Enterprise Communications

Encrypt the Email

by Colin Berkshire

If eMail were encrypted and secure, your bank could email you your monthly statement. Your doctor could communicate directly with you. Your life would be a lot simpler.

It’s surprising that email isn’t encrypted. It’s shocking.

Yes, I know that there is an S/MIME and other proprietary encryption services out there. But they are not widely adopted. So, you really can’t depend upon them.

Back in the 1990s there was an RFC put forth for a single end-to-end email encryption standard. It would have provided encrypted email for everybody. The standard was proposed to the IETF, who approves Internet standards.

And, then an mysterious thing happened. The proposed standard was objected to by the US military. And, the proponents of this standard were hired by the military. And, some of them were then inserted into the IETF committee itself. And, then standard was forgotten about. We’re not talking conspiracy theory here…were just talking about established facts where the military strongly objected to the encryption of emails.

Now, this is less sinister than it sounds. Remember that in this era Intel was prohibited from exporting processor chips to China because they were classified as “munitions.” (Their solution: Start manufacturing the chips in China, which was not prohibited.) It was then against US law to disclose how to decrypt DVD disks. And, the DES encryption algorithm was limited to 40 bits so that civilian encryption could be easily broken.

But today it is crazy that there isn’t a strong, concerted technology to provide end-to-end email encryption. It is the stuff of conspiracy theorists.

I would love being able to email my doctor. I would love getting my utility bills and bank statements via secure email. I would love knowing that every 2-bit hacker wasn’t intercepting packets and reading all of my emails.

Perhaps it is time for the needs of the people to be put ahead of national security.