I’ve written many times about the need to make email encryption accessible to Aunt Millie (see here, here, and here for example). Sadly, it’s a really hard problem. Now, maybe there’s some hope. The Wall Street Journal has an interesting story about Moxie Marlinspike, who, the WSJ says, is terrifying the FBI with software that holds the promise of universal encryption.
Marlinspike is producing encryption software that obviates the need for user key management, the really hard part of building a robust encryption framework. From what I can see, it works pretty much like iMessage to handle the keys and perhaps the messages go to a server to help mitigate leaking too much metadata. The server part doesn’t matter because the encryption is end-to-end and the server never sees message content. Since the servers don’t keep logs, third parties can’t get at the metadata either, at least not directly.
Right now, there are secure phone and text messaging components but an email solution is underway. When that happens, governments are going to have to come clean, admit what they’re doing, and pass laws trying to outlaw the services. It’s not clear that they’ll be able to do that.