Secure messaging – why isn’t there an alternative to email?

With the furor surrounding the revelation of the NSA domestic spying program in the U.S., there has been some significant fallout. Significant to those who work in technology and follow it as I do.

The first one was the shuttering of Lavabit. Now, I’ll admit I’d never heard of the service prior to the announcement that they were shutting down, but that’s much less interesting than the reason they were shutting down. Essentially, they were a service used by Edward Snowden, and because of that the lawyers had come knocking at the door for information. The founder of Lavabit felt that his only option to protect his clients was to shut down the service. There is now discussion around whether or not his shuttering of the service will be seen as obstruction and if there will be fallout.

Today it was announced that Groklaw, a website dedicated to explaining the intricacies of certain legal cases, will also be shutting down. Their reason – they rely heavily on email for correspondence with those who submit news, and they no longer feel that email is a safe mode of communication. The full article regarding their shutdown is available here (for as long as their website remains online, at least).

With these things going on, and as someone who has been poking around the internet for an awful long time now, I’m sitting here wondering – why isn’t there a better alternative to email yet? I mean, discarding the fact that if you’re a Gmail/Hotmail/Yahoo user, all of your mail is stored by a large U.S. company who will likely hand over your information at the slightest hint of pressure from the government, it is also a fact that email as a protocol is transmitted in clear text across the internet. Most people don’t care so much about this because it would take a concerted effort to intercept someones personal email as it transits the internet rather than just catching it at the sending or receiving endpoint – but now we have the information that the NSA is apparently doing just that, or something very close to it.

I remember the first time I heard about PGP, and I thought “Here we go, we’ve got a solution to this plain text email baloney” – but adoption never took off, and it remained something that only the so called overly-paranoid would resort to (with the information we have now, “overly-paranoid” suddenly seems more like “reasonably-paranoid”).

There have been other technologies which have come along, yet significant adoption seems to have eluded every one of them. The simplicity of popping open webmail from anywhere has entrapped us all into a technology that is inherently insecure and is practically begging to be “monitored” by an agency such as the NSA.

So, someone tell me, why isn’t there an encrypted mail/IM/file transfer system that uses P2P for delivery/storage. If I can come up with this, someone else smarter than I am surely has. Where is it? I’ll sign up right now!

0 comments