| Home | Amateur radio | Contact me | Digital freedom | Wildlife | Writings | Copyright © Michael Kjörling |
Internet e-mail is inherently insecure. The standards still used for passing e-mail between systems, including the SMTP protocol, were created for a network which was used in entirely different ways and by very different people in the late 1970s and early 1980s, transfer all data in plain text, and have no mechanisms for proving that the sender is who he or she claims to be. It is simply impossible to, given a plain e-mail message that has been passed over the Internet, be certain that it actually came from the address claimed in the headers – what you can very often be certain of, though, is that several persons have had the ability to copy or read it while it was in transit.
There are ways to resolve this shortcoming, however. Technology based on strong cryptography allows both authenticity and security assurances, making it possible for the sender to ensure that only the intended recipient can read the message, and for the recipient to check to make sure the message received is identical with what was sent, ensuring that it has not been altered while en route between the sender and recipient (whether intentionally or unintentionally). The OpenPGP standard specifies (along with other details of a technical nature) a message format, encryption and hashing algorithms making such security possible. While there are other similar products, OpenPGP compatible software has been the de facto standard for private Internet mail for over a decade, ever since Philip Zimmermann released the first version of his software package, called Pretty Good Privacy. (The OpenPGP Message Format was formally specified in RFC 2440 in November 1998.)
Every Internet e-mail I send, whether personal or to a mailing list, is cryptographically signed. This provides the benefit that the recipient, now or at any time in the future, can verify that the message actually did originate from me, and that it has not been altered. (Technically, what is being verified is that the message was signed with my secret key, which only I possess.) If you encounter any e-mail or Usenet newsgroup post claiming to be from me which does not begin with the line:
-----BEGIN PGP SIGNED MESSAGE-----
or, in the case of an encrypted message:
-----BEGIN PGP MESSAGE-----
it very likely did not come from me in the first place. Following that line is a few lines specifying how the message was signed/encrypted (hashing algorithm, software version, comments), followed by the actual message. Clear-text signed messages have the cryptographic signature at the bottom, beginning with the line
-----BEGIN PGP SIGNATURE-----
(You can safely ignore the seemingly random data following this line when reading the message.) If you have no interest in verifying whether what you read from me is actually what I sent you, simply ignore this additional data altogether. However, if you are interested in making sure that what you are reading actually came from me and not someone else, I strongly suggest that you install either PGP or GnuPG (see the international PGP home page for copies of both), obtain a copy of my public key and instruct the software to verify the integrity of the message in question.
In recent years, it has become more and more common for governments
to monitor Internet traffic on a large scale. Especially after the
attacks on the United States east coast in September 2001, this has increased
under the parole of thwarting terrorism
. Using strong cryptography will
ensure that your personal correspondence is kept safe from such surveillance
measures.
From time to time, people advocating the regular use of strong cryptography get questions on the order of "but what about criminals/drug traffickers/terrorists/etc using the same tools?", "why should I encrypt my e-mails, I don't have anything to hide?", and the like. First of all, there is no evidence I am aware of at least that terrorists have used computer-based strong cryptography to thwart attempts by law enforcement to monitor their communications (they use other methods, like not discussing their plans in public in the first place). Second, there is nothing wrong with asserting your privacy. Any democracy is based on allowing the citizens to freely exchange opinions and information, in private as well as in public. Sometimes, those freedoms are abused – but that is no reason to take them away from the vast majority who do not abuse them. Would you like the government to open and read your paper mail on a regular basis? Probably not, but to make an analogy into the "real world", those against the use of strong cryptography on the Internet are essentially trying to outlaw the use of envelopes for the reason that letters written on post cards are easier to read unnoticed. The best way to ensure that they will not be successful, and that it will not draw suspicion when someone does use an "envelope", is to make more people use it for most or all of their communications. If the consensus was that law-abiding citizens should not use envelopes to protect their privacy, and someone did, chances are that others would react. Maybe the government would open that letter to see what secrets the sender is trying to hide. Now, we do not live in that kind of world, but on the Internet surprisingly many seem to believe that such a situation is appropriate or even desirable. The dangers to peoples' privacy from this, along with the possibility to routinely scan electronic communications for interesting key words on a large scale, should be obvious to everyone.
Every person should have the right to privacy, whether it is in the digital realm or the physical world. If there is no right to privacy in communications, the free exchange of thoughts is severely impeded. I use GnuPG regularly because I am interested in protecting my privacy from those who might wish to take it away. Are you?