Is email encryption practical enough?
All emails I have ever sent were sent as plain text. Like postcards, everybody on the way to the addressee could easily read and store them. This worries me. I know privacy is something of the past, but encrypting email is possible, at least in theory. However, I wonder whether it is practical enough.
Is there anybody who has experience with email security? Is it easy to set up? And can you still send and receive email from all you friends and acquaintances?
Very unfortunately: No.
Mail encryption usually means public key encryption. This involves the recipient to have a public key published somewhere - this can be used to encrypt emails. That key then has a secret pair - a private key that can be used to decrypt the emails.
For mail encryption to be practical, the email client would have to be able to:
- When sending email, automatically fetch the public key of the recipient to encrypt the messages.
- When receiving email, fetch the user's private key from a designated server, preferably this would be whoever is providing the email service (usually the ISP).
- When setting up the account, automatically create and store the private key.
But the bigger problem here is the infrastructure. For this to happen, there would have to be:
- A widely used, standard way of publishing a public key associated with an email address (and this method would have to be secured via certificate system so that a third party couldn't mess with it too easily).
- A widely used, standard way of automatically creating a private key for an email address and storing it on a remote server accessible by a standard way. Preferably this server would be part of a normal service from the email provider. This server's address would then be entered as a normal procedure on the account settings of the email client, just as incoming and outgoing email servers are entered nowadays, after which the client could handle all the hassle with keys.
Another problem is that most email clients would have to be able to handle the decryption, and most email providers would have to provide the key service, for the system to be effective. Encryption needs full support at both ends of the communication. But I don't see this as that big of an issue. If an easy and practical standard appears on some clients and servers, they could advertise "we support the secure email standard", and others would probably follow suit.
Also the user would have to be notified about whether a public key is available for the recipient. A good approach would be when adding a recipient, showing a common secure symbol, like the padlock or the blue glow used in SSL/TLS connections with web browsers.
Of course, an alternate private key server, or even just a key file, could be configured to the email client so that the more paranoid user could store his/her own keys wherever he wants. For the rest of us, the email provider could still read the emails as they store the private key - but this would still make communications very secure. After all, security is often about who we can trust.
Honestly, I really don't know why this hasn't happened yet. It's not that complicated. Get on with it already!
Yes, it is practical (PGP is not arcane science), and it is recommended. And of course you are still able to send and receive unencrypted emails.
And if you're looking a free secure web-based email service, sign up with Hushmail.
However, if everybody does it, certain TLA agencies will run out of funding very soon :)
In my mind there's not enough people using e-mail encryption to make it usable except in special circumstances (or certain groups of people). Signing your e-mails, on the other hand, doesn't come with any compatibility problems, so that's probably useful, if you care.
The biggest problem with encryption is still initial key exchange. I don't know of anyone who's really solved that problem from a usability standpoint.
I agree with Molly above but have a lot to add. PGP (or GPG if you want something freeware) is very easy to use, and works with many standalone mail clients. That said, it won't work with email that you use in-browser (as far as I know) and both people need to have the same (or at least interworking) package installed.
This is not difficult, but convincing others to install it and use it can be hard. I know I tried a while back, and nobody would follow along.