Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

NSA Row Sparks Rush for Encrypted Email

WASHINGTON – A new push to encrypt email, keeping messages free from government snooping, is gaining momentum.

One new email service promising “end-to-end” encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.

WASHINGTON – A new push to encrypt email, keeping messages free from government snooping, is gaining momentum.

One new email service promising “end-to-end” encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.

A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor.

“A lot of people were upset with those revelations, and that coalesced into this effort,” said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.

Keys to EmailStockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.

Encryption is a tool that can help dissident activists avoid detection in places like China or Iran, but the movement has also gained credence in the United States among those who want to stay clear of snooping from the NSA or other intelligence services.

Making Encryption Easy

“Our vision is to make encryption and privacy mainstream by making it easy to use,” Stockman told AFP. “There’s no installation. Everything happens behind the scenes automatically.”

Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, “it was so complicated,” and did not gain widespread adoption, Stockman said.

After testing over the past few months, ProtonMail went public Friday using a “freemium” model — a basic account will be free with some added features for a paid account. “As our users from China, Iran, Russia, and other countries around the world have shown us in the past months, ProtonMail is an important tool for freedom of speech and we are happy to finally be able to provide this to the whole world,” the company said in a blog post.

Google and Yahoo recently announced efforts to encrypt their email communications, but some specialists say the effort falls short.

“These big companies don’t want to encrypt your stuff because they spy on you, too,” said Bruce Schneier, a well-known cryptographer and author who is chief technology officer for CO3 Systems.

(See AlsoBruce Schneier: Surveillance is the Business Model of the Internet)

“Hopefully, the NSA debate is creating incentives for people to build more encryption.”

Stockman said that with services like Gmail, even if data is encrypted, “they have the key right next to it .. if you have the key and lock next to each other, so it’s pretty much useless.”

By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit — widely believed to be used by Snowden — which shut down rather than hand over data to the US government, and which now faces a contempt of court order.

(See Also: Swiss Set Sights on Becoming World’s Data Vault)

Even if a Swiss court ordered data to be turned over, Stockman said, “we would hand over piles of encrypted data. We don’t have a key. We never see the password.”

‘Dark Mail Alliance

Lavabit founder Ladar Levison meanwhile hopes to launch a new service with other developers in a coalition known as the “Dark Mail Alliance.”

Levison told AFP he hopes to have a new encrypted email system in testing within a few months and widely available later this year.

“The goal is to make it ubiquitous, so people don’t have to turn it on,” he said.

But he added that the technical hurdles are formidable, because the more user-friendly the system becomes, “the more susceptible it is to a sophisticated attacker with fake or spoofed key information.”

Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.

Jon Callas, a cryptographer who developed the PGP standard and later co-founded the secure communications firm Silent Circle, cited challenges in making a system that is both secure and ubiquitous.

“If you are a bank you have to have an email system that complies with banking regulations,” Callas told AFP, which could allow, for example, certain emails to be subject to regulatory or court review.

“Many of the services on the Internet started with zero security. We want to start with a system that is totally secure and let people dial it down.”

The new email system would complement Silent Circle’s existing secure messaging system and encrypted mobile phone, which was launched earlier this year.

“If we start competing for customers on the basis of maximum privacy, that’s good for everybody,” Callas said.

Related: Swiss Set Sights on Becoming World’s Data Vault

RelatedBruce Schneier: Surveillance is the Business Model of the Internet

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

UK-based email security and brand protection solutions provider Red Sift on Thursday announced raising $54 million in a Series B funding round that brings...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...