If you happened to read one of the latest computer security scares coming from the media, Efail, let me tell you that it probably effects you in no way at all. But, it might be an appropriate time to understand why you shouldn’t have ever trusted email with sensitive information. But, for a bit of reading about Efail:
- Schneier on Security - Critical PGP Vulnerability
- Schneier on Security - Details on a New PGP Vulnerability
- Boingboing - Efail: researchers reveal worrying, unpatched vulnerabilities in encrypted email
- Boingboing - Efail: can email be saved?
The second link, to Schneier’s take on the details, is the most sane. The world of email isn’t burning. The fourth link, Cory Doctorow goes into more details about the problems with email at a fundamental level.
First, about Efail, if you’re not relying on encrypted email messages (and you’d likely know very well if you do) than this changes, literally, nothing about the security of your email. That’s the good news. The bad new is - you may not have been aware of how bad email is as system for transmitting anything of a sensitive nature.
PGP (the not broken encryption at the heart of the Efail business) has been used to encrypt plaintext messages, which are then sent through the not-very-secure email network. Email doesn’t care what the text that you type into a message is, and PGP is just text. As Schneier points out, Efail is a bad intersection of good encryption combo’d with poorly written email clients and how they handle fancy HTML messages. PGP is still going to serve as the de facto method for secure communications over email. Just some email clients need to get updated as to how they handle HTML in a message.
Doctorow’s writing though goes into the strength of the email system as that it is both decentralized and federated. These are important traits that should be emphasized on any technology that emerges on the Internet. Absence of centralized control is essential for the democratic (or anarchistic, if you prefer) nature of the Internet. As western democracy is finding out right now, the monolithic Facebook is too easy a target to manipulate by Russia. A decentralized and federated social network, such as Mastodon or diaspora*, would be harder to target.
However, email is one of the Internet’s oldest systems. Encrypted connections from a device to it’s email server is not universal. Encrypted connections between your email server and your email recipient’s email server is not universal.
My point to all of this is that if you have read all of that and are feeling comfortable with how you use email - that’s fine, but please don’t ever send anything through email (unless using PGP after the Efail dust has settled) that you wouldn’t want “out there”, as the saying goes. A few years ago, I had a legal situation in which while communicating with the law firm through email, they had asked for sensitive information, such as my Social Security number through email. I refused, and emailed that I’d provide it in person the following day. I also mentioned to the law firm that it’s not a good practice to deal in that sort of information through the email system.
As a sort of footnote, if you’re dealing with people within your own organization on your own organizations’ server, it likely doesn’t bring into the sort of security issues that I mentioned. My employer has an Exchange server that mandates authentication and encryption on all devices that talk to it. If I send an email to someone else in my organization here is what happens:
- Encrypted connection from my computer to the Exchange server.
- Delivery of message to recipient address on that server.
- Encrypted connection between Exchange server and the recipient’s computer.
Steps 1 and 3 may or may not involve a connection that transverses the Internet, but it’s encrypted. Here’s what happens when I send an email to you.
- Encrypted connection to my email server.
- Email server routes it to your email server. Your email server may or may not accept that connection as encrypted.
- Your email client connects to your email server, and that may or may not be encrypted.
So there are two steps in there, that I’m not certain of if a message would be able to be read in between. And it can be read in between. Typically that’s state actor kind of stuff. Bonus reading, WIRED - How Did The Feds Get Past Yahoo’s Encryption? Yahoo!