Email Superpower 4: Unencrypted by Default

Wait! Is that a typo? Have I lost my mind at ‘Just Use Email’? Aren’t we all supposed to bemoan, wail, and gnash our teeth each year we have to crawl through our lives without encrypted email to save us from the terrors of the internet?

What if I said to you that the tantrums over unencrypted email were lies? A conspiracy to destroy email as we know it? An attempt to put email in the hands of Big Tech to profit over the huddled plebeian masses?

Okay, I won’t go that far (yet), but let’s discuss this a bit more.

If you’ve not been paying attention, the past ten years has seen article after article talk about the ‘insecurity’ of email as a perceived weakness. Chief among those ‘insecurities’ is that, by default, email is unencrypted.

Perhaps you’ve dealt with a financial institution that has refused to email you something because ‘email can’t be trusted’, so you’ve had to drive down to a branch to pick up a paper copy.

Or perhaps you’ve even seen moronic companies sending you your own account information (including passwords) in plain-text right over email. Plain Text Offenders has been waging war on these morons for years, and yet the offenses still keep racking up.

The Solution to Insecure Email?

If you read the tech media, you’d be convinced that the workaround to these reported ‘insecurities’ is to update the email specification to include encryption by default.

Many private vendors of email have tried their best to make encryption easy. But they’ve failed. Nobody except digital activists, hackers, and government officials use it. Well, and paranoid people, but let’s not count them for the moment. Although maybe we should, because with the way things are going these days, “it’s only paranoia when they’re really out to get you”, so maybe some of the paranoid aren’t really paranoid after all.

Asking financial institutions (including mortgage brokers) to build a document retrieval system with proper authentication and login functionality? Nah…

Asking companies to stop sending account information over email? Forget it.

No, let’s instead ask the governing bodies of the internet to update the email specification to mandate encrypted email! That’s the only solution they can think of.

Why is it the solution to so-called ‘insecure’ email? Easy! Because the boys (and yes, they are indeed ‘boys’) at Big Tech will sweep in with their winning proposals and then we will all be able to trust email again! (Never mind that email is already the most-trusted digital communication platform; they don’t want to talk about that).

The rise of Signal and Telegram and the ballyhoo regarding end-to-end encryption for messaging applications is considered to be ‘proof’ that people would of course want email to be encrypted also. There’s even articles pointing out that the reason big Fortune 500 companies are starting to use customer support over chat on some platforms (like Apple’s iMessage and Facebook Messenger) is because it has E2E Encryption and so ‘customer data’ there can be ‘secured’.

So, let’s talk about some reasons why it is an Email Superpower that, by default, email has never been encrypted, and never should be.

6 Reasons Why Unencrypted Email is Your Best Friend

1. Who do you trust?

Seriously. Who will be the ‘encryptor’ of choice? Google? Facebook? Even Fastmail? The government? Which government? The United Nations?

Let’s be real. It’s quite one thing to ‘trust’ that the encryption setup by, say, Apple, is somehow safe and will never be used to breech their customer data. They are a single for-profit company, with a halfway decent legacy of pro-privacy initiatives, and to undermine that trust would cost them customers, and maybe their entire business model.

We all know, inherently, that when we use iMessage that we are trusting Apple that what they say is accurate. They aren’t exactly an open-source company, so we have to trust that our iMessages are indeed ‘secured’ by Apple’s encryption scheme and that, as Apple claims, even they don’t have access to them.

Or do they? While E2E is a really cool technology, if you think it will last forever, you haven’t been paying attention. One day, someone will find a flaw in it. Some new quantum super-computer will brute-force hack it’s way into E2E. You will see a message on your iPhone 23 that says “All your iMessages are belong to us”. Then, the fun will begin. Data dumps of famous people’s messages will hit the dark web. Government officials will be outed as frauds. Secrets will be revealed. Maybe one day every secret will be told. With so much communication happening digitally, what if it were just… published for everyone to see? Hmmm…

The point is that you are making a bit of a Faustian bargain when you use iMessage, or WhatsApp, or Signal, or Telegram, or any medium that promises you complete security.

You are trusting that those companies (and they are all companies as of now, or open-source tools like OpenPGP and implementations like GnuPG) are what they say they are, that the ‘security researchers’ who check on these things are smart enough (and honest enough) to tell us that what those company platforms and tools purport to be is what they really are.

That includes the most famous E2EE system built by Moxie Marlinspike of Open Whisper Systems which is what is used by WhatsApp and Signal. And yes, I’m aware of the conspiracy rumors that detail that Marlinspike is a shill for the CIA and the whole thing was super-engineered to get people to use it so that drug lords, mafia kingpins, MS-13, cryptocurrency money launderers, and of course, foreign governments would start revealing their deepest secrets over chat so that the NSA/CIA/FBI could simply grep their server farms for intel. These are groups that have learned not to send important information over email, unlike the companies on Plain Text Offenders. I’m not a conspiracist myself, but hey, stranger things have happened.

