Securing email

Securing email

Michael JasonSmith Michael JasonSmith

Michael JasonSmith

Published Aug 21, 2015
+ Follow

Currently email is usually encrypted, but on a per-organisation basis. The organisation holds the key used to encrypt the email, using TLS with SMTP, and used to verify the origin of the message using DMARC. The next step is to verify individual senders, and secure messages between pairs of people, probability using a system such as PGP. This would have the advantage of being more secure, and being visible. I think that this is possible, but initially the control must remain in the hands of the organisation.

The way I would roll it out is as follows. 

  • Start with government departments. Each department sets up a key-server, that holds the public and private keys for the members. The IT bods within the departments start using PGP to sign messages, and building the web-of-trust from there. Maybe it can start smaller, with just those involved in networking, for example.
  • Next, roll it out to the media-relations people within the department. They have a clear and present reason to sign messages such as press releases. Hopefully the IT folks at the media companies will see good reason to set up their systems to at least check the signatures against the key servers.
  • Then I would aim to roll out signing (only) from the top-down in each department. The need for signing is greater the higher up within each department a person is, as seniority brings with it a greater need for communication. Also there are fewer senior people and the diversity of tasks is smaller (they are all managers, after all).

The problem is this system takes control away from individuals. This is a big issue for some people, and rightly so. However, I think the usability issues with PGP are too great right now for it to ever work in a general way. By starting with government and moving out from there we can build on existing skills what we know works, and use centralisation to plug the usability gap. I suspect that centralisation will erode over time, as contractors, NGOs, quangos, and individuals start adopting encryption.

I also suspect that I am being naive to think that this plan would work, but it is nice to dream on a sunny Friday in summer.

To view or add a comment, sign in

More articles by Michael JasonSmith

  • The software for things
    Nov 16, 2016

    The software for things

    I have been musing about the intersection of the internet of things and software maintenance. The internet of things…

    2 Comments
  • Of bots and command lines
    May 5, 2016

    Of bots and command lines

    I see little written about command-lines, despite them being very common user-interfaces. Here I will discuss what a…

  • Culture and interface design
    Mar 14, 2016

    Culture and interface design

    I walked past a Nest thermostat the other day. It sensed me and showed 19•25.

    1 Comment
  • Daisy, Daisy…
    Feb 29, 2016

    Daisy, Daisy…

    Today I pulled the plug on a site that I helped run for a long-standing client. I dropped tables, and deleted folders…

  • Gendered design
    Sep 15, 2015

    Gendered design

    I hate the main control knob on my washing machine. Its operation is fairly typical: you turn it in order to select the…

    3 Comments
  • Inscrutable interfaces
    Jul 7, 2015

    Inscrutable interfaces

    A recent 99% Invisible episode, Children of the Magenta, discusses the automation paradox, and in particular the loss…

  • Accessibility
    Jul 2, 2015

    Accessibility

    At OpenHack I was asked for some usability advice. The interface at issue was a confirmation pop-up that appeared when…

  • Wiki
    Jun 5, 2015

    Wiki

    I dislike wikis. I fundamentally disagree with the conceit that their markup is easier to learn than HTML.

    2 Comments
  • Plus ça change…
    May 15, 2015

    Plus ça change…

    Plus ça change, plus c'est la même chose. — Jean-Baptiste Alphonse Karr IT seems cursed to have some debates every…

    2 Comments
  • Mobile web
    Apr 27, 2015

    Mobile web

    Three things have me thinking about the mobile web this week: Google changing their search results slightly, the Apple…

See all articles

Explore content categories