On Mon, Feb 03, 2014 at 02:02:31PM -0500, Dale R. Worley wrote:
>
> The recent news reports that I have seen are that the NSA's pervasive
> monitoring focuses on "metatada", "who is talking to whom". And the
> trouble with end-to-end confidentiality mechanisms is that they do not
> hide the destination address; indeed they can't. And it seems to me
> that almost no confidentiality systems have been focused on
> confidentiality of message destinations.
That's what NSA is doing for telephones, and briefly using e-mail
analyzing communications between US preson under their authorities
(or claimed authorities) under section 215 of the Patriot Act.
It would be a mistake to assume this is *all* they are doing. Indeed,
it's likely that the NSA is actually doing keyword based filtering of
content, for communications that are between non-US persons and where
the endpoints are outside of the US. This is done under their
authorities granted to them under Executive Order 12003.
Given that the FBI wanted to drop "Carnivore" servers in US data
centers to do this kind of keyword based filtering many years ago,
it's certainly within the capabilities the US Intelligence Community.
So to the extent that non-US persons want the same level of privacy
that apparently US persons have (unless there is some other secret
court order with some other secret law interpretation we're not aware
of which is enabling the FBI to do this kind of snooping, and we just
don't know about it yet), it's not surprising people are interested in
encrypting e-mail bodies.
Encrypting the endpoint identities is a lot more difficult, since you
need to route the information somehow. There are solutions such as
onion routing, but they ease of use isn't quite there, and I don't
think they currently would scale well if huge numbers of people were
using them.
Certainly hiding the RFC-822 headers, including the subject lines,
inside the encrypted body would certainly be a good start, but of
course that doesn't solve the issue of the SMTP envelop information.
- Ted