Wednesday, August 20, 2014

Netiquette IQ - Facebook Reports a Surge in Use of Encrypted Email

Current technology is bringing email users closer to the reality of tamper-proof email. The article below clearly reflects this rapid evolution.
======================================
Facebook reports enormous uptick in use of snoop-proof email
The social network sends billions of emails to users daily and says adoption of the encryption standard it uses has skyrocketed among webmail providers.
by Seth Rosenblatt
presented by
Keeping email safe from prying eyes is a joint effort, with both the sender and receiver needing to implement encryption technology. And Facebook -- which sends its user base billions of notification emails every day -- says things have gotten significantly more secure because of changes made by popular webmail providers such as Microsoft and Yahoo.
The percentage of outbound notification emails sent from Facebook that are received by email services which support encryption has jumped from less than 30 percent in May to 95 percent by mid-July, according to a Facebook blog post published Tuesday.
That rate of adoption is exceptionally rare, said Jim Fenton, formerly the chief security officer at password replacement firm OneID and now an independent Internet technologist.
"Facebook's measurement is probably as favorable as it can be," Fenton said, pointing out that Facebook's unique situation -- outgoing email only, measured by volume, to large webmail providers for personal use more than work email accounts -- allowed Facebook to achieve such a rapid turn-around.
The change comes amid a growing effort by webmail providers to better support encrypted email. That's a reaction to National Security Agency snooping revealed by whistle-blower Edward Snowden, and it's a necessity at Facebook, where notification emails about posts and comments made by users' friends often contain snippets of private or semi-private content from the site.
The kind of basic webmail encryption Facebook refers to in its blog post is provided by a technology called STARTTLS, which uses Transport Layer Security encryption to make it harder to spy on email. The challenge with keeping email secure is that it requires both the sender and the receiver to support the same encryption technology -- otherwise messages remain unprotected. Though Facebook has supported STARTTLS for several years, of the three biggest webmail providers, only Google's Gmail had adopted it.
Facebook said in its post that now that Microsoft and Yahoo are on board with STARTTLS, the majority of the social-media site's notification emails are encrypted with two common encryption techniques. One is Forward Secrecy, a technique that prevents the same numeric encryption keys from being used more than once, which would make messages easier to crack. The other is strict certificate validation, which is a high standard for ensuring that a digital authentication certificate -- which email systems check to verify who's sending a message -- has not been forged.
A Facebook spokesman told CNET that the company is working on getting the other 5 percent of webmail providers to use encryption. "All major providers we've talked to are either using STARTTLS or are actively working on deploying it," he said.
A Microsoft representative noted during a previous interview that webmail encryption efforts are tricky because of the two-way-street situation involving sender and recipient.
Yahoo declined to comment.
Facebook sends billions of notification emails to millions of domains every day, Facebook email engineer Michael Adkins said in a blog post last May. While that represents only a fraction of all email sent daily, the move to STARTTLS by webmail providers represents a quick victory in the wake of the outcry over NSA surveillance.
Other encryption-related efforts include initiatives from Google, Yahoo, and Ladar Levison, whose now-shuttered company Lavabit was suspected of being Snowden's webmail provider. Google and Yahoo are working on a webmail encryption setup that would hide the contents of an email even from the email service provider. Levison is working on a similar project to simplify email encryption so that it becomes a one-click operation.
Update, August 20 at 10:57 a.m. PT: Clarifies what STARTTLS is and adds response from Yahoo.
 ============================================
 In addition to this blog, I have authored the premiere book on Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County New Jersey.

==========================================


No comments:

Post a Comment