[Cryptography] Comey: targeted ads => plaintext access

Jerry Leichter leichter at lrw.com
Sun Sep 13 17:38:49 EDT 2015

> [D]oesn't the FBI's Comey have a point?  If an email provider can target ads based upon keywords in the plaintext of your emails, why can't the FBI have access to the same plaintext?
> Obviously, any scheme that targets ads based upon the *unencrypted content* of an email must *leak a certain amount of information from that content* -- at least to the ad broker....
The problem with his argument is that everyone who understands email as currently implemented knows that it's fundamentally insecure, at many levels.  The basic design assumes the server has some degree of access to the plaintext of messages.  Targeting ads is one use; so is server-side searching of messages, which most servers today support.

So, yes, no one worries about the effect of security of the ability of the server to read messages that, by design, are accessible to the server as plaintext.

The plaintext itself *can* be protected by using an end-to-end encryption protocol.  That will prevent targeting of ads - and things like server-side searches.  (It doesn't provide the kind of security properties you'd probably really like to have, but that's another story.)

                                                        -- Jerry

More information about the cryptography mailing list