It is not very hard (but it is much harder than it should be) to set yourself up to be able to receive encrypted emails. I am using Mailvelope which adds encryption to Gmail. The idea is that you publish a key (mine is here) which other people can use to encrypt a message to you; because you are the only person with the other half of the key, only you can decode the message.
I think it would be a good idea for most people to use encryption most of the time. This makes it less likely that information is accidentally released (such as your bank account details) and also makes it harder for the state (or other people’s states) to intercept our communications. And even though a lot of what we send by email could safely be transmitted en clair, if we encrypt everything then that makes it harder for other people to find the stuff we don’t want them to see among all the ephemera. (It would be nice to say at this point that King Christian X of Denmark thwarted the Nazi order that all Jews should wear armbands with yellow stars by wearing one himself, but sadly that story isn’t true.)
But I know very few other people who are set up to receive encrypted emails, and hardly anybody ever sends me anything encrypted.
Why is that? It isn’t that difficult to set up GPG. One reason is that there is apparently no way to go through all your contacts automatically and check if they have published a public key that you can use to send them messages. So if my friends to have public keys, I would have to find that out manually. Ideally, Mailvelope would automatically identify which people have a public key and encrypt messages to them, without me needing to intervene.
Even better, though, would be to build encryption into the email infrastructure of the internet. This would have three big advantages: it would mean all email is encrypted by default, so massively increasing the size of the encrypted haystack within which people would have to search for valuable information; it would make encryption frictionless for users; and it would mean that the email metadata (who the message is from, who it is to, the subject line) would be encrypted as well, making it impossible for authorities to collect all our email metadata as they do now.
The way it would work is this. Each domain would publish a public key for its email server, as part of its MX record (that’s the information each domain already publishes so that we know where to deliver the mail). The message transfer agent on the sending domain (eg SENDMAIL) would encrypt the entire message, including the metadata, using the public key of the recipient domain. The recipient email server would decrypt the message on arrival (using its private key), so finding out which of their users the message is for and where it came from, conduct the usual spam checks, and then deliver it to the relevant user. If we did this, then all the email traffic on the internet would be encrypted, with only the destination domain visible to anyone watching the traffic go by. Individuals who were not confident about the security of their email services could of course add their own layer of encryption on top as well, if they wish.
Until recently this level of encryption would have been computationally too expensive for senders and receivers; I don’t think it is now (perhaps someone can work out if this is right? This approach might also have the side benefit of adding a computation tax to computers sending large quantities of spam.
This seems a pretty straightforward way for the geeks to subvert the surveillance state. Can anyone tell me the flaw in this idea, please?