[Cryptography] What ever happened to end-to-end email encryption?

[Jerry Leichter]

> Despite PGP and S/MIME having been designed zillions of years ago, it seems like end-to-end email encryption/integrity protection are not widely used. Which of the following is reasonably close to the truth? ...
> 
All the things you list played a role, but I suspect the following were what mainly determined the direction:

1. Early implementations didn't provide any encryption and no one expected it.  (Of course, this is from the era when nothing was encrypted so that's not surprising.)
2. The solutions that appeared required additional pieces to be installed and were clunky and difficult to use, so never had a chance to catch on beyond the cognoscenti.
3. When email became a mass phenomenon, Web clients quickly took over.  These days, gmail is the defacto standard for almost everyone.  The only way Web clients could securely do end-to-end encryption would have been for the browser vendors to standardize and implement appropriate interfaces.  But there's no money in that - never has been, and no one cared enough.  (I suppose someone might have produced a plug-in.  The only plug-in that ever had really broad penetration was Flash, but it might be interesting to consider alternate histories.  Had there been a secure email plugin, by now the Web standards would almost certainly have incorporated something similar, as they moved to replace Flash - a much, much harder problem.)
4.  On the business side, if it isn't Exchange, it doesn't exist.  Microsoft could easily have defined end-to-end encryption between Outlook endpoints, and even in its Web interfaces if run on Microsoft browsers.  But they clearly haven't seen a business demand for this.
5.  The young'uns today don't do email anyway.  Multiple other services have taken over many of its roles.  Some of them - iMessage lead the way - are encrypted.  Many are effectively broadcast media and there's not much point in encrypting stuff that you're broadcasting to the world at large anyway.  And, of course, even the nominally private ones are monetized by analyzing their content, which wouldn't be possible if they were end-to-end encrypted.

Trying to introduce an encrypted mail service today means either giving up backward compatibility and limiting yourself to a tiny subset of the global email population; or accepting the fact that most of your correspondents don't have the capability to do end-to-end encrypted email, don't even understand why they might want to, and mainly just don't care.

As an interesting case in point, consider Apple's mail services.  Anyone who has an Apple account - hundreds of millions of people - automatically gets an Apple email address.  Usage is low, for whatever reasons (mainly that Apple has never made a big deal of pushing the services), but it's still huge by the standards of anyone trying to establish a new service.  Apple could easily have offered end-to-end encryption on the iMessage model:  If sender and all recipients are Apple mail accounts, (the addresses are displayed in blue and) the messages are encrypted.  You'd only be able to read them using Apple's mail programs or, if using their Web mail interface, running it on Safari.  But even though it would fit the image they work to project of protecting privacy, they never have.  I suspect one reason - beyond little perceived demand - is that they don't want to deal with all the complaints that will inevitably arrive when people realize that they wouldn't be able to access their own email through some hotel's browser "for a quick check."  The expectation is that email just works, everywhere, all the time - and the existing endpoints don't support encryption.  Good luck changing that.
                                                        -- Jerry



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210821/64eb4476/attachment.htm>