By David Talbot, Technology Review
When Lavabit—an e-mail service used by National Security Agency leaker Edward Snowden—suspended service last week amid hints that it had received a government demand for information, a competing service called Silent Circle made a draconian decision: to obliterate all of its customers’ stored e-mail. The episode pointed out two fundamental weaknesses in e-mail. First, even if an e-mail service encrypts messages for secrecy, as Lavabit and Silent Circle did, the e-mail headers and routing protocols reveal who the senders and receivers are, and that information can be valuable in its own right. And second, the passcodes used as keys to decrypt messages can be requested by the government (if held by the e-mail company) or simply stolen by sophisticated malware.
http://www.technologyreview.com/news/518056/why-e-mail-cant-be-completely-private/
Share on Facebook