Why Email Can’t Be Protected From Government Surveillance

Chris Hoffman 21-08-2013

“If you knew what I know about email, you might not use it either,” said the owner of secure email service Lavabit as he recently shut it down. “There is no way to do encrypted e-mail where the content is protected,” said Phil Zimmermann as he suddenly shut down Silent Circle’s secure email service. The reality is that email is fundamentally insecure and can never be protected from government surveillance in the same way some other communications can.


Sure, you may be using a different encrypted and “secure” email service that hasn’t shut down yet. But they’re vulnerable to the same US government pressure Lavabit faced — that’s why Silent Circle shut down before it was contacted by the government. Some less principled services will opt to cooperate with governments rather than shut down. We don’t know exactly what demands Lavabit faced, as they’re forbidden from disclosing anything they experienced as a result of backdoor orders from the secret US surveillance court that enables PRISM and other NSA surveillance programs What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More .

Now, let’s look at why email is a poor choice for secure communications, and how it’s an easy target for government snooping.

Metadata Can’t Be Encrypted and XKEYSCORE Can Intercept It

An email isn’t really a single piece of data. It’s multiple pieces of data: There’s the message body, the subject line, the From field, the To/CC/BCC fields, and other metadata that includes the location you’re sending the email from.

Even if you use the best email encryption technology possible, you can only encrypt the message body of the email. Anyone monitoring the connection you’re using can view the subject of the email, who you’re communicating with, and where you’re emailing from. Under the XKEYSCORE program that essentially allows the US government to capture most of the traffic flowing over the Internet by intercepting it at large backbone routers and gateways, the government can build up quite a picture of who you’re communicating with, when you’re communicating with them, where you’re each communicating from, and what the subject lines of your emails are, which gives them an idea of what you’re talking about. They may find the fact that you’re encrypting the contents of your emails suspicious and target you for further, more in-depth surveillance of everything else you do.

The US government collected US email records in bulk until 2011. According to the NSA, this program was discontinued because it wasn’t effective — but they’re still gathering metadata under XKEYSCORE, so they’re likely intercepting all the email metadata they can get their hands on. They’ll get lots of information from you even if you encrypt your emails.


For more information, read about the things you can learn from an email’s “header”, or metadata What Can You Learn From An Email Header (Metadata)? Did you ever get an e-mail and really wondered where it came from? Who sent it? How could they have known who you are? Surprisingly a lot of that information can be from from the... Read More .


Many “Secure” Email Providers Have the Encryption Keys For Convenience

Encrypting and decrypting emails is complicated. In theory, you’d use something like PGP or GPG on your local computer to decrypt emails How To Send Signed & Encrypted Email With Evolution [Linux] In today's technological world, sending encrypted messages between people has become an increasing standard. In order to secure your email communications, you need to sign and/or encrypt your emails. In Linux, this is an easy... Read More . In practice, the setup can be complicated and confusing, even for more tech-savvy users. This also makes it impossible to access the encrypted emails via a browser or lightweight mobile client.

In practice, many secure email providers have dealt with this by holding the encryption keys at their end, decrypting emails when you access them. This is how Silent Circle’s secure email service worked — they had the encryption keys so they could easily decrypt emails and offer a good user experience. In practice, this means that the government could demand all the encryption keys — or just the ones they needed — and decrypt all the emails they wanted to. If the provider has the keys, they could hand them over. The only way to securely encrypt and decrypt email bodies is with complicated desktop software. Even all this effort leaves the metadata exposed.


The Government Can Demand Backdoors: See Hushmail

Canada-based Hushmail is one of the most popular and widely-known encrypted email services. In 2007, Canadian courts compelled Hushmail to hand over the emails of one of their users. The emails were then passed to U.S. courts under a mutual legal assistance treaty between Canada and the USA.

Hushmail theoretically couldn’t do this. They didn’t keep users’ encryption keys on their servers. They recommended users use PGP or similar software to decrypt the emails on their computers for maximum privacy. However, many people thought this was too inconvenient, so Hushmail also offered a downloadable Java applet located on a web page that allowed you to access your email. When you accessed the web page, the latest version of the Java applet would download to your computer, you’d enter your encryption key, and the applet would download and locally decrypt your email without Hushmail gaining access to your encryption key.

Hushmail was compelled to serve a version of the Java Is Java Unsafe & Should You Disable It? Oracle’s Java plug-in has become less and less common on the Web, but it’s become more and more common in the news. Whether Java is allowing over 600,000 Macs to be infected or Oracle is... Read More applet with a built-in backdoor to the user in question. The modified Java applet sent the user’s encryption key to Hushmail after it was entered and Hushmail gained access to the user’s emails, which they handed over to the courts.

