NSA & FBI won the fight over email encryption

May 2nd 2017

NSA & FBI won the fight over  email encryption

The Snowden affair has raised lots of concerns in the technology world. On the one hand, a huge amount of leaked documents suggest that big companies have been collaborating with intelligence agencies by sharing private information. On the other hand, those same companies claim their servers have been hacked without their knowledge.

The situation became even more complex when those companies shared their efforts in adding extra layers of security on their servers or when they publicly called for more government transparency. Did Microsoft work with the NSA ? If so, why have they been sued by the American government for protecting a Hotmail user supposedly localized in Ireland and therefore out of the US jurisdiction ? Why is Apple listed in the infamous PRISM program if Tim Cook publicly fights for user privacy and refused to help the FBI in the San Bernardino case ?

To the end user, one question inevitably comes to mind : who shall I believe ? Are those companies acting a role in the name of the US government ?

Failed promises

In light of privacy debates, about three years ago, Google and Yahoo! promised to fight mass surveillance programs all over the world by natively implementing mail encryption. The idea was that if the NSA and the FBI can hack email accounts despite all privacy measures, then they won't be able to read them. This directly addresses end-users. And, well, to that date, we’re still waiting.

It's worth noting that at the time, both companies heavily relied on their mail scanning systems to display ads in their webmail. I personally was kind of skeptical about those announcements. You surely can’t properly target a consumer if the mailbox if full of encrypted messages. But still, I was naively hoping. Gmail gave up on mail scanning a few months ago though. But it seems the work on such an encryption tool has been given up.

Were those just words and faked promises to hang on to while the privacy debates fade away ? It does look like it.

Google and Yahoo! have created repositories in GitHub under the name E2E or "End-to-End encryption". This was supposedly a means to coordinate their work and to be more transparent to the end user. Every developer can commit a change or point a bug to the project in order to enhance it.

Now looking at those Github repositories, it seems that the last commit Google made to the project dates back to February 24th. The one before that was made nearly a year before in April 2016. As for Yahoo and their infamous hackable webmail, they stopped working on their own fork on January 2016.

FBI and NSA won the fight

The truth is, the situation hasn't changed a bit and our webmail are as hackable as they were four years ago. Sure we now have more two-factor authentication but let's be honest, apart from technology-enthusiast people, who take the time to turn it on ?

E2E for email will probably never materialize. The only company that comes to mind is Proton Technologies, a group of Switzerland-based researchers who built ProtonMail to simplify email encryption. They were born out of the Snowden affair and continue their work.

Yet the real fight takes place with the big names : Google, Yahoo, Microsoft. In the end, it seems they all bowed before the FBI and the NSA.