Incompetent Encryption Is Worse Than No Encryption
By
Duane Thresher, Ph.D. August 17, 2020
When you think of email security, you probably think of
encryption. This is not the most important aspect of email
security — your email server is, see
About Apscitu
Mail — but email encryption can add another layer of
security, which is generally good. You might not use email
encryption because you think the NSA, and more competent
hackers, can break the encryption, but you are wrong;
see
No,
The NSA Does Not Have Encryption-Breaking Quantum
Computers. Or you might not use email encryption because
it seems too complicated to use. In that case, you are right.
Studies show that even the most user-friendly email encryption
system is too difficult for even above-average users to use
competently. And incompetent encryption is worse than no
encryption because you are lulled into a false sense of
security and insecurely send more, and more sensitive, data
than you would otherwise. You might go looking around for
some one-size-fits-all solution to your email encryption,
particularly if you are someone like a whistleblower trying to
contact the media, or vice versa, but you would be wrong then
too. Your getting competent email encryption requires an IT
expert working closely with you, i.e. custom work, like with
Apscitu
Mail. In that case, you would be right.
Encryption has existed for as long as mankind has
communicated. For a readable account of the history of
encryption, read
The Code Book by Simon Singh (whom I
met when the book was first published). You can just skim or
skip the last chapter, on quantum computing; see
No,
The NSA Does Not Have Encryption-Breaking Quantum
Computers.
For all that time, until 1977, encryption was symmetric,
meaning the encode key and the decode key were the same. This
meant the key had to be distributed to all users, which
particularly during wars of the past was a huge problem, given
the large number of users, the enemy trying to steal the key,
and poor communications.
This key distribution problem led to the search for asymmetric
encryption, meaning the encode key and the decode key are not
the same, and can be generated by each user, not distributed
to them.
This search for asymmetric encryption finally succeeded in
1977 when three
MIT computer
scientists discovered RSA encryption:
Ronald
Rivest, Adi
Shamir, and
Leonard
Adleman.
With RSA asymmetric encryption, each user generates his own
encode key and decode key. The decode key must be kept secret
by the user so is called the "private" key. The encode key
must be given to whoever wants to send the user an encoded
message. In fact, this encode key is supposed to be made
public, thus is called the "public" key, so
anyone can
send the user an encoded message. However, for the best
security — in case someone ever breaks RSA encryption
— even the public key can be kept secret and only
distributed to the people the user wants and expects messages
from. Key distribution is much easier with just a few people
and these days.
It was thought that RSA encryption would only be used by the
U.S. Government. However, in the 1980s American
Phil Zimmermann
thought everyone in the world should be able to use it (he was
paranoid, to the point of almost moving to New Zealand).
While this may have been an admirable thought, Zimmermann was
unethical and incompetent. He illegally used RSA encryption
for his own encryption system, which was not well designed.
He called his encryption system Pretty Good Privacy (PGP),
which is not too reassuring.
Phil Zimmermann made PGP available to everyone and because of
this, and because of the extended, very public legal wrangling
over it, PGP became synonymous with encryption in the public,
particularly media, mind.
Redesign of PGP to make it better-designed and legal led to
OpenPGP and GPG. GPG ostensibly stands for GnuPG, which in
turn stands for Gnu Privacy Guard. The Gnu Project is a free
software project founded at MIT by Richard Stallman (whom I
met while
I was at
MIT). In turn, these encryption systems were used in
other encryption systems.
Ironically, for communicating with just a few people and these
days, key distribution is not a big problem and RSA asymmetric
encryption is not even necessary. Symmetric encryptions can
be just as unbreakable as RSA asymmetric encryption. The only
reason RSA asymmetric encryption became the standard for
encryption was the IT incompetent publicity around it made
people believe it was the most unbreakable encryption, without
mention that its real importance was that it solved the key
distribution problem.
Symmetric encryptions have other advantages over RSA
asymmetric encryption. For example, RSA asymmetric encryption
is so computationally intensive (i.e. slow), that usually only
the key for a symmetric encryption is RSA encrypted and the
message itself is encrypted with the symmetric encryption,
which is less computationally intensive, while being just as
unbreakable, as RSA asymmetric encryption.
Email encryption is complicated. If you don't do it
competently, or have an expert do it competently for you, it
can be gotten around by the NSA and other hackers. As a VIP
that could be disastrous for you.
Perhaps the best example these days of the need for encryption
is whistleblowers contacting the media. And perhaps the best
example of that is Edward Snowden exposing the NSA's secrets;
see
9/11
Was Due to IT Incompetence.
(Note that I and the law do not consider Edward Snowden a
"whistleblower". Snowden was not working at the NSA in good
faith and just happened to see what he considered illegal
acts, like a real whistleblower. No, Snowden intentionally
went to work at the NSA to steal secrets, which makes him a
spy. As an American spying against the U.S. that makes
Snowden a traitor. Also, Snowden was a contractor,
via
Booz
Allen Hamilton, for the NSA and at the time whistleblower
laws did not cover contractors. After Snowden they did and
now we have the situation that contractors are covered by
whistleblower laws but are still not subject to Freedom Of
Information Act laws. Whistleblowers are rare so if you work
in government and want to hide what you are doing, hire a
contractor/
future
employer.)
