holders and intermediaries entrusted with our data, Rubber-hose cryptanalysis comes on to the table quickly and although crude it is a very effective line of attack.

    You need to approach design like this with a sense that attack can be expected from all sides. Sophisticated side-channel attacks and exhaustive analytic attacks must have some design response. It may not be possible to implement EM and sonic barriers, but the design should have a place for them.

    Attack can come from everywhere including the hardware and firmware as well as compilers and other software.

    This entire area is poorly understood even by people in our line of work and it seems it is wholly misunderstood by the general public. We all have to skill up on this.

  18. OzBob
    Joke

    How can you pass keys around securely....

    when Big Brother holds history of your traffic, and could conceivably recover the key you sent someone ages ago? Simple, you reverse the paradigm and make the key insecure but the data hidden, preferably physically on someones body, where it can be vouched for and transferred around. In short, we need a Mnemonic courier service (ie. the way OBL managed to exchange data so long without the authorities finding him - it was human intel that got him in the end).

    http://en.wikipedia.org/wiki/Johnny_Mnemonic_%28film%29

  19. freddyk

    Is non-US based email encryption vulnerable?

    It would be interesting to know how this Lavabit meltdown relates to non-US based email encryption services such as http://salusafe.com and if it we could expect similar abrupt shutdowns of offshore servers?

    1. John 179

      Re: Is non-US based email encryption vulnerable?

      TrulyMail is based in Chile and they are still up and running. If they shut their doors, I guess I'll find another service somewhere.

  20. Pascal Monett Silver badge

    Whatever happened to your Constitutional Rights ?

    I do not think that discussing technical details is the solution - it acknowledges that the State has the right to snoop and tries working around that.

    Instead, walk right up to your representatives and put your foot down concerning your right to privacy.

    What is the excuse for all this snooping ? The modern boogey man : terrorism. Yes, 9/11 was horrible. Yes, it should never happen again. But it is the fact that known terrorists were not signalled to proper police forces that allowed them to act. Snooping is not the solution, and would not have helped.

    So go to Congress and tear down RIPA and the so-called PATRIOT act. They are unconstitutional and therefor illegal, and it is high time that all this terrorism malarkey be put back where it belongs.

    If you live in constant fear of terrorism, then you have given the terrorists the victory they wanted in the first place.

    1. brooxta

      Re: Whatever happened to your Constitutional Rights ?

      I hear you on the principles at stake, but the technical workarounds may help to arrive at an acceptable political solution. If enough people see for themselves the extent of the gratuitous monitoring of the communications of innocents then they will be more motivated to push for political change.

      The state of technology at the moment allows for monitoring to be almost undetectable and is certainly below the radar of most netizens today. If that can be changed that is a good thing.

      Solutions that work around the technical weaknesses of most people's email systems today and require law enforcement agencies to enforce the law openly are therefore a step in the right direction.

  21. Dylan Fahey

    Where's the 'app'

    Email should have always had encryption since the beginning of time. Where the hell is that button in the application that says, ENCRYPT PRIOR TO TRANSMISSION ! This should have always been there, and it is not. WHY? Ask yourself that. That is the true question here.

    1. Charles 9 Silver badge

      Re: Where's the 'app'

      TRUST.

      There's your answer.

      When the Internet and all its fledgling protocols were first implemented, all you had were a bunch of university boffins talking to each other. In other words, it was pretty much a closed community of people who knew each other already.

      That's why Telnet was unencrypted. As was Usenet. As are POP and SMTP.

      It's just that in the intervening years, no one has been able to implement a ubiquitous (this is the hard part) e-mail system that is secure from end to end. As noted before, encrypting the contents means bupkis if plods can just read the metadata and the fact you logged into your ISP's SMTP server and sent a message (and the metadata MUST be in the clear for the system to be able to route it). On the other hand, a protocol without the metadata suffers from inefficiencies and increased spam potential (how can you trace a spammer without source information, yet that same source information can be used by the plods).

  22. Scott Pedigo

    What About Deep Packet Inspection?

    There is a technical problem to be solved for securing the content of private individual or business communications for stuff the government doesn't care about, but which you don't want competitors to have access to. There are some solutions for that. How adequate they are is debatable. Governments have been known to spy on foreign companies to help out competing companies based in their own country. Let's leave that aside.

