<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
This is the text from a blog post today on the Thunderbird blog:<br>
<br>
See
<a class="moz-txt-link-freetext" href="https://blog.mozilla.org/thunderbird/2015/08/thunderbird-and-end-to-end-email-encryption-should-this-be-a-priority/">https://blog.mozilla.org/thunderbird/2015/08/thunderbird-and-end-to-end-email-encryption-should-this-be-a-priority/</a><br>
<p>In the last few weeks, I’ve had several interesting conversations
concerning email encryption. I’m also trying to develop some
concept of what areas Thunderbird should view as our special
emphases as we look forward. The question is, with our limited
resources, should we strive to make better support of end-to-end
email encryption a vital Thunderbird priority? I’d appreciate
comments on that question, either on this Thunderbird blog posting
or the email list <a class="moz-txt-link-abbreviated" href="mailto:tb-planning@mozilla.org">tb-planning@mozilla.org</a>.</p>
<p>In one conversation, at the <a
href="http://www.oscon.com/open-source-2015/public/schedule/detail/45257">“Open
Messaging Day”</a> at OSCON 2015, I brought up the issue of
whether, in a post-Snowden world, support for end-to-end
encryption was important for emerging open messaging protocols
such as <a href="http://jmap.io/">JMAP</a>. The overwhelming
consensus was that this is a non-issue. “Anyone who can access
your files using interception technology can more easily just grab
your computer from your house. The loss of functionality in
encryption (such as online search of your webmail, or loss of
email content if certificates are lost) will give an unacceptable
user experience to the vast majority of users” was the sense of
the majority.</p>
<p>In a second conversation, I was having dinner with a friend who
works as a lawyer for a state agency involved in white-collar
crime prosecution. This friend also thought the whole
Snowden/NSA/metadata thing had been blown out of proportion, but
for a very different reason. Paraphrasing my friend’s comments,
“Our agency has enormous powers to subpoena all kinds of records –
bank statements, emails – and most organizations will silently
hand them over to me without you ever knowing about it. We can
always get metadata from email accounts and phones, e.g. e-mail
addresses of people corresponded with, calls made, dates and
times, etc. There is <strong><em>alot</em></strong> that other
government employees (non NSA) have access to just by asking for
it, so some of the outrage about the NSA’s power and specifically
the lack of judicial oversight is misplaced and out of proportion
precisely because the public is mostly ignorant about the scope of
what is already available to the government.”</p>
<p>So in summary, the problem is much bigger than the average person
realizes, and other email vendors don’t care about it.</p>
<p>There are several projects out there trying to make encryption a
more realistic option. In order to change internet communications
to make end-to-end encryption ubiquitous, any protocol proposal
needs wide adoption by key players in the email world,
particularly by client apps (as opposed to webmail solutions where
the encryption problem is virtually intractable.) As Thunderbird
is currently the dominant multi-platform open-source email client,
we are sometimes approached by people in the privacy movement to
cooperate with them in making email encryption simple and
ubiquitous. Most recently, I’ve had some interesting conversations
with Volker Birk of <a href="http://pep-project.org/">Pretty Easy
Privacy</a> about working with them.</p>
<p>Should this be a focus for Thunderbird development?</p>
<br>
</body>
</html>