When we talk about email, how much of our online communications are truly private?

I think everybody today needs to assume that if theyre communicating electronically, somebody is listening. Over the last 20 years weve been communicating across the Internet with a level naïve innocence that has been lost forever.

One big issue is that todays electronic communication systems have gotten so complex that they are all but impossible for private citizens to understand. And thats because these systems have been built with layer upon layer of complexity. If any of those layers has a vulnerability, an organization with the access and resources of the NSA can exploit it to gain total control of the system. The only question is how difficult it is for them to do so.

Another issue is that while we have the encryption technology to protect email messages, the current state of endpoint security (meaning the security of your individual computer or device) is abysmalalmost laughable to the Tailored Access Operations unit which employs more than 1,000 engineers whose only mission is expanding their exploit catalog. If your device is compromised, it doesnt matter how strong the encryption is, a snooper will simply steal the keys protecting your messages.

Why should we be so concerned about keeping our email encrypted and private?

For one, privacy is a form of security and protectionan assurance that what we write wont one day be used against us, to blackmail us into conducting some nefarious deed. I look to history and shudder to think of what Joseph McCarthy, Richard Nixon, or J. Edgar Hoover would have done with the surveillance capabilities of today.

One of our most basic rights as American citizens, as people, is the privacy of our papersour thoughts in written form. Why should this right be forfeited simply because the thought was typed into a computer and stored in a cloud?

But the most important reason is this: By encrypting our email, we force a potential attacker to break into our devices if they want to read our private messages. That changes the game. Instead of sweeping up everyones communications wholesale, without much incremental effort, we force them to pick and choose specific targets. And this would be a huge step towards making unconstitutional surveillance obsolete.

Talk to us about Dark Mail, your newest project.

Dark Mail is really an effort to turn the worlds email darkto make email encryption ubiquitous, universal, and automatic. The simplest explanation of what were doing is that were rewriting the protocols of emailthe standard rules computers use for delivering email messagesso that messages are encrypted before they leave your computer and cant be decrypted until theyve reached the recipients computer. And because this is built into the system, theres no cognitive burden. Grandma could use thisyou dont need to understand encryption or why its important. If someone can use email today, they will be able to use Dark Mail tomorrow.

Just to be clear, one important distinction is that Dark Mail is a technologyits not [an email] service. Our hope is that different email service providers will implement support for Dark Mail. In fact, well be publishing the specifications and releasing the code as free software. That way, the community can help us find vulnerabilities and make Dark Mail even more secure. Its even possible that others will take our design and improve on it. And if they do, more power to them.

So how does Dark Mail work?

Dark Mail is built around something called asymmetric cryptography, in manner similar to [a piece of software called] PGP, which stands for Pretty Good Privacy. It involves two keys (think passwords) to work. You generate a public and a private key. You then give your public key to the world, so that anyone in the world can send you a message that has been encrypted using the public key. Once the message has been protected using a public key, only someone with the corresponding private key can unlock it. At least in theory, the only person with access to the corresponding private key is you.

Now all you need to do is protect it.

But Dark Mail is more complicated than simply taking PGP and making it automatic. For example, were working on making the Dark Mail key discovery process resistant to manipulation by bad guys with big budgets. Were also working on the metadata problemor making it harder for an outsider to track when and with whom youre communicating. Without that, we will lose our ability to associate freely. I know this from experience. Contacting the EFF shouldnt make you a surveillance target.

Is this type of encryption even legal?

Yes. If you go back to the early 90s, the person who wrote PGP, Phil Zimmermann, freely released his software to a handful of friends. Eventually PGP source code found its way onto the global Internet. For his trouble, Zimmermann was subjected to a 3-year criminal investigation, which would eventually be dropped and never result in charges against him. At the time, in 1991, any form of encryption that was strong enough to be considered unbreakable by the federal government was classified as a munitionas a weaponand was subject to strict distribution controls.

In large part because of Zimmermann, those laws would get repealed, and the victory would become one of many battles that make up a period known as the Crypto Wars. Freedom would eventually prevail. We won the right to create and distribute software with strong encryption. All we need to do now is use that right.

This content is created and maintained by a third party, and imported onto this page to help users provide their email addresses. You may be able to find more information about this and similar content at piano.io