Tuesday, July 02, 2013

The Plain Mail Snail: One way to make people switch to using encrypted email

Due to revelations about access to private email (and other electronic communication) by the NSA and GCHQ some people have been suggesting that we all need to start using encrypted email. I've had PGP/GPG keys since about 1995 and I have only ever received a handful of encrypted mails.

So, how do you make people send you encrypted mail? I think an 'economic' incentive is necessary.

If you send me an unencrypted email it will be delayed by 12 hours before it is delivered. Encrypted email will be delivered immediately.

This is actually pretty easy to accomplish. An SMTP server can examine the contents of an incoming email and determine if it is encrypted or not. If it's not encrypted it can be placed in a delay queue and delivered after the appropriate delay; at the same time the server can send a message warning the sender of the delay and perhaps educating them about how to send encrypted mail.

This scheme could be called the Plain Text Tarpit (PTT) or perhaps the Plain Mail Snail.

If PTT were implemented then mail clients would quickly be upgraded to automatically handle email encryption.

PS What about mailing lists?

Either they accept the 12 hour delay or they find the public key of the people they are sending to.


ZeissS said...

I personally don't get that much emails (outside of work, which is company-internal 99%), so my main interest would be to receive more encrypted emails from services.

One idea would be to provide a service similar to sendgrid which encrypts the email for you before sending it out. For this it would obviously need all keys, but that is solvable.

Nate Finch said...

haha,no. The the only way anyone will send encrypted email is if it is done for them on both ends. You think baby boomers that barely know what internet explorer install pgp? The big email providers need to get together and decide to do it themselves. That's the only way grandma will ever encrypt anything, if she doesn't even know she is.

tz said...

This is not merely academic.

Supposedly using a VPN bypasses the deep packet inspection and caches for wireless, so that if you enable VPN (encrypted), your ping times and latency drop significantly.

Adrian said...

I am using http://securencrypt.com/ for some time now to encrypt files but most importantly emails. It's end to end, has trusted lists and other security goodies.