Subscribe to Dr. Granville's newsletter

A new type of weapons-grade secure email

Guest blog by Vincent Granville, first posted here.

With email encryption being targeted by the government as if it was criminal activity (read the story about the Lavabit platform), this could be a great opportunity for mathematicians and data scientists: creating a startup that offers encrypted email that no government or entity could ever decrypt, offering safe solutions to corporations who don't want their secrets stolen by competitors, criminals or the government.

Key on a sheet with encrypted data Stock Photo - 13903139

Here's the kind of email platform that I have in mind:

  • It is offered as a web app, for text-only messages limited to 100 KB. You copy and paste your text on some web form hosted on some web server (referred to as A). You also create a password for retrieval, maybe using a different app that creates long, random, secure passwords. When you click on submit, the text is encrypted and made accessible on some other web server (referred to as B). A shortened URL is displayed on your screen: that's where you or the recipient can read the encrypted text.
  • You call (or fax) the recipient, possibly from and to a public phone, provide him with the shortened URL and password necessary to retrieve and decrypt the message. 
  • The recipient visit the shortened URL, enter your password, and can read the unencrypted message online (on server B). The encrypted text is deleted once the recipient has read it, or 48 hours after the encrypted message was created, whichever comes first.
  • The encryption algorithm (which adds semi-random text to your message prior to encryption, and also has an encrypted time stamp, and won't work if no semi-random text is added first), is such that (i) the message can never be decrypted after 48 hours (if the encrypted version is intercepted) as a self-destruction mechanism is embedded into the encrypted message and into the executable file itself, and (ii) if you encrypt twice the same message (even an empty message or one consisting of just one character), the two encrypted versions will be very different, of random length and at least 1 KB in size, to make reverse-engineering next to impossible. Maybe the executable file that does perform the encryption would change every 3-4 days for increased security and to make sure a previously encrypted message can no longer be decrypted (you would have the old version and new version simultaneously available on B for just 48 hours).
  • The executable file (on A) tests if it sits on the right IP address before doing any encryption, to prevent it from being run on (say) a government server. This feature is encrypted within the executable code. The same feature is incorporated into the executable file used to decrypt the message, on B.
  • A crime detection system is embedded in the encryption algorithm, to prevent criminals from using the system, by detecting and refusing to encrypt messages that seem suspicious (child pornography, terrorism, fraud, hate speech etc.)
  • The platform is monetized via paid advertising, by advertisers such as bitcoin and anti-virus software.
  • The URL associated with B can be anywhere, change all the time, or based on the password provided by the user, and located outside US. 
  • The URL associated with A must be more static. This is a weakness as it can be taken down by the government. However a workaround consists in using several specific keywords for this app, such as (say) ArmuredMail, so that if A is down, a new website based on the same keywords will emerge elsewhere, allowing for uninterrupted service (the user would have to do a Google search for ArmuredMail to find one website - a mirror of A - that works).
  • Finally, no unencrypted text is stored anywhere.

Indeed, the government could create such an app and disguise it as a private enterprise: it would in this case be an honeypot app. Some people worry that the government is tracking everyone and that you could get in trouble (your Internet connection shut down, bank account frozen) because you posted stuff that the government algorithms deem extremely dangerous, maybe a comment about pressure cookers. At the same time, I believe the threat is somewhat exaggerated. While there is a risk for false positives, you will never be sent in jail for talking about pressure cooker recipes (at worst, you'll get a visit from the NSA - someone indeed did). While big data and big brother are getting bigger and more powerful every second, the number of available cells in prison is not increasing. Maybe it is even decreasing. So even if magically, millions of people suddenly wanted to become law enforcement, NSA, CIA or FBI agents (and the money was available to train and hire them), there is just simply not enough prison cells to accommodate more prisoners (US has the largest prison population of any country, measured as the proportion of people incarcerated at any given time).

On the other side, many people seemed to be OK with increased regulations and more police. I think this is a side effect of living in an over-crowded world, with unsustainable population growth: the younger generation accepts or is forced into lower quality of life, having to share a small apartment with many roommates in over-crowded cities. They are more risk-adverse on average, and worry about all sorts of real issues such as increased terrorism, the risk of an epidemics, giant financial systems that could collapse under their own weight, pollution killing people at a younger age, etc. I believe eventually people will find solutions to escape from this environment, maybe by building floating cities, cities under the see, or underground cities. In my case, after many years of cubicle life and the morning and afternoon rat race (AKA the commute), I no longer drive to work, and have a much better lifestyle working from home 100% of the time - for the safest job one could ever wish to have: one that you created yourself, an adaptive, lean, agile enterprise that you founded yourself with a few great partners. But this is another story.

Anyone interested in building this encryption app? Note that no system is perfectly safe. If there's an invisible camera behind you, filming everything you do on your computer, then my system offers no protection for you - though it would still be safe for the recipient, unless he also has a camera tracking all his computer activity. But the link between you and the recipient (the fact that both of you are connected) would be invisible to any third party. And increased security can be achieved if you use the web app from an anonymous computer - maybe from a public computer in some hotel lobby.

Related articles

E-mail me when people leave their comments –

You need to be a member of Messaging News to add comments!

Join Messaging News

Messaging Events