If you do use secure email, the provider can be forced to acquire your key in any way possible. Even if they couldn’t gain access to your key, the provider could hand over your encrypted emails themselves, which would show the government who you’re communicating with, when, and about what (via the email subject line).



Email Messages Are Stored on a Server, Instant Messages Are Not

Even if the government can’t get or intercept the encryption key, they may be able to decrypt your emails anyway. Your encrypted email messages are stored on a server — that’s just how email works. If the government were to demand this data, the hosting provider would have to hand it over in encrypted form. The government could then try to break the encryption — new hardware regularly makes current encryption mechanisms much weaker, and the US government may be storing such encrypted communications in the hopes of breaking them in the future.

In contrast, instant message-style communications are harder to archive. An encrypted message can be sent directly to the recipient and not stored on a server where it can be accessed in the future. The government would have to install a monitoring device and capture all the communications in real time. If they failed to do so and didn’t have all the encrypted data, they wouldn’t be able to go get it years later — but they can often do this with email.

Other Types of Communication Can Be Secured

Email just wasn’t designed with encryption in mind. It’s been bolted on after-the-fact, and it shows. Even the most careful of secure email service users can’t hide who they’re communicating with and when. If you really want to avoid government surveillance, you’re better off using different secure messaging services instead of relying on email.


That’s why Silent Circle still offers a secure messaging service 3 Ways To Make Your Smartphone Communications More Secure Total privacy! Or so we think, as our words and information went flying through the air. Not so: First it's word of warrantless wiretapping, then it's word of newspapers, lawyers, insurers and more hacking your... Read More that they’re confident in the security of. It’s not the only option either — Cryptocat is another. Cryptocat had a recently publicized vulnerability and other services may have their own problems that we’ll hear about in the future, but these services are on the right track — they’re not fundamentally insecure by design the way email is.

Of course, encrypted email isn’t necessarily worthless. For example, if you want to secure important business communications against eavesdropping, it can be useful. But encrypted email isn’t going to slow down the government very much — it’s not the ideal communications tool when you’re trying to talk without the NSA hearing.

encrypt your data

Do you agree with the principles behind Lavabit’s and Silent Circle’s shutdown? Do you use a secure messaging service to communicate without your conversations being stored in a massive government database?  Leave a comment and let us know which email-alternative you prefer.

Image Credits: Metal detector Via Shutterstock

Related topics: Email Tips, Encryption, Online Privacy, Online Security, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. DoktorThomas
    January 15, 2016 at 3:32 pm

    Spying, at any level, on law abiding citizens is not a protected activity government. If an action or duty is not specifically granted as a right or obligation under the Constitution, no part of any government, no legislative body, no executive can authorize this affront and overreach. Smith & Wesson is the only security any citizen needs. Governments must step aside.

    In Colonial times (standard for all time), the Patriots would be in armed rebellion in the streets. No government officer would be safe. No corner of the Nation would be unshaken.

    We have evolved past such action in the streets because citizens are more educated. That refinement did not grant a license to to abuse us and confiscate our rights.

    The issue in the coming, or any, election should be the supremacy of The People over governments. If your candidate doesn't espouse an unshakeable repulsion at government tyranny and power grabbing, he is not your man. Choose more wisely.
    ©2016 Así siempre a los tiranos All rights reserved. Fair use withdrawn without written consent.
    PS. That villains walk among us is no reason to cower and to forget your guaranteed rights. God-given human rights trump government always. People rule all government or the government must be supplanted.

  2. Myself
    September 1, 2013 at 5:20 pm

    Mails can be save, thats how to do it:
    I write my Mails on a standalone Atari STF, from there I transfer it via RS232 over Z-modem to my standalone PC where I wrote my own z-modem Implementation which immediately encrypts it using the highest AES krypto there is. Then I uuencode it, then I use the utf8 codes of any character to reference to the utfcode# word in a free gutenberg book, then once a night, my standalone PC connects to the net and mails all my mails to a disposable MailService like mailinator, where my recipient checks it. try to hack that ;)

    • Zaphod Beeblebrox
      January 2, 2014 at 9:33 pm

      @Myself: Nice setup. Yours is the most sensible comment so far.

