STEED - Usable end-to-end encryption

[Marcus Brinkmann]

On 10/20/2011 10:25 PM, Matthias-Christian Ott wrote:
> But who are the providers? Except for people who work in computer
> science, physics or similar fields I don't know people who run their own
> mail servers or are part of a cooperative. Most other people use a
> handful of providers who often offer free service in exchange for the
> loss of privacy or at least some form of semi-targeted advertisement. Do
> you expect those providers to ruin their business models by implementing
> this proposal? I wouldn't count on them.

Maybe.  But the only way to fail for certain is by not trying.  There are
other business models and market pressures beside those that you are
highlighting.  It's not easy to predict.

> Perhaps the providers could also be forced by law not to implement
> this, because (if I remember correctly) come countries require that
> they store at least the header information (including subject, which
> should also be encryted by the system) for traffic analysis. So in
> the worst case the providers couldn't implement this without breaking
> the law (I doubt that citizens could use the system without breaking the
> law in this situation either, but individuals are often more venturous
> than organisations).

STEED is fully compatible with existing mail encryption, so we do not include
the headers in the plaintext.  I am not an expert, but as far as I know the
regulation usually demands to store connection data that is available, it does
not ask for data that is not available for whatever reason.  I think your
interpretation of the regulations in that area is overly pessimistic, but I
could be wrong.  Maybe you can verify this?

> What about making everyone their own provider? The efforts in this
> direction intiated by Eben Moglen that lead to the FreedomBox and other
> projects seem to go in the right direction. It doesn't seem to me less
> realistic than requiring cooperation from providers.

I think everybody deserves private email communication, not only those who are
willing to be their own provider.  We don't expect people to carry out their
own snail mail letters either, and the business model of the post office does
not require spying on the letters.

Now, it may be the case that the freedom box is (or will be) a more attractive
way for people to do email, and everybody will use it and nobody will use
proprietary email service providers.  That would be excellent!  The FreedomBox
project is a very important project, and it deserves our strongest support
possible.  If it is a better alternative, we still need to convince the
FreedomBox project to adopt the STEED proposal (not a single word in the paper
would have to change).  And I agree that this is an overall more appealing
task than trying to convince the proprietary providers.

But, we have to go where the users are, and we have to try our best to get the
providers cooperation.  There is no benefit in ignoring them and their users
just for our convenience.

If this is too daunting for you, please remember that we do not have to get
their active cooperation.  If they accept it grudgingly because not following
along would be bad business (or illegal), then that's good enough.  That
requires that we raise the state of the art in the field.

Maybe you are still not convinced.  Then let me give you an illustrative
analogy.  (Disclaimer: I am not associated with SawStop or anybody involved,
nor have I met anybody involved or used their product).  An inventor created a
table saw that can prevent injury by stopping the blade as soon as it is
touched by human flesh ("SawStop").  According to the inventory, he could not
get the technology to be marketed by the big table saw companies.  His claim
is that the companies think that by raising the safety measures in the table
saw, they would be more liable for table saw accidents, which would make them
subject to litigation.  Eventually he created his own SawStop product line.
Now, after several years, lawmakers and regulators have taken notice and might
make sawstop like technology mandatory in table saws.

Now, maybe SawStop is bad technology, maybe it's good.  But at least something
is true: As long as no candidate technology like it exists, the question
doesn't even come up.  That's the state we are at with email encryption.
Everybody who tried has learned that email encryption is not worth the hassle.
 Everybody who hasn't tried just expects email to be secure and might not even
be aware that it is not.  It's time to change that equation, don't you think?

The good news is that STEED will integrate extremely well in P2P systems.  The
dependency on a provider in STEED is not integral to the proposal, but just a
consequence of people already relying on their providers infrastructure for
everything else.  If users use different infrastructure, STEED will also work
over that infrastructure just as well.

Thanks,
Marcus