[Cryptography] Email is unsecurable

Mon Nov 25 17:25:45 EST 2013

It's worth pointing out that one use case for secure email has arisen, and has solutions.  Medical and financial service providers (and probably others, by now) have realized (or been pushed by regulations) that they can no longer send unencrypted email containing sensitive information to their clients.  The solution a couple I deal with are using is to send email purely as a notification, pointing to a "secure message" service.  This is a Web service that lets you read mail from (say) your broker and reply, all within a "secure" closed system.

The predecessors of such systems are common - many web sites provide a way to exchange messages directly with the site owner.  (I think people are outsourcing this exactly to try to put the liability for security issues on an outsider.)

So we're growing isolated islands of "secure" (there's really no way for anyone to judge from the outside just how "secure" these things are) email services, which have limited functionality and don't in any way interconnect.  Sad.

                                                       -- Jerry