Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Can Kim Dotcom rescue secure email?

John P. Mello | Aug. 14, 2013
Mega looks to fill gap left by exit of Lavabit and Silent Circle.

For example, Mega uses Javascript to encrypt and decrypt data. That can be problematic with email. In 2007, for instance, Hushmail, which was supposed to be a secure email system, at the behest of law enforcement, used javascript to scrape their customers' password so plaintext versions of their email could scrutinized.

"That essentially turned an assumed endpoint-security service model into a host-based model, which was then exploited by law enforcement organizations to break the system," the source from Cryptocloud said.

"So everyone is very leery of served javascript because it can be intentionally poisoned, or even intercepted mid-stream via BEAST toolkits and whatnot," the source said.

Even if encryption problems are solved, there's always the problem of metadata, which can't be encrypted and can be very useful for any kind of snoop. It includes the subject of a message, who the email is addressed to, who sent it and when it was sent.

"That information is extremely valuable," Green noted. "When the NSA was collecting data from Verizon, all it wanted was metadata. It didn't care about the phone calls themselves."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.