Why Email Can’t Be Protected From Government Surveillance

Rate this post
Why Email Can’t Be Protected From Government Surveillance

“If you understood what I know about email, you may not use it either,” stated the proprietor of Lavabit, a secure email service that just shut down. “There is no way to conduct encrypted e-mail with protected information,” Phil Zimmermann claimed as he abruptly shut down Silent Circle’s private email service. The fact is that email is essentially insecure and will never be immune to government monitoring in the same way that other forms of communication are.

You might be utilizing a different encrypted and “secure” email provider that hasn’t yet been shut down. However, they are exposed to the same US government coercion that Lavabit experienced, which is why Silent Circle shut down before the government contacted them. Some less ethical services will choose to work with governments rather than shut down. We don’t know what requests Lavabit faced since they aren’t allowed to reveal what they went through as a consequence of backdoor orders from the secret US surveillance court that allows PRISM and other NSA spying programs.

Let’s take a look at why email is a bad option for secure communications and how it’s a prime target for government spying.

An email isn’t just one piece of information. There are many bits of information: There’s the message content, the subject line, the From field, the To/CC/BCC fields, and additional information such as the location from which the email is being sent.

Even if you employ the greatest email encryption technology available, you can only encrypt the email’s message content. Anyone watching your connection may see the topic of your email, who you’re chatting with, and where you’re emailing from. The government can build up quite a picture of who you’re communicating with, when you’re communicating with them, where you’re each communicating from, and what the subject lines of your emails are, which gives them an idea of what you’re talking about, thanks to the XKEYSCORE program, which essentially allows the US government to capture most of the traffic flowing over the Internet by intercepting it at large backbone routers and gateways. They may suspect you of encrypting the contents of your emails and target you for further, more in-depth monitoring of anything else you do.

  4 Ways to Use Custom Email Addresses

Until 2011, the US government bulk gathered US email records. According to the NSA, this operation was terminated because it was ineffective; nevertheless, they are still harvesting information through XKEYSCORE, so they are likely intercepting whatever email metadata they can get their hands on. Even if you encrypt your emails, they will get a great deal of information from you.

Read more about what you may discover from an email’s “header,” or metadata, for additional information.

Many “Secure” Email Providers Have the Encryption Keys For Convenience

It is difficult to encrypt and decode emails. In principle, you’d decode emails on your local computer using something like PGP or GPG. In actuality, even for more tech-savvy consumers, the setup may be hard and perplexing. This also makes accessing the encrypted emails through a browser or lightweight mobile client difficult.

Many secure email companies have dealt with this by keeping the encryption keys on their end and decrypting emails when you view them. Silent Circle’s encrypted email service functioned in this way: they owned the encryption keys and could simply decode emails while providing a decent user experience. In effect, this implies that the government could demand all of the encryption keys – or just the ones it required – and decipher all of the emails it desired. If the supplier has the keys, they may be willing to pass them over. Only complex desktop software can safely encrypt and decode email bodies. Even with all of this work, the metadata remains exposed.

The Government Can Demand Backdoors: See Hushmail

Canada-based Hushmail is a well-known and commonly used encrypted email service. Hushmail was ordered by Canadian courts to turn up the emails of one of its users in 2007. Under a mutual legal aid deal between Canada and the United States, the emails were then sent to US courts.

  How to Prevent Your Emails From Going to Spam: 6 Tips

Hushmail, in theory, could not achieve this. They did not maintain encryption keys for users on their servers. For ultimate privacy, they advised users to use PGP or comparable software to decode emails on their machines. However, since many users found this difficult, Hushmail also provided a downloaded Java applet housed on a web page that enabled you to view your email. When you open the web page, the newest version of the Java applet downloads to your computer, you input your encryption key, and the applet downloads and decrypts your email locally without Hushmail obtaining access to your encryption key.

Hushmail was forced to provide the user a version of the Java applet with a built-in backdoor. After the user entered the modified Java applet, Hushmail received the user’s encryption key and got access to the user’s emails, which they turned over to the courts.

If you use secure email, the provider may be obliged to get your key in any manner they see fit. Even if they couldn’t get their hands on your key, the provider might pass over your encrypted emails, which would reveal the government who you’re interacting with, when you’re chatting with them, and about what (via the email subject line).

Email Messages Are Stored on a Server, Instant Messages Are Not

Even if the government is unable to get or acquire the encryption key, they may still be able to decode your emails. Your encrypted email communications are saved on a server since that is how email works. If the government demanded this information, the hosting company would have to offer it in encrypted form. The government may then attempt to break the encryption; new technology routinely renders present encryption systems much weaker, and the US government may be keeping such encrypted conversations in the goal of cracking them in the future.

Instant messaging conversations, on the other hand, are more difficult to preserve. An encrypted communication may be transmitted immediately to the receiver rather than being kept on a server and viewed later. The government would have to deploy a monitoring device and record all real-time conversations. If they failed to do so and did not have all of the encrypted material, they would be unable to retrieve it years later – but they can often do so with email.

  The 4 Best Tips to Reduce Email Overload

Other Types of Communication Can Be Secured

Email was just not created with encryption in mind. It was added after the event, and it shows. Even the most cautious secure email service users cannot conceal who and when they communicate. If you really want to evade government monitoring, you should use various encrypted messaging platforms rather than email.

That is why Silent Circle continues to provide a secure texting solution that they are confidence in. It isn’t the only choice; Cryptocat is another. Cryptocat just disclosed a weakness, and other services may have issues that we may learn about in the future, but these services are on the right route since they are not inherently unsafe by design, as email is.

Of fact, encrypted email isn’t always useless. It may be handy, for example, if you wish to protect crucial business conversations from eavesdropping. But encrypted email isn’t going to slow down the government much since it’s not the best communication method when you don’t want the NSA listening in.

Do you agree with the ideas behind the shutdowns of Lavabit and Silent Circle? Do you converse using a secure messaging service to avoid having your chats archived in a huge government database? Please leave a comment and tell us which email option you prefer.

You are looking for information, articles, knowledge about the topic Why Email Can’t Be Protected From Government Surveillance on internet, you do not find the information you need! Here are the best content compiled and compiled by the achindutemple.org team, along with other related topics such as: Email.

Similar Posts