Talk: Why our email is still being read by others, and how we can stop it
We take encryption for granted for all digital communication, except one: email. Email, perhaps our most basic means of communications, is routinely sent without any encryption, enabling others to monitor it (which they most certainly do). Email encryption has been available for 26 years, yet it has seen such poor adoption that banks routinely tell their customers: contact us via the web, never email. I’ll show that our lack of email privacy is due to legitimate technical obstacles: namely, email’s unique distribution mechanism, which avoids any direct connection, and therefore creates a chicken-and-egg dilemma for certificate exchange. I can’t securely email you until I have your cert, but I can’t get your cert until I’ve already emailed you. Thus, email remains with the same (lack of) privacy its had since birth. However, new standards, like IETF’s DANE SMIMEA, solve this chicken-and-egg problem, by using the DNS as a massive, global key distribution system. I’ll present Great DANE, the first publicly available, open source implementation of DANE SMIMEA, which allows you to secure encrypt all your emails, from the start, automatically.
Jonathan Grier is principal of Grier Forensics. SC Magazine has noted that Grier’s work has “attracted national attention” and called Grier one “of the nation’s leading experts on insider threats.” He has led research, development and evaluation of cybersecurity technologies for DARPA, MIT Lincoln Laboratory, the US Air Force, and private clients, and pioneered the development of stochastic forensics and its application to data breaches. Grier has provided training for the Federal Reserve Bank of New York, the Department of Defense Cyber Crime Center (DC3) and others. His work has been featured in InformationWeek, Dark Reading, Forensic Magazine, and Microsoft’s Writing Secure Code. Grier is the author of numerous academic papers, has seven patents approved or pending, and is a popular speaker at venues nationwide, such as Black Hat, RSA, ACSAC, DFRWS, and CSAW.