Is your email secure? Or, to put it another way, if you were Hillary Clinton, would you be comfortable defending your email security at a Congressional hearing? The first thing you would probably say is that you have secure, encrypted email. Let’s say that you have a lock. You give a key to one individual […]
Is your email secure? Or, to put it another way, if you were Hillary Clinton, would you be comfortable defending your email security at a Congressional hearing? The first thing you would probably say is that you have secure, encrypted email. Let’s say that you have a lock. You give a key to one individual so that only he/she can open your lock. This would be the equivalent of an encrypted connection.
Here is the problem. Mathematicians have developed computational engines that can generate a lot of keys. Those keys can be tested in a lock, and at some point it is found which keys work with a particular lock. The really unfortunate part about all this is that there are many similar locks, so with the generated key or set of keys, someone could figure out which key will open your specific lock. And there goes your email security.
Are these computational engines expensive? You bet. There is an economy-of-scale problem here, because the use of these engines is not necessarily limited to nation states. Large companies such as Apple, Google, Amazon, and Facebook have plenty of money and spare computing resources to carry out cryptanalysis (deciphering coded messages; example: passwords) if so inclined. It is very likely that this type of service is now available on a pay-as-you-go basis (or will be soon) — making your email security vulnerable to anyone with enough money.
Can you spend your way out of this problem? Sure, if you can take a huge performance hit. For example, moving a typical dedicated mail server from 1024-bit to 2048-bit security (making it exponentially harder to crack) reduces the number of emails the server can send and receive by 80 percent, because of the additional computing resources used up in encrypting and decrypting the mail at each end. And increasing security again to 4096-bit is far worse. The problem here is not so much one of encryption level, type, or mathematics, but of trust. Most experts believe that 2048-bit security is adequate — until computing power increases, techniques improve, and then it’s not.
According to computer-security professor Alex Halderman, this changes the game for everyone. “Vulnerability on this scale is indiscriminate — it impacts everybody’s security, including American citizens’ and companies’ — but we hope that a clearer technical understanding of the cryptanalytic machinery behind this surveillance will be an important step towards better security for everyone.”
So what can you do to protect yourself or your company? Essentially, you need to consider three things: the importance of confidentiality for your sent and received emails; the email volume you need your servers to be able to handle; and the money and resources you/your company have to spend. If it’s necessary that all of the emails to and from the server be absolutely secure and confidential (insofar as that’s possible — whatever your security level, there’s always the chance of an attack from an unexpected direction), you will have to spend plenty of money on servers to compensate for the reduced volume of emails the server can handle. If total secrecy isn’t paramount, you can optimize for email volume, low cost, or a combination of the two. Choose your priority and build around that.
Bill Abrams is a business consultant that specializes in IT security, social media, and data science. Contact him at babrams@nsaco.com