Subscribe to DSC Newsletter

With email encryption being targeted by the government as if it was criminal activity (read the story about the Lavabit platform shut down by the government because it was used by Edward Snowden in the recent NSA leak), this could be a great opportunity for mathematicians and data scientists: creating a startup that offers encrypted email that no government or entity could ever decrypt, offering safe solutions to corporations who don't want their secrets stolen by competitors, criminals or the government.

Key on a sheet with encrypted data Stock Photo - 13903139

Here's the kind of email platform that I have in mind:

  • It is offered as a web app, for text-only messages limited to 100 KB. You copy and paste your text on some web form hosted on some web server (referred to as A). You also create a password for retrieval, maybe using a different app that creates long, random, secure passwords. When you click on submit, the text is encrypted and made accessible on some other web server (referred to as B). A shortened URL is displayed on your screen: that's where you or the recipient can read the encrypted text.
  • You call (or fax) the recipient, possibly from and to a public phone, provide him with the shortened URL and password necessary to retrieve and decrypt the message. 
  • The recipient visit the shortened URL, enter your password, and can read the unencrypted message online (on server B). The encrypted text is deleted once the recipient has read it, or 48 hours after the encrypted message was created, whichever comes first.
  • The encryption algorithm (which adds semi-random text to your message prior to encryption, and also has an encrypted time stamp, and won't work if no semi-random text is added first), is such that (i) the message can never be decrypted after 48 hours (if the encrypted version is intercepted) as a self-destruction mechanism is embedded into the encrypted message and into the executable file itself, and (ii) if you encrypt twice the same message (even an empty message or one consisting of just one character), the two encrypted versions will be very different, of random length and at least 1 KB in size, to make reverse-engineering next to impossible. Maybe the executable file that does perform the encryption would change every 3-4 days for increased security and to make sure a previously encrypted message can no longer be decrypted (you would have the old version and new version simultaneously available on B for just 48 hours).
  • The executable file (on A) tests if it sits on the right IP address before doing any encryption, to prevent it from being run on (say) a government server. This feature is encrypted within the executable code. The same feature is incorporated into the executable file used to decrypt the message, on B.
  • A crime detection system is embedded in the encryption algorithm, to prevent criminals from using the system, by detecting and refusing to encrypt messages that seem suspicious (child pornography, terrorism, fraud, hate speech etc.)
  • The platform is monetized via paid advertising, by advertisers such as bitcoin and anti-virus software.
  • The URL associated with B can be anywhere, change all the time, or based on the password provided by the user, and located outside US. 
  • The URL associated with A must be more static. This is a weakness as it can be taken down by the government. However a workaround consists in using several specific keywords for this app, such as (say) ArmuredMail, so that if A is down, a new website based on the same keywords will emerge elsewhere, allowing for uninterrupted service (the user would have to do a Google search for ArmuredMail to find one website - a mirror of A - that works).
  • Finally, no unencrypted text is stored anywhere.

Indeed, the government could create such an app and disguise it as a private enterprise: it would in this case be an honeypot app. Some people worry that the government is tracking everyone and that you could get in trouble (your Internet connection shut down, bank account frozen) because you posted stuff that the government algorithms deem extremely dangerous, maybe a comment about pressure cookers. At the same time, I believe the threat is somewhat exaggerated. While there is a risk for false positives, you will never be sent in jail for talking about pressure cooker recipes (at worst, you'll get a visit from the NSA - someone indeed did). While big data and big brother are getting bigger and more powerful every second, the number of available cells in prison is not increasing. Maybe it is even decreasing. So even if magically, millions of people suddenly wanted to become law enforcement, NSA, CIA or FBI agents (and the money was available to train and hire them), there is just simply not enough prison cells to accommodate more prisoners (US has the largest prison population of any country, measured as the proportion of people incarcerated at any given time).

On the other side, many people seemed to be OK with increased regulations and more police. I think this is a side effect of living in an over-crowded world, with unsustainable population growth: the younger generation accepts or is forced into lower quality of life, having to share a small apartment with many roommates in over-crowded cities. They are more risk-adverse on average, and worry about all sorts of real issues such as increased terrorism, the risk of an epidemics, giant financial systems that could collapse under their own weight, pollution killing people at a younger age, etc. I believe eventually people will find solutions to escape from this environment, maybe by building floating cities, cities under the see, or underground cities. In my case, after many years of cubicle life and the morning and afternoon rat race (AKA the commute), I no longer drive to work, and have a much better lifestyle working from home 100% of the time - for the safest job one could ever wish to have: one that you created yourself, an adaptive, lean, agile enterprise that you founded yourself with a few great partners. But this is another story.

Anyone interested in building this encryption app? Note that no system is perfectly safe. If there's an invisible camera behind you, filming everything you do on your computer, then my system offers no protection for you - though it would still be safe for the recipient, unless he also has a camera tracking all his computer activity. But the link between you and the recipient (the fact that both of you are connected) would be invisible to any third party. And increased security can be achieved if you use the web app from an anonymous computer - maybe from a public computer in some hotel lobby.

