Silent Circles explains that email is, by design, unsecure

Aug 19, 2013 17:51 GMT  ·  By

Not long ago, a couple of companies that were offering encrypted email services shut down their products and, in one case, the entire business. In Lavabit's case, it seems that the government pressured it into installing some sort of always-on surveillance system that would compromise the privacy of all of its users.

Silent Circle, the second company, saw this as a sign that running such a service isn't feasible anymore in the US and shut down the product before any governmental request. But Silent Circle continues to offer encrypted chat and similar services.

The reason it has dropped email, it said, is that email can't be properly secured no matter what you do.

It has now posted a lengthier explanation of that, showing why email is an inherently unsafe, particularly when it comes to privacy.

The problem, it explains, is that some email data is always sent in plain text. That is, while the body of an email can be encrypted and there are tools and services that can do that, the header can't.

That's because of how email works, the system relies on routing information, i.e. the address of both the sender and the recipient. Additional info, such as the IP of the sender is also visible.

If you're only concerned with securing the contents of the message, then the current solutions will do, though handling the encryption keys on your own may be problematic.

However, if you're interested in keeping a secret the person you're talking to and how often, email isn't the answer.

"Email provides no means to secure the headers (routing information, and the envelope). The routing information, which is visible by looking at the headers of any email message, by design, is all unencrypted. Any server in the path between sender and recipient, can view any portion of the headers, as they are stored as plain text in the beginning of the message," Silent Circle explained.