You use it every day, at work, at home. Email--that great boon to technology--probably used more than anything else that is so relied upon, yet at the same time is the source of much difficulty and scorn. It's almost always there when you open your email. Spam. Junk mail, if you will. Why WHY must these always show up in my mail, you ask?: SMTP.
SMTP Simple Mail Transfer Protocol came into being and because of its great simplicity became the popular de facto method for sending electronic mail that it is today.
What its designers never contemplated was how such a good basic technology might be put to a 'bad' use.
To its credit, SMTP is efficient at handling enclosure and transport of email. A downside to its use is that now that most everyone and all businesses depend on it for communication, it is difficult to make changes to its design without causing major disruption.
So, we shrug continuing with its use and never address the points of concern. A primary source of concern with SMTP is that emails are sent as unencrypted 'clear text' and pass through the ISPs and intermediaries in human-readable form to their recipient's point of destination.
A second source of concern is that the source sender's email address can be forged. This alone is the cause for the rise of spam on the internet.
Is their a way to address both of these concerns? The answer is Yes. As we all have come to expect, putting our paper mail into envelopes has been a uniform practice to ensure our mail's privacy while in transit. That's reasonable and works well most of the time.
Your email can be read anywhere it travels without your permission unless you take precautions to put it in a form of 'envelope' that renders it unreadable except by those you designate.
One of the technologies that puts this 'envelope' around your email is called PGP or Pretty Good Privacy. The technology is more than 'pretty good', in fact it is excellent and you can have it for free thanks to its inventor, Phil Zimmermann. You can read more about him at Wikipedia, but I thought you might like to have his take on PGP and Your Privacy, entitled, Why I Wrote PGP.
It all makes sense after you read it. Making how we handle our emails a matter of privacy should concern everyone much as it does for paper mail. In fact, if nothing is done, in the future your email privacy may no longer be private at all, at least according to the message in this article as suggested by the Electronic Frontier Foundation.
There are several options currently for ensuring that your email stays private, including PGP, openPGP, GnuPG, and S/MIME. PGP is commercial and may require a license and fee to use, the others are free. They all work toward the same goal, encrypting the MIME clear text email message with signed certificates guaranteeing the identity of the sender and producing a trust level that the receiver can use to be assured they are receiving a message from the 'real' sender that is unreadable along its transit to the destination without any means of tampering.
A by-product 'benefit' of using PGP is that it effectively closes down the channel of unsolicited spam, because the sender's email address field cannot be tampered with or more specifically forged as happens with spam.
We enjoy the reliability of SSL, Secure Shell, VPNs. Why? Encryption.
When will your Right to Privacy be important enough that everyone recognizes that email in its current form as a matter of 'standardization' must change? This is not just a national issue, but one that will require global participation (remember the envelope) if it can have a chance to become adopted and universally accepted.
Your thoughts?
SMTP Simple Mail Transfer Protocol came into being and because of its great simplicity became the popular de facto method for sending electronic mail that it is today.
What its designers never contemplated was how such a good basic technology might be put to a 'bad' use.
To its credit, SMTP is efficient at handling enclosure and transport of email. A downside to its use is that now that most everyone and all businesses depend on it for communication, it is difficult to make changes to its design without causing major disruption.
So, we shrug continuing with its use and never address the points of concern. A primary source of concern with SMTP is that emails are sent as unencrypted 'clear text' and pass through the ISPs and intermediaries in human-readable form to their recipient's point of destination.
A second source of concern is that the source sender's email address can be forged. This alone is the cause for the rise of spam on the internet.
Is their a way to address both of these concerns? The answer is Yes. As we all have come to expect, putting our paper mail into envelopes has been a uniform practice to ensure our mail's privacy while in transit. That's reasonable and works well most of the time.
Your email can be read anywhere it travels without your permission unless you take precautions to put it in a form of 'envelope' that renders it unreadable except by those you designate.
One of the technologies that puts this 'envelope' around your email is called PGP or Pretty Good Privacy. The technology is more than 'pretty good', in fact it is excellent and you can have it for free thanks to its inventor, Phil Zimmermann. You can read more about him at Wikipedia, but I thought you might like to have his take on PGP and Your Privacy, entitled, Why I Wrote PGP.
It all makes sense after you read it. Making how we handle our emails a matter of privacy should concern everyone much as it does for paper mail. In fact, if nothing is done, in the future your email privacy may no longer be private at all, at least according to the message in this article as suggested by the Electronic Frontier Foundation.
There are several options currently for ensuring that your email stays private, including PGP, openPGP, GnuPG, and S/MIME. PGP is commercial and may require a license and fee to use, the others are free. They all work toward the same goal, encrypting the MIME clear text email message with signed certificates guaranteeing the identity of the sender and producing a trust level that the receiver can use to be assured they are receiving a message from the 'real' sender that is unreadable along its transit to the destination without any means of tampering.
A by-product 'benefit' of using PGP is that it effectively closes down the channel of unsolicited spam, because the sender's email address field cannot be tampered with or more specifically forged as happens with spam.
We enjoy the reliability of SSL, Secure Shell, VPNs. Why? Encryption.
When will your Right to Privacy be important enough that everyone recognizes that email in its current form as a matter of 'standardization' must change? This is not just a national issue, but one that will require global participation (remember the envelope) if it can have a chance to become adopted and universally accepted.
Your thoughts?
Blog feed
Comments Feed
The government will never mandate PGP or any other privacy for emails because they would not be able to snoop as they now do with clear email!
Govt can and does routinely intercept and crack encrypted emails in the name of National Security.
But that isn't the point.
Enclosing the clear text message in GnuPG effectively places a lock on the sender address and THAT categorically puts the spammers out of business.
Spammers ARE a National Security Risk and as such the Govt should welcome such a Mandate to protect its citizenry.
Thanks for replying at ZDNet and my website.
--Dietrich