Edward Snowden’s revelations about the NSA’s mass internet surveillance is driving development of a slew of new email tools aimed at providing end-to-end encryption to users, and it has boosted interest in existing privacy tools too.
The latest entry in the crypto mail field is Scramble, encrypted webmail software coded by recent Stanford University computer science graduate Daniel Posch. Though it’s incomplete and untested — don’t use it to thwart the NSA — Scramble tries to provide the same type of security as encryption clients like GPG, but with the convenience of webmail.
“I care about this stuff and want there to be secure email, secure against governments, not just individual hackers,” says Posch.
Webmail encryption is always a dicey endeavor. The Canadian secure email provider Hushmail had a promising model that used a Java applet to perform encryption in the user’s browser so that even the company didn’t know the users’ private keys. But in 2007, it surfaced that Hushmail was receiving orders via a Canadian court that forced it to subvert its own security. The mechanism is still unclear, but it’s axiomatic that since Hushmail was serving the applet, it could easily be forced to sabotage that applet as well.
Last month, Lavabit, the U.S.-based secure email provider favored by Edward Snowden, shut down altogether rather than comply with a still-secret government demand to compromise one or more of its users. The next day, encrypted messaging company Silent Circle proactively shuttered its email offering, announcing that, among other things, “email cannot be secure.” Silent Circle’s secure messaging service, which uses apps instead of the web browser, remains alive.
Daniel Posch. Photo: CourtesyPosch’s approach is in some ways similar to Hushmail’s: His software sends users Javascript code that performs encryption in the browser, so the server never knows the secret key. That makes it vulnerable if an attacker penetrates the server and modifies the Javascript, or a government forces the provider to do the same. To that end, Posch plans to write a Chrome plug-in that the user can install once to handle the crypto — a stronger approach.
There are other grace notes in his project. Scramble uses the hash of the user’s public PGP key as the email address, linking the user’s cryptographic identity to the account, instead of their less mathematically rigorous “real life” identity. (Scramble users, in their encrypted address book, would assign contact names to the email addresses.)
It comes at a time when the demand for encrypted email is swelling. “Interest [has] been growing a lot since the Prism and NSA stories come out,” said Lukas Pitschl, the lead developer of open-source GPGMail, an Apple Mail add-on that makes PGP encryption easy. Traffic to the website where his mail client can be downloaded has doubled to 3,000 daily hits, he said.
File-sharing kingpin Kim Dotcom plans to start his own encrypted email system. And a project called Mailpile just raised more than $100,000 on the crowdfunding site IndieGoGo to fund a web-based, encrypted email client.
Jon Callas, a Silent Circle founder, says his company is planning to take another run at secure email. He says he’s primarily concerned with email metadata like the sender, receiver and subject line, as well as the IP addresses and transit server information in the header of encrypted email.
“The real threat that I see, is that just like your cell phone is a tracking device, your email is a tracking device, and even worse than your phone because it’s kept around forever,” says Callas. “Metadata in email, it’s obnoxious and permanent.”
“We are working on a new email system that is end-to-end secure that doesn’t have those metadata concerns. It’s still a ways off,” Callas says.
For its part, Scramble is still in the “proof of concept” phase — he released it last week on the Liberationtech message board and he wants his peers to review the code and the concept. “I’m putting it out there as open source, trying to get people interested,” he said. “For it to be foolproof, you need peer review by other security engineers.”
