Secure email: Why end-to-end encryption is at the heart of it
Everybody wants your data one way or the other. It’s not just the NSA, Google, Facebook or your phone provider. Even your torch app or online store tries to get access to your data. Yet, we have to exchange messages all the time with family, friends, colleagues or government. This is precisely where end-to-end email encryption comes into play (have a look at the image above) by scrambling your data into an unreadable form before it leaves your device, and only the right recipient holds the capability to read it. Following section will discuss different aspects of email privacy and security. You will learn why end-to-end encryption is at the heart of secure email.
Email and digital communications
We continuously send emails to family, friends or colleagues. On a daily base 215.3 Billion emails get sent. This number is expected to increase by 17% in 2019. Needless to say, email has become the backbone of digital communication. This is what makes email super enticing for both surveillance and mass spying.
Free is not ‘free’
All the traditional email service providers say it’s all for free. However, in reality, it isn’t. One has to give up one’s data while using those services. We believe this is a big deal!
Ever wondered how much Google really knows about you?
Retaining email privacy and security is not easy
The task of taking back control of email privacy and security is not easy. Following are some of the reasons:
- User-friendliness versus data privacy and security:
Several services emphasize usability (which is not a bad thing in principle). But this goes at the cost of changing user habits and stealing data. Users end up becoming negligible towards their data privacy.
- Attempts to outlaw encryption:
The continuous attempts to ban encryption in the US and Europe and the massive efforts of NSA (in global surveillance revelations) have shown the extent to which encryption can be sabotaged and can be used as a tool to provide an illusion of security and privacy. The reasoning behind proposals to outlaw encryption is that it is used by bad guys (cybercriminals, terrorists, etc…). However, this argument is as shallow as banning mobile phones, because bad guys use them as well.
- A false impression of security:
This is somewhat an overlooked aspect. Why isn’t there a massive usage of secure email solutions? The most probable explanation is the lack of awareness and knowledge among end-users. Most people do not know what real online privacy and security mean. Somewhere this is absolutely logical as it’s our job to give users easy to use secure email solutions. We should not ask people to dive into the technicalities. However, lots of internet organizations simply abuse the trust of their users by either backdooring their applications or secretly snooping or selling their data. In some cases, they even provide secret access to spying agencies without any legal court order at hand.
‘True’ end-to-end encryption is at the heart of secure email
Users have to put a level of trust in their provider irrespective of the (so called) claims of “zero-knowledge” of various service providers out there. These providers pretend to “know nothing about you”. However this is not true. We’ve seen various cases of highly-audited and technically sound mechanisms of secrecy that still leak information (i.e., meta-data: to, from, time, message count, account creation time, …).
This kind of information can be anonymized to a certain extent either by hiding it, replacing it, or even encrypting it. Unfortunately, we haven’t seen a mechanism yet that allows for complete protection against this kind of information leakage though, some interesting research projects do exist: DIME, LEAP,…
We believe the starting step is to set the record straight. We do not want to give a false impression of “we know nothing about you” but instead show a high level of transparency that will lead to legitimate trust.
In our opinion, end-to-end encryption as long as digital signatures play a crucial part in achieving a secure email. It protects the user’s message content by providing confidentiality, integrity, and authenticity.
At Mailfence – a secure and private email service, we believe that it is extremely important to safeguard online privacy in order to preserve our basic values and freedom of speech. The opposite – all-round surveillance – is just too dangerous. We think together we can make a change and stop our society from being monitored 24/7. It can be done by taking small yet effective steps. If you agree with us, join the movement for a secure email and share our message.
– Mailfence Team
Patrick is the co-founder of Mailfence. He’s been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.