The promises of secure email

A German regional court recently forced secure email provider Tutanota to monitor a particular email account. Though this order has been called an encryption backdoor, it is not that: Tutanota is asked to monitor something they can see anyway, but aren’t necessarily looking at.

Still, it is a bit awkward: one important reason to use encryption is that you don’t even have to worry about court orders, because they can’t break the unbreakable. Indeed, Tutanota promises “end-to-end encryption” on its website, only to explain in the FAQs that emails to and from email accounts that don’t use Tutanota aren’t fully end-to-end encrypted.

That’s not Tutanota to blame though: that is just how email works. Email goes back to the early 1980s, several crypto wars ago, when encryption and authentication were neither practical nor considered necessary. The email protocol is still more or less the same.

That doesn’t mean that emails are sent unencrypted over the Internet today: connections between mail servers, as well as those between mail apps and mail servers, are typically encrypted, so that even a powerful intelligence agency can’t just tap Internet cables to read everyone’s email. But the mail servers themselves still have access to the unencrypted emails.

That is not ideal. But maybe this situation is good enough for most? That’s less of a personal opinion (I’m a big supporter of strong encryption) and more of an observation.

First because email hacks, such as the infamous 2016 hack of John Podesta’s email account, tend to go after the email accounts themselves, either through phishing or through compromise of the endpoint. Even end-to-end encrypted email wouldn’t prevent that.

And secondly because after the 2013 Snowden leaks, people have worked on email replacements that were end-to-end encrypted. The most promising of these is DIME, which I once was excited about, and which I still believe could have replaced email if there was enough of an incentive to replace it. Apparently, there wasn’t.

(DIME, in case you are curious, solves the usability problem that PGP has by handling key management and lookup, while also encrypting most of the metadata that PGP leaves in the clear. It is designed to exist side by side with email during a transition period, so one would be able to use a single mail client. Moreover, it allows for multiple levels of security, depending on how much you trust your mail provider and how much you are willing to compromise usability.)

And thus it’s likely that we’re going to be stuck with email for the foreseeable future: good enough for most use cases, but not for all of them.

This makes email potentially problematic for people and groups with more complex threat models, such as journalists and human rights defenders. Many of them are using secure email providers like Tutanota or Protonmail for the extra security they offer compared to big providers like Gmail or Outlook.com. The court order served to Tutanota reminds us that there is a limit to this security: ultimately, it is still email, protected by promises (by the company and the legal system in which it operates) rather than by mathematics.

That is not to say that this is a reason to avoid secure email providers and ditch email altogether (which may not be practical anyway). The legal system in Germany, hardly the world’s most authoritarian state, may well offer ample protection for a particular individual or organization. But they would do best to be aware of the kind of security offered by these email providers. As they should, of course, be about any third-party provider.

Cyber optimist. Researcher, reader, runner. Asker of difficult questions. Lapsed mathematician. Traveler in digital security. He/they.