So, the first question you have to ask yourself if you want email to be encrypted is who will you trust to do that? As near as I can tell in the 2021 world, that answer by anyone who is paying attention should be ‘no one’, at least from a centralized, top-down, mandated Wizard of Oz position.

2. Built-in Encryption by Email Providers is not the Solution

The stalwart Thunderbird email program continues its attempt to make encryption easy for its users. Companies like ProtonMail and Tutanota make a pretty big deal about their tools to help encrypt email.

Almost all email companies (including Google’s Gmail) encrypt email from point to point within their own network. Meaning, if you’re on Gmail and you send another Gmail user an email, it’s auto-encrypted.

But email sent to outside networks is not encrypted. It can’t be encrypted because there’s no way for the sending email provider to force the receiving email domain to accept their internally-used encryption method.

That’s a good thing. (See below for more). But the point here is that whatever promises an email company makes about all email to other users on their platform being automatically encrypted, it’s of limited use and security.

3. Email is Universal because it is not encrypted.

Can you imagine wanting to send your mom some pics of the kids by email and her not being able to unencrypt your email? Or her calling you for “IT support” because “I can’t open your email”.

What about email to different countries? We already have a language barrier between many countries. Do we need to add another?

Email just works as is. It isn’t complicated for most ordinary people to just use email. You can pretty much send anything by email.

Once encryption gets involved, things get tricky. There are a variety of encryption standards and you have to be knowledgeable about which one to use.

Even once you agree on a standard, with full awareness that one day that standard will be as easy to read as the nutrition label on a loaf of white bread, you have to later address which standard again. With plain ol' email, no such agreement is necessary: emails sent 30 years ago read just fine in today’s email clients.

All you need to email someone today is their email address. They can put it on websites (as I do here), business cards, billboards, storefront windows, magnetic car signs, and even bathroom stalls (yuck! - don’t do that!).

What, exactly, are you going to do if you want people to email you, but only using encryption? You have to publish your public key. It’s hard enough to jot down an email address or a URL on a billboard, but have you seen a public key? Here’s a sample public key.

Since you can’t write down a public key, you’ll have to instead publish the URL of your website or contact page where someone can copy/paste your public key. Of course, that means that you won’t be able to ‘just use email’, but that you’ll also need a website. Everyone will need a website to publish their public keys. Including the laundromat, your grandma, your 14-year old daughter, your pen pal in Hong Kong, and customer support for your ‘smart’ toaster.

Even then, you won’t be able to quickly send that person an email. Imagine you are on the tube and need to send someone an email that you’ve not previously emailed. You’ll need to go to their website, copy/paste their PGP key, encrypt your email text, and then send. Good luck doing all that on a 5-inch phone. You’ll just give up your autonomy like everyone else and use other proprietary platforms and sign up for Facebook (again). Or whatever platform your recipient ‘demands’ to be reached on (“Contact me on LinkedIn!").

Let’s just keep it simple. Email works because it is simple. Don’t let big tech, tech writers, or governments scare you into agreeing to mandated email encryption.

4. Encryption is optional and can be used.

For those that need encryption, and you know who you are, you can always use encryption. It’s completely optional.

The email standard doesn’t block or prevent it. Encrypt away all you want. People are doing it. It’s even trendy in some circles.

You can get with your pro-encryption pals and decide upon what standards and formats you’ll use, and then get to encrypting all the live-long day.

I’m not opposed to encryption. Not at all. I’m opposed to centralized mandated encryption in the email standard.

If you need or want to encrypt your emails, no one is stopping you. You can use the best (or worst) encryption methods you desire.

Once you send someone else information, you have to trust that person… forever. They are the weakest link in the chain, not the tunnel in which the information traveled.

You have to not only trust that person and their character, but their IT skills. You are trusting they have not used the same password as their Gmail account on two dozen flimsy SaaS services that are likely to be hacked or are being hacked as you read this. You have to trust that they lock their computer and their laptop and their phone… all… the… time. That they use best practice security protocols.

So, it hardly matters that Signal, Telegram, and WhatsApp are E2E encrypted. Or that Tutanota, ProtonMail, or Gmail or anyone else is encrypting email to a small degree. You have still sent information you do not want to get out… out.

Walk past any busy corner restaurant. How many people are dangling their unlocked phones out in front of them? Could you grab one and just make a run for it, gently tapping the screen as you sprinted away to keep it unlocked? Sure you could. You’re not a criminal, but you could.

Most of these idiot phone-stealing criminals rob people for their phones so they can pawn it and get some cash. They fail to recognize that the real value to an unlocked phone (or laptop) is likely the information on it. There’s probably a 1 in 10 chance that a phone would provide some scandalous information on someone. Maybe 1 in 2 if you’re stealing phones in Washington, D.C. or London.

