Book club: Latacora -- Stop using encrypted email

[[!tag book-club email encryption]]

Three friends sat down and discussed a book, er, blog post that they'd read: Daniel, Mark, and myself. We live in different countries, so we did this over video conferencing. This is a summary of the discussion.

The article: https://latacora.singles/2020/02/19/stop-using-encrypted.html published in February this year. The title is "Stop Using Encrypted Email". It's not long.

To start with, we all agree that using encryption with the current Internet email system is far from ideal. The blog post correctly points out problems:

email metadata (headers, routing) is public, even on encrypted messages
it's easy to reply to an encrypted email in cleartext
PGP is far from ideal
PGP users tend to have long-lived encryption keys, and that if and when they are broken or leak, all messages' security is at danger
personal email archives can leak an encrypted message long after it was sent

However, we think that blog post argues too strongly that encrypted email is pointless.

Most importantly, they claim that encrypted email should not be used by anyone, ever, for anything. We find this to be too strong, if understandable. They don't describe an actual threat model, though they give some examples, and seem to mostly concentrate on a threat where a very powerful adversary, with pervasive surveillance capabilities, is trying to catch individuals so they can punish them, and possibly kill them, possibly long after the communication happens. That is certainly a threat model where current encrypted email fails.

However, we claim there are situations where the encrypted email works well enough. For example, password reset emails that are encrypted to the PGP public key registered with the service. The value of the email disappears minutes after it's sent.

Or emails preparing a surprise party for someone's spouse. If the messages leak, it's a bummer, but it's not a big problem, especially after the party is over.

Thus we feel that rather than telling people to not use encrypted email at all, for anything, ever, a more sensible and useful approach is to discuss the risks and give people tools to decide for themselves. Accurate information is more valuable than overblown rhetoric, whether it's for or against email encryption.

We agree that the secure messaging systems they promote are good, but we don't agree that they're as good as the article implies. Signal, for example, routes all traffic through its own servers. A very powerful adversary with pervasive surveillance capabilities can deduce much from traffic patterns. This has already been used against Tor users (see for example 1 and 2).

We're also not entirely happy with messaging systems that require the use of phone numbers. Signal is one of these. Signal is also problematic when changing phones or phone numbers, as all trust relationships within it have to be re-established.

Messaging systems are also meant for use cases that aren't all the same as email's. For example, offline use, and long-form messages. We see messaging systems and email as complementary more than competing.

We also do not agree that improving email security is as hopeless as the blog post claims. Much could be done just by improving email client software. That said, we repeat that we agree that it's not going to be good enough against their implied threat model.

For example, email clients and servers could refuse to send or accept email except over unencrypted or unverified channels, or emails that are unencrypted. This wouldn't help, say, gmail users, but we would not expect people with the blog post's implied threat model to use gmail. Or email at all.

In summary, we do think the email system could be improved. We just don't think it and its encryption are as useless as the blog post claims, and we don't think the blog post is making things better.