11

The latest developments made it very clear, how easily basically all communication channels can be wiretapped. However, I think most people still ignore this fact. Especially in business most confidential information is still sent totally unencrypted (at least at my company). I wonder if people are unaware of the risks or reluctant to use encryption.

On all my emails I use a mail signature stating my GPG key ID. Probably only very few people understand why I do that. Now I was wondering if I should go further and raise awareness by adding a sentence like:

Please note that unencrypted emails can easily intercepted and read by third parties. For transmitting confidential information please use my encryption (GPG) key.

  • Will people care?
  • Should I try and enlighten people about the risks?
  • Do you know of a good website explaining in a simple language the risks of unencrypted (mail) communication? I would place a link to it into my mail signature. Example.
n1000
  • 219
  • 1
  • 3
  • 1
    please provided a reason on downvotes. would like to improve the question if necessary. – n1000 May 20 '14 at 15:54
  • Do you really encourage people to send business emails to your business account which are encrypted in such a way that no one but you can read them? For that matter, do you keep your private gpg key on your company's computer? – jjanes May 20 '14 at 18:09
  • The question is opinionated, its hard to generalize on pyschology of people in this way without knowing more details of the capabilities, risk of the data, etc. Best practices can be suggested, but not enforced. – Eric G May 20 '14 at 18:51
  • If emails are insecure and their contents can be read and also modified, does it make sense to provide your key ID in the insecure content of the email? I guess it could be changed to the key ID of an attacker. I'd communicate my ID via a separate channel (like by phone) – reed May 25 '18 at 12:24

4 Answers4

7

The problem isn't so much awareness of the risk. I'm sure some (many?) people still don't know that e-mails can be intercepted, however an increasing number do know and they simply don't care. The amount of resources needed to be able to compromise e-mails is still relatively high and the threat isn't seen as all that serious by non-government entities.

Most people don't particularly care if the government has access to their e-mails, even relatively sensitive ones, because they don't see the government doing anything with them. It has no detrimental impact on their life, nor does it realistically have much of any potential to have a detrimental impact on their life.

Trying to use encryption, on the other hand, does have a detrimental impact as it requires further study, time and effort, both to learn and to use properly. It simply isn't a smart trade off for most people. The threat is too small and the cost of avoiding it too great (and I'd argue, rightfully so for the vast majority of people).

There is already an ever increasing awareness not to send things like passwords by e-mail and other means exist that people can use such as uploading files to a secure file sharing site rather than trying to attach them to an encrypted e-mail. This isn't necessarily because they are security conscious, it is just easier due to e-mails not handling attachments particularly well.

Unless there is a real and measurable threat with a cost to failure, paying a cost to protect yourself from a threat that won't cost you much, if anything, is not a good way to balance your resources. Security is a lot like insurance. It is about balancing the cost of protecting yourself from the potential cost of a compromise and for most people, encrypted e-mails is a bit like buying extended warranties. It's over paying for protection you most likely won't need or use.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • I read this answer about five years after it was posted, and by chance I read it just after (2 minutes) I received an e-mail from the manufacturer of my dishwasher reminding me that I could extend the warranty :P – frarugi87 Jan 04 '19 at 11:58
4

I think most of the problem lies in the fact that it is still not easy to use PGP for an average user.

When using a computer and an email client, like Thunderbird or Outlook, some plugins exist though I can't vouch for their UI. The Outlook plugin that I've found only supports plain text encryption, not HTML, and most companies like to have their logo in the signature, making the use of that plugin impossible.

For webmails, like Gmail, Yahoo or Outlook.com, which is what most users use at home, I'm not aware of any practical solution, so you would have to convince them to switch to something like Thunderbird or Outlook.

On a smartphone, I'm not aware of any solution at all, so people would lose the ability to use their phone to read or send email.

In addition, email usually isn't as insecure as the webpage you linked to states. Most of the time TLS is used between the client and the mail server do other people on the network can't read your emails, not can other machines on TTY tree recipient's network. Most of the time only people operating the networks between the two mail servers can read the email, and your email usually isn't that interesting to them. Anything on your machine or the recipient's can access it too, but that's still true when you encrypt the email as it will be decrypted on the machine at some point.

user2313067
  • 916
  • 1
  • 6
  • 9
  • One minor note, there are PGP capable mail clients for Android, but they have to be your entire mail client generally, which makes them kind of limiting since they tend to not be the greatest mail client. Some can also work using the share with feature, but it still isn't particularly clean. – AJ Henderson May 20 '14 at 13:13
  • I think you can configure Thunderbird with Enigmail in such a way that it encrypts and decrypts mails without having to enter a password. When using an encrypted data volume for email storage this should be secure enough. Even without an encrypted volume this keeps the mail safe when on the net. While it's too difficult to setup PGP for most users, you could help them and set this up. The only catch is that you have access to their private key. If you tell them how it works, they can enter their password without you looking. – SPRBRN May 20 '14 at 13:41
  • When I look at the effort (larger) companies often invest to secure their machines, I wonder why they would allow their employes to send data around unprotected. Economic / industrial espionage is a fact. – n1000 May 20 '14 at 15:44
2

Short answer is: nobody cares. The risk is too far fetched from everyone's life that unless everyone you exchange e-mail with has a good grasp of the consequences of using unencrypted e-mail, the extra mile they need to go won't be perceived as useful. As a rule of thumb, if you can't convince your grandmother to do that (or aunt, or whoever is not technically literate in your family) then it's probably not worth trying.

Don't forget that security comes at the expense of usability; unless every e-mail program seamlessly encrypt by default, e-mail security won't happen any time soon. This includes web mail and the plethora of operating systems, clients, hardware and use cases available on today's market.

Furthermore, even if everybody encrypted e-mail by default, a well funded attacker like a certain three-letter agency you imply in your question would just focus their efforts on other weak points: for example, vulnerabilities in client applications. As we've seen recently (heartbleed anyone?) even if the math behind the crypto is secure, its software implementation might be vulnerable to a plethora of attacks.

Nevertheless, if you have any kind of control in your organisation you could try to enforce this by setting policies and dispensing punishment for those who don't comply; however, this won't prevent external e-mail to come unencrypted. Or people to talk via Skype.

Lastly, a signature like the one you're suggesting might be a good start: if somebody wants to send you confidential information, you clearly state how. I'd change it as such:

Please note that e-mail can be easily intercepted and read by third parties. To send me confidential information please use a software that supports GPG such as GPG4Win or GPGTools. My GPG key fingerprint is XX XX XX XX XX XX XX

The Electronic Frontier Foundation also always has good material in plain language.

lorenzog
  • 1,911
  • 11
  • 18
  • I initially upvoted, but then I removed it when I got to the part about shifting the security to the software. For active systems that's true, but for something where you are encrypting data at rest, the software doesn't have much to do with it since the software isn't available to the attacker in a state where it can decrypt the e-mail. If they screwed up the algorithm implementation, it might result in a weakness in the encryption itself, but that's a math thing rather than a software thing. Heartbleed like issues are basically irrelevant to client side e-mail encryption. – AJ Henderson May 20 '14 at 13:16
  • @AJHenderson what I wanted to say is: if everybody encrypted e-mail, attackers would focus on the vulnerabilities of the clients rather than sniffing traffic. The weak point would just shift somewhere else. Also, a mistake in the implementation of the algorithm is **not** a math thing!! The math behind SSL is secure; its implementation was buggy. Also, heartbleed is *very* relevant to client-side e-mail as it affects clients as well as servers. – lorenzog May 20 '14 at 14:43
  • Heartbleed wasn't an algorithmic mistake though. Algorithmic mistakes are a math thing as they result in a math related vulnerability (ie, a reduction in randomness, due to a mistake in math). This is the only kind of vulnerability relevant to a process occurring entirely outside the scope of the transmission. Heartbleed impacts clients in an online communication, it doesn't impact client side software that doesn't interact with anything. If the client machine itself is compromised (necessary to attack the encryption software) then they can get the message before it is encrypted anyway. – AJ Henderson May 20 '14 at 14:48
  • I see what you're saying, so maybe I was not clear: I used heartbleed as an example of a vulnerability in a software used for encryption which compromised the machine running it. An e-mail client can be offline (Thunderbird) or online (Gmail). Vulnerabilities in the first class fall into the scope of what you're saying - they don't require interaction. I was trying to make a more generic point. – lorenzog May 20 '14 at 15:40
  • @lornzog - fair point, ok, you got my +1 vote back. – AJ Henderson May 20 '14 at 16:49
0

