Thunderbird and end-to-end email encryption – should this be a priority?
In the last few weeks, I’ve had several interesting conversations concerning email encryption. I’m also trying to develop some concept of what areas Thunderbird should view as our special emphases as we look forward. The question is, with our limited resources, should we strive to make better support of end-to-end email encryption a vital Thunderbird priority? I’d appreciate comments on that question, either on this Thunderbird blog posting or the email list tb-planning@mozilla.org.
In one conversation, at the “Open Messaging Day” at OSCON 2015, I brought up the issue of whether, in a post-Snowden world, support for end-to-end encryption was important for emerging open messaging protocols such as JMAP. The overwhelming consensus was that this is a non-issue. “Anyone who can access your files using interception technology can more easily just grab your computer from your house. The loss of functionality in encryption (such as online search of your webmail, or loss of email content if certificates are lost) will give an unacceptable user experience to the vast majority of users” was the sense of the majority.
In a second conversation, I was having dinner with a friend who works as a lawyer for a state agency involved in white-collar crime prosecution. This friend also thought the whole Snowden/NSA/metadata thing had been blown out of proportion, but for a very different reason. Paraphrasing my friend’s comments, “Our agency has enormous powers to subpoena all kinds of records – bank statements, emails – and most organizations will silently hand them over to me without you ever knowing about it. We can always get metadata from email accounts and phones, e.g. e-mail addresses of people corresponded with, calls made, dates and times, etc. There is alot that other government employees (non NSA) have access to just by asking for it, so some of the outrage about the NSA’s power and specifically the lack of judicial oversight is misplaced and out of proportion precisely because the public is mostly ignorant about the scope of what is already available to the government.”
So in summary, the problem is much bigger than the average person realizes, and other email vendors don’t care about it.
There are several projects out there trying to make encryption a more realistic option. In order to change internet communications to make end-to-end encryption ubiquitous, any protocol proposal needs wide adoption by key players in the email world, particularly by client apps (as opposed to webmail solutions where the encryption problem is virtually intractable.) As Thunderbird is currently the dominant multi-platform open-source email client, we are sometimes approached by people in the privacy movement to cooperate with them in making email encryption simple and ubiquitous. Most recently, I’ve had some interesting conversations with Volker Birk of Pretty Easy Privacy about working with them.
Should this be a focus for Thunderbird development?
75 responses
Faldrian wrote on
Ronan Jouchet wrote on
switch wrote on
Tim wrote on
Pfalzgraf wrote on
Tim wrote on
Martin wrote on
Tim wrote on
Tim wrote on
Aas wrote on
Hervé wrote on
Hervé wrote on
Rafi wrote on
David Ross wrote on
Naos wrote on
Mebug wrote on
platypus wrote on
Jörg Wartenberg wrote on
Haakon wrote on
Ken Saunders wrote on
Ken Saunders wrote on
Haakon wrote on
Jeroen wrote on
Michael wrote on
Wade wrote on
Vulcain wrote on
Ken Saunders wrote on
Ian Thomas wrote on
eduardo wrote on
Bill B wrote on
grey wrote on
Ka wrote on
Pfalzgraf wrote on
TBird Vet wrote on
David VANTYGHEM wrote on
SĂ©bastien wrote on
Pierre wrote on
Elliott wrote on
Coin wrote on
Ingo wrote on
Patrik wrote on
Stéphane wrote on
petr wrote on
Henri wrote on
Satai wrote on
KS wrote on
Tomas Rusnak wrote on
Dis wrote on
Mitch wrote on
MikeMike wrote on
Tim wrote on
Gary Gapinski wrote on
Orv wrote on
AS wrote on
BoerenkoolMetWorst wrote on
Joe Anon wrote on
LK wrote on
Sean Palmer wrote on
Steven Hamilton wrote on
Anne wrote on
Private Citizen wrote on
qwerty wrote on
Tonda wrote on
Nico wrote on
TB_AdminUser wrote on
Paul R. Rogers wrote on
albatros wrote on
Hugo Thiessard wrote on
charlesay wrote on
John Shea wrote on
Cryptie wrote on
Max wrote on
Charpy wrote on
Freddy wrote on
eskualakari wrote on
Comments are closed.