UPDATED 07:21 EST / AUGUST 19 2013


Why Your Emails Will Never Be 100% Secure

Just days after the supposedly ‘secure’ email provider Lavabit, famously used by NSA whistleblower Ed Snowden, shut down its operations, a similar service going by the name of Silent Circle also decided to shut up shop last week.

Silent Circle based its decision on the fact that it deemed it impossible to provide a 100% secure and encrypted email service, stating that no matter what level of encryption it used, so long as the metadata of user’s emails existed somewhere (in the case of email, it has to), it couldn’t live up to its promises.

Following Silent Circle’s announcement, a number of the service’s users wrote to the company questioning whether or not it truly was impossible to deliver a 100% safe and secure email service. This prompted a second blog post from Silent Circle, in which it spelled out exactly why email can never be secure, and why any service that claims it is would be lying.

While it may be possible to encrypt the body of your emails, the problem is the metadata, which Silent Circle claims makes it impossible to fully secure them:

“There are any number of ways of making sure that the information actually inside the email is secure. If you were, say, making an assignation for a bit of afternoon fun and really didn’t want your husband to know about this then it’s easy enough to encrypt the time and place of the assignation in the body of the email so that only your intended inamorata can decrypt it. Or the NSA after some months of brute force attacks on the encryption method. Possibly.”

Even so, this doesn’t mean that your emails are truly secret, as Silent Circle goes onto explain:

“You can see the name of the host that connected, the IP of the machine that connected, the recipient of the message, whether or not encryption was used, and if so, what kind of cipher and key size). None of this can be encrypted if you want to be compatible with current email protocols. The time and timezone can be equally valuable. You can also pull the subject, sender metadata (To, From, MUA, etc) which is also stored and transmitted in the clear. So a PGP-encrypted message with the subject line “Pricing info for blasting caps” may be sort of ridiculous. You can also learn a lot from frequency and who is associating with whom but that’s a separate post about traffic analysis probably.”

So while the content of your emails can be secured (sort of, for a while), secure email services like the one provided by Silent Circle will never be able to encrypt the identities of the sender and receiver. Even worse, the metadata of your emails can be collected in more than one place – it can be viewed by anyone with the know-how to do so at any point throughout your communication’s travels as it bounces around public networks. Silent Circle says that this means that its service just cannot live up to its guarantees – for example if one of its users were having an affair, during the divorce proceedings their other half would still be able to show proof of communications between the user and the person he or she was having a fling with, encrypted or not. What’s more, it would be possible look at the times and dates of these communications and establish a link between them and the afternoons during which the faithful partner was away from home.

We should point out that this un-encrytpable metadata is of course, the exact same data that the NSA and other spy agencies are so eager to get their hands on. As Ed Snowden revealed, the metadata is regarded as being even more valuable (and stored for longer) than the contents of emails themselves, as it can be used to establish links between individuals and help them to hone in on any potential terrorists/criminals. It might be possible to secure the contents of your emails, but if the NSA or anyone else still knows who’s talking to who, it’s impossible to say that the service is fully secure, or that it ever will be.

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy