The email is one of the first and most widely used forms of online communication. The more disappointing is that using emails didn’t get any safer since their invention more than 40 years ago. Although well-established encryption methods offer effective options, they are comparatively rarely applied.
The inventor of the email, Ray Tomlinson, died by the way just in March of this year. In the course of the development of the Internet precursor Arpanet, Tomlinson in 1971 had modified the existing protocols, so that electronic messages could be sent between computers on a network. It was also him who took on the "@" - sign to designate the computer of the recipient. The symbol, which was originally used by traders to label the price of a product (e.g., ten items @ $2.95), used the "at" instead for the spatial allocation.
By now, according to a recent study by The Radicati Group, 2.6 billion people worldwide are currently using emails and the number still continues to grow. By 2020, there should be about 3 billion email users, since the email is the preferred communication medium in eCommerce.
While mail servers with SSL Certificates provide for secure transport, the actual electronic mail is still rarely encrypted, despite its widespread use. There are several reasons why emails remain till today relatively vulnerable: First, there are usually no directly recognizable consequences if there is no encryption; second, the encrypting of emails is often cumbersome and user unfriendly.
Finally, however, two independent projects are available that ease the encryption for the common user. The first project is called „Volksverschlüsselung”, which means in German “people's encryption", developed by the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt, Germany, in cooperation with the Deutsche Telekom, the other one is the Swiss project "pretty Easy privacy" (pEp). Both aim to protect against mass surveillance:
- Volksverschlüsselung consists out of two parts: An infrastructure ftering andographic codes, and a software that automatically installs these codes at the right location. But most importantly, it simplifies the distribution of cryptographic codes in such a way that even a layman is able to manage it easily. The heart of it is a software which installs the cryptographic keys at the right locations on the user’s computer. This software ensures that the mail program, browser and other applications on the computer are provided automatically with the codes. The software also generates the codes required for a secure end-to-end encryption and registers the public codes with the central infrastructure while the private codes never leave the user’s environment. The software has been provided for the first time as a free download at the end of June 2016, supporting users of S/MIME-compliant email clients in the implementation of X.509 certificates and a central directory service.
Hence, Volksverschlüsselung focuses squarely on user-friendliness. The software automatically carries out all the process steps, starting with key generation, certification, through to setting up and configuring the application programs on the user's various devices. The user no longer has to worry about installing the keys and certificates, or configuring the applications. Users with only limited technical know-how can therefore encrypt their emails and data with relative ease.
Currently the software is only available for the Windows platform, but versions for Mac OS X, Linux, iOS and Android are planned. On this platform, the programs Mozilla Thunderbird and Outlook support the Secure / Multipurpose Internet Mail Extensions (S/MIME) standard, but it will also support OpenPGP in a subsequent release.
- A few years earlier already, the Swiss project "pretty Easy privacy" (pEp) started to come up with the similar idea to provide a simple, user-friendly encryption of electronic mails. The first algorithms were developed in the winter of 2012 and two years later the pEp version of MS Outlook was pre-released. Now the Android App, iOS App and the MS Outlook products are announced to be launched still in 2016.
The implementation of the very first version of pEp engine was tested and already runs successfully on GNU/Linux, MacOS X and Microsoft Windows. It is implemented in an Outlook plugin, where anyone can see how it all comes together seamlessly.
The initiators of pEp believe everyone deserves privacy and security by default and without hassle when sending emails. According to them, the project intends to “finally deliver free software for what the cypher-punk movement has been striving for since the late 1980s: Easy Encryption for Everyone!”. Hence, the pEp engine is Open Source, and the software is free for the Internet community and the consumers.
Among experts there seem to be no dissent about the benefits of encryption so that no one can read along. In fact, today's encryption methods are so safe that even the NSA must lay down their arms, making the effort of cryptography worthwhile.
In the words of Thomas Kremer, board member for Data Privacy at Deutsche Telekom, "encryption is the basis for autonomous digital communication.” He emphasizes that "burying your head in the sand and thinking 'no-one is interested in your emails anyway' makes you just an easy prey.” Indeed, each one of us has to take responsibility for having secured digital communications.
By Daniela La Marca