Now, perhaps you’ll say I’m being unreasonable. That this is the ‘information age’ or the ‘digital revolution’ and that we must continue to strive for ways to send personal, deeply personal, information across the airwaves. Maybe.

To me, however, the biggest problem isn’t the technology. It’s personal. Granted, higher character values would help (you’d have less to hide). Not being wanted by law enforcement could help. Having friends who are trustworthy and capable of navigating their digital world with secure best practices would help.

But maybe in an age where people meet, date, and get married all online, it’s a bit ridiculous to assume that some things won’t leak. Granting superpowers to a government or monopolistic big-tech company isn’t going to make up for your lack of discretion. Stop sending personal information by email that you can’t defend later.

Proponents of mandated centralized encryption will say that sometimes you can’t know what you might have to defend later. I agree. At the immediate moment, we have some people being ‘canceled’ and attacked for things they wrote 10 and 20 years ago. Things that were okay and part of the culture (to a degree), and now are frowned upon, or at least, frowned upon more universally.

The solution there isn’t to hand over our one free protocol left (email) to Big Tech or Big Brother. The solution is be rehumanize ourselves and remember that we too laughed at those jokes 20 years ago, or that things always change (and not always for the better), so what was ‘okay’ back then isn’t okay now, but that doesn’t mean the person is a serial killer.

6 Encrypted email isn’t searchable

Most of us, nearly all of us, search our email archives routinely to find information we need. We do that by typing a few keywords and presto-magico, the potential emails show up.

Once you have encrypted emails, searching is not possible. For searching to work globally across all emails, you need to store the unencrypted text of those emails into the search database.

There are organizations working on this, but their work is more of a solution looking for a problem, like Uber.

You’d have to have your search system be able to decrypt multiple encryption schemes across multiple private keys, on the fly, index all that, and then leave no trace for an IT forensics team to unearth after you did your search.

And what search term did you use to spin up your CPUs, wait 10 minutes, and burn down a few trees? “Grandma’s chocolate cookie recipe”. I thought so.

What is the Solution?

Simple. Stop assuming your email is the place to store critically private information. Assume it will be read one day, maybe by your offspring or heirs, maybe by a foreign government, maybe by some IT person, maybe by a clod, or a phone thief.

Feel free to send personal information, but ‘don’t act so surprised, your highness’, when it gets out.

Secret agents still meet on park benches and exchange manila envelopes, at least in Prague according to every spy movie ever. There’s a reason cutting out the middlemen is important for some critical information.

Email necessarily involves a lot of middlemen. A lot. As I’ve discussed, even encryption won’t eliminate all those middlemen, but it will mitigate most of them.

In the security world, they often talk about attack vectors and attack surfaces. They ask their clients to imagine all the ways in which someone might come after their information. If you have a target on your back (which you might even if your’e a high-school algebra teacher), you might take extra precautions for certain types of information. On other types, you might not care.

No matter what type of security you try to implement, it’s likely to get out, especially if you are doing bad things. The Hillary Clinton email scandal is one of many that demonstrates this. She intentionally decided to use a non-government server and domain to deal with some delicate matters ‘off the government grid’, but that ended up backfiring on her more than if she had just used the intended system to begin with.

Sometimes obscurity is the best security, and when we are all sending emails all day (billions per day), you’re little world of emails isn’t worth any more attention than anyone else’s. Your email newsletters (which aren’t all that great anyway), family emails, updates from various platforms, business transactional emails, attachments, and emojis just aren’t any more relevant or useful to anyone than the rest of ours are.

So you’re planning a family vacation. Who cares? Email is perfect for that (despite all these third-party apps claiming that doing such by email is arduous and that using their app would make things so much ‘easier’).

But if you’re planning a murder for hire, a political coup, an illegal drug transaction, or sending threats… yeah, not only is that a terrible thing to do orally, it’s probably going to make some prosecutors job very easy if you did it by any digital platform, encrypted or not. Just because you encrypted it doesn’t mean they can’t get access to it. I should probably repeat that: just because you encrypted it does not mean they can not get access to it.

Encryption is a red herring. It’s designed to make you think about how secretly cool it is that you made a pile of gobbledygook out of what you typed so that no one can understand it. Neato! You’re almost a bonafide super secret agent now.

The red herring part is that you are so distracted thinking about how to encrypt email, why to encrypt email, what type of encryption to use with email, that you seemingly forget the most important thing: you were seduced into typing out your dastardly plans in the first place.

It’s now copyable en masse, scannable by computers, accessible within seconds, from centralized computer systems all over the world, even if you wrote it in on an ancient laptop in the middle of a desert, and the recipients who you sent it to are now publicly known to anyone watching you. Good job, 007!

You’re not Edward Snowden. So stop pretending you are. Just use email normally and don’t fall for initiatives that pretend to ‘protect’ us by mandating centralized encryption schemes on the rest of us.