Tech
After Lavabit: A Brief History of Securing Email, and Failing at It
Staff Reporter
First Posted: Aug 16, 2013 07:36 PM EDT
Last week, two secure email providers – Lavabit and Silent Circle – announced the closure of their services, citing pressures on them to reveal user information as the key reason for the decision.
By Srikumar Venugopal
The companies offered their own encrypted email services so it’s no surprise National Security Agency (NSA) whistleblower Edward Snowden was reported to be a Lavabit customer.
While email is a source of unending frustration for many among us, with our inboxes flooded with urgent missives, forced conversations induced by someone hitting Reply-All, and entreaties from princes to share their outrageous fortune, the problems with email have entered a different dimension altogether with the ongoing revelations about the intelligence gathering programs run by the NSA.
Emails are private communications, zealously guarded by those with the most to lose if they were revealed. Securing emails requires securing all the elements involved in conveying them – computer, software, network and storage.
In the early, innocent days of the internet, email servers were “open relays” – that is, they would forward any email they received, irrespective of the sender, to their intended destination.
This was quickly taken advantage of by spammers, who would flood the network and the users with marketing messages. Even more insidious were “address spoofing” attacks, in which users were duped financially by emails coming from seemingly trusted sources that were instead sent by scamsters.
Security standards
Large enterprises run dedicated teams to host their email servers. Most small businesses and consumers have gravitated, since the earlier iterations of email, towards web-based email providers such as Hotmail, Yahoo! Mail and Gmail.
These offer the convenience of having an email account operable through a web browser, and commonly secured using a combination of a unique username and a password (and sometimes memorised using Post-It notes).
While this provided a semblance of security, the contents of the email were still transmitted as plain text, making it easy for anybody snooping on the network to read them.
The need for encrypting emails in transit led to the development of Pretty Good Privacy (PGP) by Phil Zimmermann, one of the co-founders of Silent Circle, which used the notion of a public encryption key to scramble messages so that only a receiver possessing a matching private decryption key could unscramble and read them.
But PGP became confined to a niche of the technical and the paranoid due to lack of user-friendliness, and lack of easily available implementations. Most webmail providers soon allowed users the option of communicating using the HTTP Secure (HTTPS) standard to gain increased security of communications.
Web browsers display sites using HTTPS using a lock icon in the address bar. But HTTPS increases the work to be done by the browser and, therefore, makes emailing a tad slower. It also increases the costs borne by the webmail providers, most of whom offer their services for free.
In 2010, Google adopted HTTPS by default for Gmail to secure user communications in response to attacks on email accounts belonging to Chinese human rights activists. This was soon followed by other providers, as well as by Facebook and Twitter.
But the weakest point in this set-up happens at the point at which the email has to be displayed to the users in a browser or in a particular email program. This requires that the provider has to possess a master key to unscramble the message.
Lavabit and Silent Circle went a bit further than others in this regard by not having a master key – instead they stored the users' decryption keys in a manner that was inaccessible to even the companies' own personnel.
HTTPS is also undermined by so-called man-in-the-middle attacks that have been used by at least one government to spy on its citizens.
Arm twisting
Recently, there have also been pressures on the most popular webmail providers to provide their master encryption keys to intelligence services as well as the username and password combinations of their users.
This would go above and beyond the metadata currently mined by the NSA programs such as PRISM, since that would expose the actual contents of the emails themselves.
The widespread reach and use of email has meant that, as with any communication medium, it is of interest to authorities. A cat-and-mouse game between the latter and the users will only cause the technology stakes to rise higher and could lead to more intrusive surveillance.
It’s important to have a vigorous debate in the public sphere around these programs if we’re to safeguard citizens' rights while meeting the reasonable needs of security agencies.
Srikumar Venugopal does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.
See Now:
NASA's Juno Spacecraft's Rendezvous With Jupiter's Mammoth Cyclone
TagsSurveillance This article was originally published at The Conversation.
More on SCIENCEwr
First Posted: Aug 16, 2013 07:36 PM EDT
Last week, two secure email providers – Lavabit and Silent Circle – announced the closure of their services, citing pressures on them to reveal user information as the key reason for the decision.
By Srikumar Venugopal
The companies offered their own encrypted email services so it’s no surprise National Security Agency (NSA) whistleblower Edward Snowden was reported to be a Lavabit customer.
While email is a source of unending frustration for many among us, with our inboxes flooded with urgent missives, forced conversations induced by someone hitting Reply-All, and entreaties from princes to share their outrageous fortune, the problems with email have entered a different dimension altogether with the ongoing revelations about the intelligence gathering programs run by the NSA.
Emails are private communications, zealously guarded by those with the most to lose if they were revealed. Securing emails requires securing all the elements involved in conveying them – computer, software, network and storage.
In the early, innocent days of the internet, email servers were “open relays” – that is, they would forward any email they received, irrespective of the sender, to their intended destination.
This was quickly taken advantage of by spammers, who would flood the network and the users with marketing messages. Even more insidious were “address spoofing” attacks, in which users were duped financially by emails coming from seemingly trusted sources that were instead sent by scamsters.
Security standards
Large enterprises run dedicated teams to host their email servers. Most small businesses and consumers have gravitated, since the earlier iterations of email, towards web-based email providers such as Hotmail, Yahoo! Mail and Gmail.
These offer the convenience of having an email account operable through a web browser, and commonly secured using a combination of a unique username and a password (and sometimes memorised using Post-It notes).
While this provided a semblance of security, the contents of the email were still transmitted as plain text, making it easy for anybody snooping on the network to read them.
The need for encrypting emails in transit led to the development of Pretty Good Privacy (PGP) by Phil Zimmermann, one of the co-founders of Silent Circle, which used the notion of a public encryption key to scramble messages so that only a receiver possessing a matching private decryption key could unscramble and read them.
But PGP became confined to a niche of the technical and the paranoid due to lack of user-friendliness, and lack of easily available implementations. Most webmail providers soon allowed users the option of communicating using the HTTP Secure (HTTPS) standard to gain increased security of communications.
Web browsers display sites using HTTPS using a lock icon in the address bar. But HTTPS increases the work to be done by the browser and, therefore, makes emailing a tad slower. It also increases the costs borne by the webmail providers, most of whom offer their services for free.
In 2010, Google adopted HTTPS by default for Gmail to secure user communications in response to attacks on email accounts belonging to Chinese human rights activists. This was soon followed by other providers, as well as by Facebook and Twitter.
But the weakest point in this set-up happens at the point at which the email has to be displayed to the users in a browser or in a particular email program. This requires that the provider has to possess a master key to unscramble the message.
Lavabit and Silent Circle went a bit further than others in this regard by not having a master key – instead they stored the users' decryption keys in a manner that was inaccessible to even the companies' own personnel.
HTTPS is also undermined by so-called man-in-the-middle attacks that have been used by at least one government to spy on its citizens.
Arm twisting
Recently, there have also been pressures on the most popular webmail providers to provide their master encryption keys to intelligence services as well as the username and password combinations of their users.
This would go above and beyond the metadata currently mined by the NSA programs such as PRISM, since that would expose the actual contents of the emails themselves.
The widespread reach and use of email has meant that, as with any communication medium, it is of interest to authorities. A cat-and-mouse game between the latter and the users will only cause the technology stakes to rise higher and could lead to more intrusive surveillance.
It’s important to have a vigorous debate in the public sphere around these programs if we’re to safeguard citizens' rights while meeting the reasonable needs of security agencies.
Srikumar Venugopal does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.
See Now: NASA's Juno Spacecraft's Rendezvous With Jupiter's Mammoth Cyclone