    Let us stipulate that you are a whistle-blower that a government does not like and wants to suppress. Once you are targeted, any intermediary, or you yourself, can be pressured into turning over any encryption keys. So you want to avoid attracting attention in the first place.

    Assume for the sake of argument that someone did set up a secure e-mail server beyond the reach of a given government. The thing still has to be connected to the Internet. It still has to have an IP address and so does any other endpoint communicating with it.

    So, you try to use some intermediary to obscure that you are communicating with it. As has been reported recently, even TOR is not secure, because you cannot trust the endpoints. But for the sake of argument, less us further assume that both the e-mail service and the intermediary you use are not themselves honey pots set up by the NSA or whoever. What is to stop them (you know, THEM) from coercing all ISPs and backbone providers into letting them monitor the packets going through every single router, in particular the ones at the edge of the Internet? And performing deep-packet inspection to try to match up packets going in one place and out another? It seems like it is just a matter of money and processing power and storage capacity. With some custom made hardware (such as FPGA) (which they probably already have...) it might not be far-fetched.

    So, it seems to me that as long as you use the Internet for some kind of end-to-end communications, it will be impossible to use technical means to prevent the authorities from obtaining meta data.

    If you don't care that they know you are communicating, then you may be able to sufficiently encrypt the transmission. But the men in black can always sneak into your abode and bug the place. Or put a trojan on your computer.

    All of these suggestions from readers for out-foxing the authorities are pretty much an exercise in futility and a fool's game.

    What we need is legislation which makes it flat illegal for the government to do this stuff.

    But then, when the next act of terrorism occurs, are you going to demand that the authorities do something to prevent it from happening in the future? Or when you find out about some child-paedo ring, abusing children and sharing the pictures of their crimes via some secure server? Or some international drug cartel, which murders people by the hundreds and corrupts whole governments organizing their business the same way?

    With the massive precautionary data collection, the authorities are taking the easy way out, to be sure, and it is being abused. So can be just back up the Patriot Act and its ilk a bit and go back to the days of having real judges issue real warrants?

    1. Charles 9 Silver badge

      Re: What About Deep Packet Inspection?

      "What is to stop them (you know, THEM) from coercing all ISPs and backbone providers into letting them monitor the packets going through every single router, in particular the ones at the edge of the Internet?"

      How about some of the IPs belonging to countries antagonistic to the west but lack the resources to crack the stuff themselves? They'll tweak the US just because they're the US, and once they lose track of the chain, it's hard to pick it up again in the noise, especially if the endpoint is outside their control. Another possibility is something like a dead-drop where the information is posted to some random location and the message of its location conveyed by some other means. There's more to the darknet than just TOR. Freenet may be too conspicuous due to its traffic usage, but perhaps a chan board or a stego'd image elsewhere.

      "With the massive precautionary data collection, the authorities are taking the easy way out, to be sure, and it is being abused. So can be just back up the Patriot Act and its ilk a bit and go back to the days of having real judges issue real warrants?"

      No, they won't be cause they're afraid the terrorists have subverted the judges or have placed moles within, such that the very ACT of obtaining the warrant tips them off and makes them scatter and hide or switch to an alternate line of communication they haven't traced. Then the warrant's meaningless because there's nothing to seize and no one to arrest anymore. IOW, the government has the EXACT SAME problem on THEIR end: keeping their raids secret until they actually go down, as any leak can give the game away.

  23. Anonymous Coward
    Anonymous Coward

    May I suggest ...

    ... using BitMessage and Tahoe-LAFS as a general rule? Both make spying near impractical.

  24. John F. Donovan

    Yes And No

    Yes, you can securely communicate internationally. No, don't use the cloud for that.

    I am not going into the specifics here, but it will suffice to say that you should educate yourself towards wireless communications and what the NewZealanders did before they got the British machinery. Research how that guy Dönitz placed much too many faith into machines. That will tell you how to work around these pitfalls.

    Go for the simple stuff, which can be directly understood. Infiltrate an amateur radio group and learn their stuff. View those videos on youtube. There's an almost global network out there which is virtually unknown and which is not being actively monitored on.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021