-2

Ive seen the below statement on lots of legal and government documents over the years. Im based in the UK, but presume similar statements are made elsewhere.

[In relation to communicating with this government body via email their FAQ response is] emails are not always a secure form of communication. At present, using email runs the risk of interception by third parties

I used to think this was just a hang over from when emails where new, but in 2019, its a stable widely used technology, and has been for years.

Conversely the same places with statements like this often still accept fax as a means of "secure" communication.

Any idea why email is not considered secure ?

sam
  • 536
  • 3
  • 14
  • 6
    *"... but in 2019, its a stable widely used technology, and has been for years"* - nothing really has changed in practice even though technologies to secure mail exist for ages. Possible duplicate of [How can PayPal spoof emails so easily to say it comes from someone else?](https://security.stackexchange.com/questions/9487/), [Is it possible for an attacker to change my sent emails content before arrival?](https://security.stackexchange.com/questions/48270/), [How viable is MITM interception of email, really?](https://security.stackexchange.com/questions/142391/). – Steffen Ullrich Apr 23 '19 at 08:56
  • And see also [Is gmail-to-gmail still insecure? Why?](https://security.stackexchange.com/a/97066/3365) – gowenfawr Apr 23 '19 at 10:40
  • Not quite what you asked, but [more secure email](https://portswigger.net/daily-swig/gmail-tools-up-to-thwart-mitm-attacks) is coming – paj28 Apr 23 '19 at 12:50
  • Being stable does not make it secure against being intercepted – schroeder Apr 23 '19 at 16:23
  • 1
    within an eco-system, say gmail to gmail (no forwarding), normal email protocols are not always in play, and the messages can be secure. But this is not guaranteed or foolproof, so such policies are based on the lowest common denominator. – dandavis Apr 23 '19 at 18:39

1 Answers1

0

The email transport protocol (SMTP) does not ensure that the transmission is encrypted end-to-end. You can ensure that the transmission is encrypted to the first SMTP server, but the server will need to decrypt the transmission to forward the email to its recipients.

You can use GPG or S-MIME to securely encrypt the content of the emails, but almost nobody uses those extensions because they are very inconvenient to use in practice, and hard to set-up. Also, you cannot force the ones sending you emails to use encryption. Moreover, those extensions do not provide the encryption of metadata (who is communication with whom), which is often a sensitive information.

The "e-mail protocol" is an archaic one, developed at the beginning of internet when the security of communications was not considered. Attempts to patch it were made, but it is inherently flawed.

A. Hersean
  • 10,173
  • 3
  • 29
  • 42
  • 2
    Please don't be harsh on protocol designers in the 80ties. Not only security of computers were a thing (with passwords, access control on files, audits) and these ppl weren't ignorant for the security issues, but there was no widely available encryption methods and the gov at the time still expected encryption to never be a widely used by civilians (or very in very limited form). Protocol designers simply couldn't be expected to lawyer up a secure protocol that would satisfy many gov at the same time. (President Clinton did try to find a middle ground on encryption and failed miserably.) – curiousguy Apr 23 '19 at 09:56
  • @curiousguy I did not mean to be harsh, even though I know that I may be blunt in my statement of the facts. However, by today standards, the email format is archaic not just for its lack of security: the multi-part schema and the various encodings are just horrible to parse and the interpretation of the content is left to the user-agent without specs, which leads for example to Outlook clients being incompatible with the others (and among themselves too). – A. Hersean Apr 23 '19 at 11:39
  • SMTP is still a widely used protocol and will probably for next decades. It ensures that *provided you can trust the mail relays* something passed to first MTA will finally reach the destination even in case of network contentions or if some elements in the network are down for an acceptable period of time (typically several hours).What is bad is that users do not want to sign and encrypt their messages while everything (including standard Mail User Agents) has provision for it, and good MUA like thunderbird can do it almost transparently... – Serge Ballesta Apr 23 '19 at 12:11
  • ... It is true that Outlook is known to not correctly implement the standards, because it prefers strict Microsoft documents compatibility. And remember that the Multipurpose Internet Mail Extension, that was initially built for mail systems is what allows HTTP(S) servers to deliver complex contents that browsers know how to process. – Serge Ballesta Apr 23 '19 at 12:12
  • I acknowledge that the e-mailing protocols work well, and work (mostly) as intended. They also served as foundation for other protocols or algorithms still widely used (HTTP, base64...). Still, they are _old_ protocols, and like SSL 2.0, they should be deprecated and be replaced by protocols _benefiting_ from decades of improvement in protocol design, security and UX. One could argue that the recent rise of new secure IM protocols show that e-mail is not well suited for modern usages and expectations. – A. Hersean Apr 23 '19 at 12:26
  • @A.Hersean Yes, almost every in SMTP is archaic and ridiculous by today's standards (as is FTP), beginning with 8 bits *not* being the default transfert, the various legacy encoding standards that must be supported. Many things probably could have been done better but it's wrong and **unfair** to imply that encryption could easily have been added at the time, *without considering the political context*. I reacted because I see that lack of historical and political perspective *extremely often*. – curiousguy Apr 23 '19 at 12:29
  • @curiousguy I did not imply that encryption could have been added at the time. I just stated that it was not done, as an historical fact. Nor did I judge the creators of the protocols. I think you are introducing your own bias in your reading of my answer. – A. Hersean Apr 23 '19 at 12:43