Related articles

Views: 3395

Comment

You need to be a member of Data Science Central to add comments!

Join Data Science Central

Comment by Vincent Granville on October 15, 2013 at 9:47pm

Finally, to further improve security, the system could offer an email tool - say BlackHoleMail.com that works as follows:

  1. Bob ([email protected]) wants to send a message to John ([email protected])
  2. Bob encrypts [email protected] It becomes (say) x4ekh8vngalkgt
  3. Bob's email is sent to [email protected]
  4. BlackHoleMail.com forward the message to [email protected] after decrypting the recipient's email address
  5. John does not know who sent the message: he knows it comes from [email protected], but that's all he knows about the sender.

Encrypted email addresses work for 48 hours only, to prevent enforcement agencies from successfully breaking into the system: if they do, they'll only be able to reconstruct email addresses used during the last 48 hours. In short, this system makes it harder for the NSA and similar agencies to identify who is connected to whom. 

Comment by Vincent Granville on October 11, 2013 at 8:54am

Wondering if a software encryption tool might make my system more secure. The user would have to download  a free software, and use it to encrypt the message offline. Then the user would submit the encrypted message on the web app. His message would thus be double encrypted by us, first offline, and then online.

Comment by Chris Stehlik on August 11, 2013 at 2:16pm

Lavabit was not shut down by the government. The owner shut it down himself rather than comply with a government request. Encrypted email wasn't treated as 'criminal'. It's not the encryption that was likely at stake, it was rather the specific information that was requested. Encrypted email is legal and is readily available. A process that you have described has been around for about twenty years. GnuPG and it's predecessor PGP have been called 'closest to military encryption' by Bruce Schneier. GnuPG is free and open source, so no monetization is necessary. It is available by default in Linux system like Ubuntu or Fedora and is available as a free download for Windows where. http://www.gpg4win.org/

Since people generate the keys themself and email services do not have copies of them, you can use whatever email service you want.

The only part missing is the 'crime prevention part'. This part is very problematic, because it requires the app to scan the content of your message, which is the very thing the system is supposed to prevent. Why should I trust any third party website to scan the content of my emails in order to find potential criminal acts, when I don't trust the government or anyone else. What assurance could be given that the scanning process doesn't also make a copy of each and every email ? If you don't trust  Google when they say that 'no one reads your email' then there is no reason to believe any other company either (regardless of whether they are located in the US or not).

Secondly, you have the issue of varying laws. Hate crimes,pornography, fraud laws and even laws regarding threats vary even from state to state as well as country to country. They can also be subjective. Determining the geographical location of sender and recipient and associating it with the proper set of laws and interpreting it correctly is a very difficult task even if the above privacy concerns were addressed.

On top of all that, content of the message is not what the government primarily interested in. They are interested in the meta-data, specifically who are you sending email to and who is sending email to you and no amount of content encryption is going to stop that.

Comment by jaap Karman on August 11, 2013 at 5:29am

The lavabit owner showed citizen courage. The most easy approach would be moving that out of US and being served and hosted outside US. That having noted, it is political issue not a technical one.

Having the requirement: encryption should be allowed with all criminal intentions eliminated will get that responsibiltiy also into that technical solution. And who will be responsible for that?  

 

Going into the politics.... Will US ever win the war against extremist this way?
Answer: NO  there is not any possiblity for that. They will always be on the losing side.

 

Option 1:
Having some ways left they are able to plan or do something or even someone turning into that.

There will be always a possiblity something bad will happen.  ==lose==

 

Option 2:

Turning the US community and all of the world being in controlled monitored way. Having scanned and monitored and stored everything (prism). The Outcome could be US will lose their identity of the nation of freedom.   ==lose==

 

The problem:

Having some that possible influence without any sufficient (public feeling) controls could easily be similar to the classical  "Phyrric Victory" approach. Some intelligence research must be possible. The exaggerating on this has happened always in countries US people did not like.     

 

 

 

        

  

  

 

 

Comment by Vincent Granville on August 10, 2013 at 1:47pm

I received several comments saying that interception would be easy. Actually, the password can be intercepted, the text message can be intercepted, but if you are smart enough (use public phones, public computers), no link can be made between the password and text, making interception useless. And regardless, any interception with investigation starting 48 hours after interception, will be useless. 

Comment by Vincent Granville on August 10, 2013 at 12:58pm

@Amy: The risk of double encryption is that it would be used by criminals e.g. to exchange images involving child pornography. I would imagine that my system would detect if the input is already some encrypted text (could you develop an algorithm that automatically detects if a piece of text is encrypted - that is, if it appears as random or gibberish?)

Then my system would prevent such messages from being encrypted.

Follow Us

Videos

  • Add Videos
  • View All

Resources

© 2017   Data Science Central   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service