At Defcon 22 – ‘the largest hacking conference in the world’ – which took place this year on 7-10 August in Las Vegas, two US IT experts revealed what they had achieved since their successful crowdfunding campaign on Kickstarter in late 2013 to get Dark Mail, a tool designed to guarantee email data security, up and running.
Following last year’s ‘Summer of Snowden’ revelations about the US National Security Agency’s mass surveillance activities, Internet users have become increasingly concerned about the use to which their data transiting over the Internet could be put. Email ‘boxes’, which often carry sensitive and confidential information, are exposed to surveillance because the encryption system designed to protect the email content does not hide the metadata – i.e. the person to whom you are sending the email, the subject of the message, the time you sent it, and such basic details. It is no chance occurrence that US software engineer Ladar Levison has now decided to launch Dark Mail with the help of star hacker Stephen Watt. The idea was actually conceived six years ago, but Levison thinks that now the time is right to graft the Dark Mail tool on to traditional email boxes in a bid to block mass surveillance.
Email confidentiality now for all
Tools that enable IT buffs to encrypt their metadata using private and public keys, such as the data encryption programme Pretty Good Privacy (PGP), have been around for a long time. Like the secure multiplatform communication services firm Silent Circle launched by Phil Zimmermann, which encrypts data for all mobile communications across-the-board, Dark Mail is now offering this type of service to novices, while ensuring that the experience of sending an email remains as straightforward as before. “The mechanism – which is by no means straightforward for the average user – whereby you use the public key of the person you’re sending your email to, will no longer be a problem,” explains Cloud Computing specialist Guillaume Plouin. Whereas when using Silent Circle your correspondent also has to be a subscriber, Dark Mail will enable you to communicate by email with your recipients whoever their service provider is. At the same time Dark Mail limits the extent to which spy software can view your metadata.
A model suitable for everyone to use?
Although most Internet users do not seem directly affected by these surveillance problems, Guillaume Plouin points out that “political figures and business people tend to be on the lookout for this kind of tool.” However, following the recent interest in Dark Mail shown by the main email service providers, one might envisage this type of message and metadata encryption becoming more widespread and even systematic, so that confidentiality issues could perhaps disappear. Plouin underlines that while access to metadata can prove lucrative, major Internet players such as Google will prioritise the “concern for user trust”, which they now have to win back following the loss of credibility arising from the revelations about NSA surveillance activities.