When you send a physical letter though the postal service you have an expectation and a guarantee of privacy for that communication: it is a federal offense to open mail not addressed to you.  From Wikipedia:

The U.S. Postal Inspection Service (USPIS) is one of the oldest law enforcement agencies in the U.S. It was founded by Benjamin Franklin.[12]

The mission of the USPIS is to protect the U.S. Postal Service, its employees and its customers from criminal attack, and protect the nation’s mail system from criminal misuse.

U.S. law provides for the protection of mail. Postal Inspectors enforce over 200 federal laws in investigations of crimes that may adversely affect or fraudulently use the U.S. Mail, the postal system or postal employees. The USPIS is a major federal law enforcement agency.

The physical seal on the envelope is pretty darn good assurance that the letter has not been opened. And the physical nature of the medium makes monitoring all mail a completely unscalable proposition. In the EU, there is a constitutional guarantee of secrecy of correspondence and e-mail is covered from eavesdropping. The guarantee is a lot softer in the US with a requirement for a reasonable expectation of privacy.

The Internet is a huge network of computers designed to withstand major disruptions (e.g. nuclear strike) on one portion and still able to function and in fact continue to route traffic around the disruption through a redundant set of routers and switches. The Internet is amazingly open and accessible making all this traffic inherently vulnerable to eavesdropping or worse. The standard still used for email today was established as the SMTP standard in 1980. It was originally designed to exchange messages between the researchers who were by design the original users of the Internet. The standard has not been replaced but simply had add-ons such as MIME for attachments added to it. As a mail message leaves your desktop it probably goes through your company’s server, through the ISP’s servers who serves your company, through some unknown intermediate switches, routers and servers and finally to the ISP and corporate servers of your addressee. That is a lot of servers, switches and routers not to mention connections between them where the message could be read. Many people believe they have some protection called “security through obscurity” whereby there are so many billions of messages going through these servers that the chances someone will pick my little message to focus on must be really low. For anyone who uses Gmail or one of the other free mail offerings that publish ads on your Inbox page, you know better. They have clearly scanned your messages to pick out words and phrases to drive their auto-placement of ads. We are told this is a fully automated process and that no one intervenes, but as we now know, such assurances about the NSA monitoring phone communication only of non-US citizens were not true so it calls the email assurances into equally high questionability.

If you work for a company in the US where we do not have any secrecy of correspondence laws, e-mails sent using company computers are considered the property of the company and they have an explicit right to monitor them and they do. They are looking for proprietary information leaking out of the company. They are looking for employees who are not doing company business on company time. And they are looking for potentially libelous or other types of inappropriate communication (e.g. sexual harassment, pornography) that could put the company at risk.

OK so why don’t we just encrypt all these messages and be done with it? There are actually a number of solutions that have been proposed to encrypt email communication so why don’t we all just do it as a regular course of daily activity?

Let’s just spend a minute talking about how encryption works. I am going to focus on public key cryptography for this discussion but there are other technologies that also can do this; PKI just happens to be the most prevalent form of encryption around. Like everyone else talking about cryptography, let’s use Bob and Alice as the actors. Bob wants to send something secret to Alice and he wants Alice and only Alice to be able to read it. First we need someone we both trust to identify us and to be able to assert we are who we say we are. If we don’t have this Alice could be someone else who just claims to be Alice. So we each have to prove we are who we say we are to a Certificate Authority (CA). We do that to our bank so you know how this goes. We have to tell them some personal secrets that they can validate before they are convinced we are who we say. There are all kinds of levels of authentication starting with “just trust me, I am who I say” all the way up to providing a DNA sample. The problem with “I am who I say” is that that approach has given us literally thousands of people who got certificates that said they were Bill Gates. OK so clearly that is a joke. But its pretty standard now to ask someone some questions only they know and you can check in databases like credit bureaus, drivers license bureau and other sources. So without having to show up at the doorstep we can pretty reliably get authenticated by a CA who will issue us a certificate. 

A certificate has two keys in it: a public key and a private key. These keys are just large numbers that can be plugged into a special mathematical algorithm used to transform (or scramble) some data. They are pretty magic in that if I use one of them to scramble some data, only its mate can unscramble the data. If I scramble with the private key, only the public key can read the original data. Or if I scramble with the public key, its only the private key that can read it. They are named public and private for a good reason: you always keep the private key very close to you and no one ever gets to see it or access it. On the other hand you freely distribute to everyone who needs it your public key. So play this out a little. If Bob grabs Alice’s public key and uses it to scramble (let’s start using the correct term – encrypt) a message, and assuming Alice really does keep her private key to herself, guess what, only Alice can read that message. Very simple, very clean, so what is the big deal?

Three things make this a technology that has never taken off. One is getting everyone who wants to communicate privately to get authenticated and get their certificates with the key pairs in them. If Bob wants to send a private message to Alice and she does not have a key-pair, Bob is stuck. He has no Alice public key to use to encrypt his message to her so if he wants to communicate at all he better just send it in the clear. The “network effect” is strongly at work here too. Bob can be a good guy and go get his certificate but if everyone he ever wants to communicate with has no certificate, Bob might as well give up because he can never encrypt any of his messages. And with none of those people out there having certificates, Bob will also never receive an encrypted message and he got that certificate for naught. Only within very closed environments such as the military and employee-to-employee within the same large company is there enough control such that everyone you communicate with can be counted on to have the certificate needed to participate.

The second reason this has never taken off is that it has never been smoothly integrated into the email / chat / SMS user interfaces. If its not easy to use, people will not be bothered and they will continue to hope that the critical data they are sending is not noticed by anyone out there. Finally, the third reason is that many of the biggest participants in email transport don’t want those messages encrypted. Certainly if you are a Google or a Yahoo! getting ad revenue by placing context-sensitive ads on people’s InBoxes, you will lose revenue if you can’t read the messages to extract the context.

People are increasingly sophisticated about e-communication. They hear the stories about people not getting a job because the new employer looked at the old pictures of them drunk out of their minds at the frat party. They see that the NSA is eavesdropping on US-citizen to US-citizen calling to have intimate comforting calls. And they know that technology exists to make communications secure. If we create a system built in one of these Internet Clouds where people register to get a new email account and when they do, a decent authentication that they are who they say they are is done, then we have a way to make sure everyone who is part of that system has a certificate. Further, as that system grows and grows, the network effect works in everyone’s favor and the people you want to communicate with will also be part of this system and will have a certificate. Finally, since such a system is just being built now the encryption of messages and the privacy of profiles is smoothly and elegantly built into a simple, clean UI from day one.