As the
Media IT
Incompetents Hall Of Shame (ITIHOS) shows, the media is IT
incompetent, even while pretending to be IT experts. The
member of the media that Edward Snowden first tried to tell
NSA secrets to was Glenn Greenwald, who had been writing
extensively about NSA surveillance, which is just IT. Snowden
insisted that encryption be used for this. However, Greenwald
was so IT incompetent that not only did he not know how to use
encryption, but he refused to even try, even after Snowden
gave him instructions. Snowden actually gave up 3 months
after first contacting Greenwald.
Glenn Greenwald was only lucky enough — it made his
career, which was going nowhere before — to get the NSA
secrets, 5 months after Snowden first contacted him, after
Snowden contacted someone else, who finally got Greenwald and
Snowden together. (Greenwald did not even realize after this
introduction that Snowden was the one who had contacted him 5
months earlier.)
After first publishing the NSA secrets in a foreign newspaper,
the British Guardian, Greenwald wrote a book about all this,
No Place To Hide, which made his career. But
Glenn
Greenwald is so IT incompetent that he couldn't fully
understand the NSA secrets given to him by Snowden and the
book painfully shows this.
Edward
Snowden himself is IT incompetent and doesn't fully
understand the NSA secrets he gave to Greenwald. They are far
more revealing if you are an IT expert; see
No,
The NSA Does Not Have Encryption-Breaking Quantum
Computers.
After this fiasco, the IT incompetent, and jealous, media went
out of its way to offer encryption to whistleblowers and other
tipsters. Of course, all they knew of encryption was
Zimmermann's PGP and offering public keys.
I dug into what major newspapers and magazines offered for
emailing them encrypted tips. The classic whistleblower
newspapers — the New York Times, Washington Post,
Guardian (classic since Snowden and Greenwald) — offer
PGP public keys ... and confused instructions about them,
which is to be expected from IT incompetent writers who don't
understand what they are writing about.
Instructions are even more important because PGP public keys
are so daunting. Hover over it to see the
New York Times PGP public key
for tips emailed to tips@nytimes.com. That's enough to scare
anyone off, particularly if they are already nervous about
being a whistleblower and along with all the warnings given in
the instructions. And I tell you from experience that what
exactly you do with that PGP public key varies from encryption
system to encryption system. You really have to know what you
are doing.
I seriously doubt the media has ever received an important tip
by decoding an email encoded with their PGP public key. Even
in the unlikely event a tipster could figure out how to encode
the email with it, I doubt the IT incompetent media could
decode it.
To make things worse, the media probably ignores as
unimportant emailed tips that are not encrypted. Incompetent
and arrogant is a bad combination. (Also, many media email
systems reject or filter out emailed tips, encrypted or
otherwise. For example, the Washington Post uses Proofpoint
for its email and
Proofpoint
censors emails without regard to what the recipient
wants.)
One indication of all this is the lack of whistleblower
stories in the media (and they wonder why). Most stories are
taken from other members of the media and/or made up to fit a
political narrative. The media has become a closed system.
Real news from outside it, like from
experts, is excluded.
This has led to a news fantasy world (used exclusively, for
example, by Wikipedia, Google, Facebook, etc.).
The media is giving up on the idea of giving out PGP public
keys for encrypted email tips. For example, last year the New
York Times terminated, without replacement, the woman
responsible for their PGP public key, their senior director of
information security,
Runa Sandvik
. Sandvik is IT incompetent and a
foreigner (from Norway) to begin with, which should have been
two big strikes against her (see
Principles
of IT Incompetence), but apparently not to the IT
incompetent New York Times, whose two star cybersecurity
writers,
Nicole
Perlroth and
Sheera
Frenkel, are in the
Media IT
Incompetents Hall Of Shame (in fact, Perlroth's photo is
the basis for the Media ITIHOS clown). Don't worry about
Sandvik though, she bounced back as a "Board Member at
Norwegian Online News Association" (where she can do less
harm, at least to American whistleblowers).
Now along comes ProtonMail, an email service based in
Switzerland and run by foreigners, which promises to take care
of all that pesky encryption for you. I first noticed this
being used — i.e. an @protonmail.com address was given
— for emailed tips by the Boston Globe, which writes
about
my alma mater
MIT, and by Wired, the leading IT magazine.
ProtonMail will both drive away whistleblowers and other
tipsters and put at risk anyone, like VIPs, who do use
it.
Users have to sign up for a ProtonMail account to send or
receive encrypted emails and a ProtonMail account is still
complicated to use and set up, by the user alone, with
instructions written by foreigners. This will again drive
away whistleblowers and other tipsters.
Further, ProtonMail uses web apps as email clients (
Apscitu
Mail does not) and web apps are one of the leading hacking
"vectors" used today.
Only emails sent from one ProtonMail account to another
ProtonMail account are encrypted. An email can be sent to a
ProtonMail account from a non-ProtonMail account — I've
actually done this with the Editor-in-Chief of Wired magazine
— but it won't be encrypted, even though the sender
(whistleblower or VIP) might think it must be, with all the
hype of ProtonMail encryption.
ProtonMail brags that its email servers are in Switzerland, so
its emails are not subject to the U.S. Government reading
them. But emails going in and out of the United States are
exactly the emails that the NSA reads, since it can be assumed
the senders or recipients are not U.S. residents, so not
protected by U.S. law against having their emails read. Plus
with senders being fooled into sending unencrypted emails,
these emails are trivial for the NSA to read.
Incompetent encryption is worse than no encryption. Use
Apscitu
Mail, and if you want email encryption, have
me personally set it up
for you and train you how to use it.