Privacy group EFF announces STARTTLS Everywhere to secure emails with hop-to-hop -- but not end-to-end -- encryption
When it comes to messaging tools, people have started to show greater interest in whether encryption is used for security, and the same for websites -- but not so much with email. Thanks to the work of the Electronic Frontier Foundation, however, email security is being placed at the top of the agenda.
The privacy group today announces STARTTLS Everywhere, its new initiative to improve the security of the email eco-system. STARTTLS is an addition to SMTP, and while it does not add end-to-end encryption, it does provide hop-to-hop encryption, which is very much a step in the right direction.
EFF is quick to point out that STARTTLS is not something that the average user will be able to simple tack onto their existing email services -- nor is it a replacement for secure end-to-end solutions. Rather it is something designed for email server admins and email service providers to integrate into their systems.
In a blog post introducing its proposal, EFF explains how STARTTLS works:
STARTTLS is an addition to SMTP, which allows one email server to say to the other, "I want to deliver this email to you over an encrypted communications channel." The recipient email server can then say "Sure! Let's negotiate an encrypted communications channel." The two servers then set up the channel and the email is delivered securely, so that anybody listening in on their traffic only sees encrypted data. In other words, network observers gobbling up worldwide information from Internet backbone access points (like the NSA or other governments) won't be able to see the contents of messages while they’re in transit, and will need to use more targeted, low-volume methods.
But as previously mentioned, STARTTLS does not pretend to offer the highest level of encryption. EFF says:
It’s important to note that if you don't trust your mail provider and don't want them to be able to read your emails, STARTTLS isn't enough. That’s because STARTTLS only provides hop-to-hop encryption, not end-to-end. For example, if a Gmail user sends email to an EFF staffer, the operators of the Google and EFF mailservers can read and copy the contents of that email even if STARTTLS is negotiated perfectly. STARTTLS only encrypts the communications channel between the Google and EFF servers so that an outside party can’t see what the two say to each other -- it doesn't affect what the two servers themselves can see.
The system is not without problems. There is a need for proper certificate validation for starters, and this is one of the reasons EFF is trying to raise awareness of STARTTLS and simplifying its use with STARTTLS Everywhere. This is "software that a sysadmin can run on an email server to automatically get a valid certificate from Let's Encrypt. This software can also configure their email server software so that it uses STARTTLS, and presents the valid certificate to other email servers". EFF goes on to explain that "STARTTLS Everywhere includes a 'preload list' of email servers that have promised to support STARTTLS, which can help detect downgrade attacks. The net result: more secure email, and less mass surveillance".
If you're interested in finding out more -- including technical details for admins -- EFF has taken a deeper dive in another post.
You can also check out www.starttls-everywhere.org to see how secure your current email provider really is.