The OP lists email as a specific example, so I will provide an example with something other than email.

More consumers use text messaging and voice calls to communicate; at least I do when outside of work. Therefore, an app to protect those communications would cover most of what I send. There are a few apps that are cross platform and have a good pedigree to facilitate this.

I have had some success convincing some people to switch to these. I even offer to pay for the switch, but no one has taken me up on that. Most people are not staunchly opposed to it, but just don't want to be bothered. I have substantially reduced my non-secure traffic to non-secure users.

Something to keep in mind about securing cell phone traffic is the remarkable frequency in which users will switch phones. Upgrades, damages, etc. Those encryption/authentication keys will be lost and the users will not care.

Signal

Signal is an effort to make secure voice and sms-like messages easy to use and free to the user. It replaces the stock messaging app, and provides additional encrypted VoIP calls to other Signal/RedPhone users. Since this is free, looks like the stock app, and requires to complicated setup, this is a relatively easy pitch to other consumers. Signal is the merger of RedPhone and TextSecure.

Threema

Threema was available cross platform before Signal/TextSecure. I think it was available before Signal/TextSecure was on Android. This is an encrypted messaging platform and has been endorsed by Steve Gibbs of GRC in episode 409 of his Podcast Security now. However, it costs $2.49 and has strong authentication, which is rather complicated to setup: you scan barcodes on each others phones. On Android it's relatively easy, but on iOS it's always a challenge.

Getting to your auxiliary questions:

  1. Will people care?
  2. Should I try and enlighten people about the risks?

  3. Do you know of a good website explaining in a simple language the risks of unencrypted (mail) communication? I would place a link to it into my mail signature.

    1. No, not generally. Only a few will be adamantly opposed though.
    2. To a certain degree. Broach the topic and let it simmer in their brains and offer to help get them started.
    3. See below.

I find more success using a meme, or referring to a 3rd party for the explanation. This way I have less skin in the game and they get the illusion of a more knowledgeable entity while getting it broken down barney style for them.

The EFF - have a page dedicated to this sort of thing, and there are even "Why should I care?" sections. This would be a good page to link to on an email signature:

EFF Surveillance Self Defense

Going back to email, there have been developments since this question was asked. I'm here because I was going to ask a similar question, so I'm fleshing it out to be THE Q&A.

There are now several options for encrypted email, specifically with GMail. You can even encrypt it in the webmail session!

I was unable to find anything describing the new feature that GMail can natively encrypt your emails without an extension. I wonder if I am remembering some news wrong. I had thought there was a new feature in GMail that was a 1 click button, built into the GMail web GUI, that changed your message to an encrypted one.

The easiest way to start gaining traction is for the initial setup, maintenance, and any migrations, to be easy on a nontechnical user. As a technical user, I have put off PGP because I know it's an involved process. Apparently it's gotten a lot easier, so I may revisit this for my own communications.

Pang
  • 185
  • 6
YetAnotherRandomUser
  • 2,290
  • 2
  • 14
  • 20