Most e-mail is sent across the net unencrypted. People who run local e-mail clients generally use unencrypted SMTP to send their e-mail and use unencrypted POP to retrieve their e-mail. People who use web-based e-mail have an encrypted session to their provider, but the e-mail is sent from their provider to the provider of their recepient via unencrypted SMTP. When the e-mail is stored at their provided, it is unencrypted. Personal e-mail encryption–messages are sent encrypted, and only decrypted on the recipients computer–is possible, but very few people use it.
Almost nobody cares about e-mail encryption. Why should they? Paper mail and telephone calls are not encrypted. Should e-mail be different?
There are differences, of course. Intercepting paper mail is hard. Intercepting telephone calls is doable but the audio processing is hard and time-consuming. Intercepting e-mail is easier, and processing e-mail is much easier. An ambitious government can learn a great deal by processing all the e-mail sent around the world. This is not only doable, it may actually be being done by the NSA.
Should we care? Benjamin Franklin reportedly said “Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.” This quote is often trotted out in support of things like not permitting e-mail searches. Is that fair? Is e-mail privacy an essential liberty? Does permitting e-mail messages to be read buy us only temporary safety? Some liberties are indeed essential, but some safety is essential too.
Among the essential liberties are free speech and free thought. This means that we should not permit the government to prosecute people on the basis of their e-mail messages. However, there are prohibited actions–free action is not an essential liberty. Is it permissible to use e-mail messages to identify people who should be watched more closely to see if they are doing something illegal? I think there would be many people on both sides of that issue.
I tend to think that government e-mail searching can be OK in principle. There are many dangers. Once government programs exist, they tend to overreach. Once somebody is being investigated, it is natural to try to find them to be guilty. Entrapment by the government is not fair. Is it possible for the government to be trusted in this regard? The actions of the current administration are not encouraging; they clearly violated the wiretapping act. A willingness to break one law implies a willingness to break many more. So while I think that reading e-mail messages can be OK in principle, I’m much less sure about the practice.
If it is OK in principle, then what happens as more e-mail gets encrypted? Over time, it is likely that we will see more encryption between SMTP servers, more encryption of SMTP and POP connections, more encryption of e-mail storage by web-based e-mail providers. We may even see more encryption on the user side, if that becomes the default action. This will decrease the ability of the government to read e-mail, though of course traffic analysis will still be possible. Whether this is a good thing depends on how much safety we will lose.