E-Mail Encryption: Why Isn't Everyone Doing It?

Eric S. Johansson esj@harvee.billerica.ma.us
Wed Oct 23 15:47:02 2002 

Simon Josefsson wrote:
> carl w spitzer <cwsiv_home1@juno.com> writes:
> 
> 
>>While an estimated 900 million people use e-mail, few take advantage of
>>encryption.
>>http://www.NewsFactor.com/perl/story/18860.html
>>NewsFactor.com, Aug. 5, 2002
> 
> 
> Why isn't everyone doing phone encryption?  Why isn't everyone
> encrypting their personal postal mail?  Just because something is
> technically possible doesn't mean everyone should use it.

that's not an entirely fair answer.  Phone encryption isn't done because 
people have an unrealistic expectation of privacy.  Same is true of 
postal mail; it's an envelope, it can't be easily snooped.  e-mail is 
perceived as being hard to read on the wire because the end-user can't 
see it except with their e-mail client.

I've often thought it would be "amusing" to capture e-mails in transit 
to make them visible via a Web interface.  Obviously one would need a 
very good lawyer and plenty of $$ to defend yourself but it would get 
the point across about e-mail not being private.

Now, more directly to Carl's question:

1) user interface sucks
2) users will barely tolerate a single password and a pass phrase is 
just plain rejected
3) it's not integrated into the client delivered by the ISP
4) it's too much like work to dig up keys of the other person
5) the user interface still sucks

I'm encountering similar problems with the camram antispam system.  I'm 
trying to figure out how to train system without letting the user know 
that they're the training system.  It's a challenge getting the user to 
do anything different.

As part of the camram system, I'm trying to address some of the 
encrypted e-mail in transit issues.  For example, I will be propagating 
public keys as part of every message.  I'm going to ignore the whole key 
server infrastructure because it just won't scale (think one public key 
per user per year, no revocation).

The next sacred cow to be slaughtered is I will not require any 
passphrases.  Yes, if an attacker gets in and steals the private key, 
they can cause all sorts of mischief.  The chances of the happening are 
extremely low especially if we generate new keys on a regular basis.

there will be no user interface for the encryption system.  It will all 
work in the background.  well, maybe there will be a geek/tinkerers user 
interface but 99 percent of the users will ignore it.

now, nothing I'm doing will stop you from running the ugly-interface, 
hard-to-use encryption system of today.  but for the vast majority of 
users, the system I'm working on will probably be good enough.  Yes, it 
has certain weaknesses (mitm, unprotected private keys) but that's OK. 
If we can come up with a way to fix these problems without requiring the 
naive user to change how they work, then so much the better.  The 
important thing is that the amount of encrypted traffic on the net would 
go up and it would be indistinguishable from encrypted traffic using the 
proper protocols.

---eric