Following on from the revelation that Lavabit, the secure email provider used by Edward Snowden, has closed we also got the news that Silent Circle was preemptively closing down their email service. This had me scratching my head a bit as I'm sure it did a number of other people. If these so called secure email networks are closing down because they're not secure then, well, can there ever be something called secure email?
The actual answer is that no, on a network which interacts with the wider world, it isn't possible to have secure email. As Silent Circle themselves point out, it's all about the metadata, not the data in the email itself.
If the goal is simply to encrypt the body of the message there are services and products that accomplish this.
There are any number of ways of making sure that the information actually inside the email is secure. If you were, say, making an assignation for a bit of afternoon fun and really didn't want your husband to know about this then it's easy enough to encrypt the time and place of the assignation in the body of the email so that only your intended inamorata can decrypt it. Or the NSA after some months of brute force attacks on the encryption method. Possibly.
But this doesn't actually provide true secrecy as Silent Circle point out:
You can see the name of the host that connected, the IP of the machine that connected, the recipient of the message, whether or not encryption was used, and if so, what kind of cipher and key size). None of this can be encrypted if you want to be compatible with current email protocols. The time and timezone can be equally valuable. You can also pull the subject, sender metadata (To, From, MUA, etc) which is also stored and transmitted in the clear. So a PGP-encrypted message with the subject line “Pricing info for blasting caps” may be sort of ridiculous. You can also learn a lot from frequency and who is associating with whom but that’s a separate post about traffic analysis probably.
What you cannot encrypt is who is communicating with whom: at least at the level of whatever name is being applied to the email itself. And it's possible to see this metadata at any stage of the email's travels through the public networks. Any decent private detective that hubby decides to hire during the subsequent divorce case will be able to show communication, encrypted communication no less, between you and some unknown. With an unusual coincidence between such communications and afternoons when you don't seem to be at home.
Or to be more serious about it this is exactly what the NSA says that it has been monitoring: the metadata of who is communicating with whom. From which they can then select their targets of interest. For as Silent Circle says, it's entirely possible to encrypt the email itself: but not who it's from and to whom it is going. And if you can show that communications are taking place then it's not an entirely secure method of communications, is it?