    • McLovin
      February 19, 2015 at 10:48 pm

      No you don't. You are just another techno nerd wannabe playing out a movie fantasy. Nobody really does it and if they do they are concealing kiddie porn or something else terribly criminal

      • DoktorThomas
        January 15, 2016 at 3:58 pm

        People who value endowed fundamental rights are not into kiddie porn, criminality nor pro(re)gressive socialist Democratic flotsam. Be a patriot or expatriate.
        The only fantasy existence is yours. ©2016 All rights reserved. Fair use absolutely withdrawn for McLovin.
        PS. As for "Myself", if your message travels by any public communication system, the felons and communists in the have it. Take a cue from masterful Chicagoans: talk in person and at random locations and never write anything down in any form, ever. FYI: Woodrow drew the line; The People must erase it.

  3. Dennis
    August 27, 2013 at 5:01 am

    What a joke. Big brother is watching and will spy on you, and if not he will get your significant other to do it for you. Hmm sounds like what the Soviets had, but with less tech.

  4. ovigia
    August 23, 2013 at 3:58 pm

    bitmessage maybe the answer....

    • GEorge
      August 26, 2013 at 10:29 am

      I wanted to write this ! :) Yes,I think also this might be the answer

  5. HildyJ
    August 22, 2013 at 9:05 pm

    First, no matter what you do (other than carrier pigeon) the government knows who you're communicating with. We've even learned that the post office photographs every letter and package.

    Second, it is rumored that encrypted email is captured and stored as a matter of course (just as key words are apparently used to target email). Which encryption methods have backdoors is a matter of speculation but if the government takes an interest in your email they can always brute force decrypt it and, under current law, they may be able to force you to reveal your keys.

    Bottom line - privacy no longer exists.

    • Zaphod Beeblebrox
      January 2, 2014 at 9:32 pm

      @HildyJ: If you use a sufficiently long and random PGP RSA key, 1K or more, then brute force decryption is of absolutely no use whasoever. Unless someone arrives back in a time machine from 2045 with a quantum computer.

      Bottom line - If you have sufficiently encrypted e-mail, then they will not be able to crack the message content.

  6. David A
    August 22, 2013 at 4:56 pm

    "Why Email Can’t Be Protected From Government Surveillance": it shouldn't have to be; but as citizens of the U.S., we should be protected from illegal abuse stemming from that surveillance...

  7. Guy M
    August 22, 2013 at 12:34 pm

    This article needs to be on a major news service. That's about the highest compliment I can give, Chris.

  8. Martijn Brinkers
    August 22, 2013 at 10:26 am

    Nothing is safe against traffic analysis. Silent Circle claims that their chat service is secure because they do not store any metadata. However traffic analysis will provide all the information the NSA needs. By analyzing incoming and outgoing data of the chat service, it's pretty straightforward to detect who is chatting with who even if the data is encrypted. Especially for a chatting application since the communication is instantaneous. It's almost impossible to build a service which provides real anonymous communication if the "attacker" has access to all communication.

    • Bruce E
      August 22, 2013 at 9:06 pm

      But the only real information they are getting from it are the possible endpoints, not the content unless they are capturing all of that traffic. Even then, the amount of computing power required to crack it would be enormous, especially if there was an error in endpoint determination (not likely, but possible at the start of a communication session).

      • Martijn Brinkers
        August 23, 2013 at 9:54 am

        Yes that is true but this is true for encrypted email as well. Security wise there is not a big difference between some encrypted chat or encrypted email. The only reason silent circle stopped providing "secure" email was because they did not have an application that encrypts/decrypts on the mobile device. Silent Circle spins this as a shortcoming of email in order to push their chat service. However their chat service is as vulnerable to meta-data analysis as any other encrypted service (like encrypted email). Traffic analysis provides all the information who is communicating with who. And if traffic analysis is not sufficient, the powers that be will force any organization to install some monitoring device. It really hard to provide full anonymity. Only a worldwide service with multiple intermediate and end-points and random introduced delays and dummy encrypted data that flows constantly between the intermediate servers and end-points can provide some form of anonymity (A Tor like service). The point I wanted to make is that you should encrypt your data to make sure that only the right recipient can read the content whether or not this is email or some kind of chat service (security wise there is not a big difference between email or chat) and not focus too much on whether or not this anonymous or not (unless you are a journalist for example) since no one can provide real anonymity.

  9. Mac W
    August 22, 2013 at 12:09 am

    Maybe it is time to buy shares in the paper and envelope businesses

  10. AriesWarlock
    August 21, 2013 at 9:02 pm

    What a coincidence, I was watching an interview with Lavabit's founders and then this article showed up