Apple Should Popularise End-to-End Email Encryption

Posted by on Aug 8, 2016 in Technology
One Comment

When it comes to technology, I can get pretty geeky. Sometimes, I encounter issues or bugs in software that drive me mad but after going through the roof about them for a sufficiently long time, I am eventually sane enough to realise that this probably just affects me and one other person in New Zealand and that no Fortune500 company is going to care about my complaint. And I move on. This time it’s different.

All in all, I have probably spent weeks messing around and trying to get Apple’s ‘implementation’ of email encryption to work. It’s a mess. Other than a PhD in cryptography, apparently you also need Harry Potter like wizard powers to make it work seamlessly. Sadly, I am not a wizard and hence couldn’t quite bring it to work as well as my friends from Hogwarts. It’s a pretty frustrating experience. Normally, this is where I would sigh and move on with life. But something doesn’t quite make sense here. Why wouldn’t Apple make it easier for its customers to use S/MIME or PGP email encryption, which are, respectively, halfheartedly and not-at-all implemented? Didn’t Apple even pick a fight with the US government to supposedly protect the privacy of their customers?

Most of my 10 subscribed readers have probably clicked away at this point but the rest may want some geeky tech-background. So here it goes. Email is really, really old – almost as old as the internet in fact – and nothing has really changed since it’s inception. Nowadays, we are used to using encryption for many applications. From chat apps to browsers; from hard drives to cloud storage – we try to encrypt more and more as our lives gradually move online and we become vulnerable to attacks as a result. Over time we have learned that this is not some gimmick but that encryption actually matters when all of your most personal information floats around somewhere on the interwebs and the best you can hope for is that it isn’t all too easy to read/ spy on. So why won’t anyone rise to the challenge to finally make email safe, too?! Just a little reminder – email is huge! Humans, bots and maybe some cats send about 200 billion emails every day – all of which (you guessed it) are unencrypted. This includes company internal emails, families to send passwords of their shared accounts to each other and yes, the former US secretary of state to share military strategy with Brobama. That’s insane. The reason why Hillary Clinton did that by the way was not because the necessary technology isn’t around.

Like many others (me and an estimated ten other geeky people around the world), I TRY to use encryption but it is simply a pain. So much so that not a single person out of the thousands of recipients who are blessed with getting spammed by me have bothered to follow the instructions in my email signature ‘please consider using S/MIME email encryption’.

For Pete’s sake, it’s so not user-friendly that not even the US secretary of state can be bothered to implement it to keep, uhm, 318 million fellow citizens safe.

(I actually support Hillary or any other human being capable of forming a coherent sentence over Trump by the way).

Now, some may say that many email providers already offer encryption for emails from and to their servers (it’s called TLS). The problem is that this is not end-to-end. As a person, I may well want to send emails that I know are only read by the person it is intended to be received by. It isn’t good enough for me to know that Google encrypts my email for me from and to their servers. I want to hold the key – on my device (or in fact, technically, the recipient on their device to decode messages sent to them encrypted by me through their ‘public key’). There is a way to add this layer of security for all the same reasons that Apple stores your finger print for ‘TouchID’ (with which you unlock your latest iPhone) on your device encrypted by you and not someone else. All of this sounds complex (and currently is) but could be implemented to be easy as pie.

That is because a group of smart people have actually figured out how to do email encryption reasonably well. The before mentioned technologies PGP and S/MIME have been around for a while. The problem is that most clients (the various mail apps of our phones and computers) don’t support it. You need a whole world of plugins and open source software to make it work on some devices some of the time. For someone like Apple, who owns all the clients (Mail on iOS, MacOS, WatchOS, CarOS and counting) as well as iCloud with even ‘iCloud Keychain’ they could integrate email encryption seamlessly within a heartbeat by integrating your personal key automatically on all devices. There could be a simple pop-up when you set up mail for the first time: ‘Would you like to encrypt your emails to keep you and your family safe from insane hacker attacks entirely free of charge? – No, I like to live dangerously for no reason. – Yes, duh!’. Granted, the recipients of your emails will also have to make the easiest decision of their lives for messages between you to end up being encrypted both ways but this will happen once it is FINALLY easy to use and enough people flick the switch. Having this feature turned on only brings upsides. You can still send emails around just like before without feeling the slightest difference even if someone else doesn’t use encryption. You just allow others – who also choose to do so – to send emails in a way worthy of the 21st century.

I call on Apple to finally get this right. If not for the few geeks who demand this initially then for the large corporations who are increasingly looking at how to make sure their employees’ emails are secure. It may not be the easiest task to figure out a coherent solution for this but Apple should be able to pull this off – it is the intersection of many of their focus areas: privacy, ease-of-use, high-tech. They spend billions of dollars on research and development – by the time you reached this point of the post Apple spent an additional 30k US$ in R&D from an extra 120k US$ in profits and an extra 700 iPhones sold – heck, if they can’t get email encryption to work nicely no-one can (for numbers on Apple use this handy machine). There is no way that emails aren’t going to be end-to-end encrypted in the future. One company will have to be bold enough to implement it now. Whoever it is – they will deserve all the credit.

# # # # #

One thought

  1. Ich mag die Art wie du schreibst. Sätze wie “Other than a PhD in cryptography, apparently you also need Harry Potter like wizard powers to make it work seamlessly” sind großartig.


Leave a Reply