Secure E-mail through the Dark Mail Alliance

What is the Dark Mail Alliance? It’s a coalition of different experts in encryption and internet security, who are concerned about e-mail privacy. The team includes Phil Zimmerman, “the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world.” [so says Wikipedia] They are putting their collective heads together to make e-mail communication more secure.

The project is called “Dark Mail” because your e-mail is “dark”, i.e. unseen or unknowable to others. Current methods of e-mail encryption are lacking in security. PGP does not encrypt the To, From, Subject line, or IP address; Dark Mail will encrypt it all. Even e-mail stored on your computer remain encrypted. PGP uses the older RSA encryption standard. Dark Mail uses the newer EC-384 standard for higher security. PGP is complicated and difficult to use. Dark Mail is designed to be simple.

The Dark Mail system will be available to any e-mail provider who wishes to offer it. So it might be renamed by various providers. Dark Mail is the underlying technology.

Who do you trust? Some “secure” e-mail system’s today are dependent on the trustworthiness of the e-mail provider — and whether or not they will comply with a court order to give up an encryption key. Dark Mail does not trust the encryption key to your e-mail provider; it stays on your computer only.

Why should you care? You’re not doing anything illegal, I’m assuming — or at least not so illegal that the government will be targeting your e-mail communications. Well, there are a few considerations here. First, the NSA has been sweeping up huge quantities of data from the internet, from anyone and everyone. They’ve also been collecting e-mail address books from Yahoo Mail, Hotmail, Gmail and other web e-mail providers. You don’t have to be a suspect in some investigation.

Then again, if an e-mail provider offers encrypted e-mail, and a court orders them to give up the encryption key to the government, all the e-mails that go through that provider are exposed, not just the target of the court order. This is the case with Lavabit’s “secure” e-mail system.

Other than government intrusion, using a secure e-mail system protects you if you are bugging out, and your laptop is stolen or lost. It protects your private communications if you are e-mailing through a work WiFi network, or a public WiFi connection when you are away from home.

In the information age, anything digital is inherently vulnerable to a loss of privacy through disclosure on the internet. Using e-mail encryption gives you the digital privacy that you reasonably expect for private conversations by e-mail. You don’t need to be a spy or a criminal to want or expect your personal conversations to be confidential.

Dark Mail is expected to be released in early 2014.

– Thoreau

Comments are closed.