Thursday, September 20, 2018

Why wasn't email built securely?

Recently I talked with Ehsan Hoque, one of the authors of the ACM Future of Computing Academy report that suggested "Peer reviewers should require that papers and proposals rigorously consider all reasonable broader impacts, both positive and negative." which I had satirized last May.

Ehsan said that "if email had sender authentication built in from the beginning then we wouldn't have the phishing problems we have today". Leaving aside whether this statement is fully true, why didn't we put sender authentication and encryption in the first email systems?

Email goes back to the 60's but I did get involved on the early side when I wrote an email system for Cornell in the early 80's. So let me take a crack at answering that question.

Of course there are the technical reasons. RSA was invented just a few years earlier and there were no production systems and the digital signatures needed for authentication were just a theory back then. The amount of overhead needed for encryption in time and bandwidth would have stopped email in its tracks back then.

But it's not like we said we wish we could have added encryption to email if we had the resources. BITNET which Cornell used and the ARPANET gateway only connected with other universities, government agencies and maybe some industrial research labs. We generally trusted each other and didn't expect anyone to fake email for the purpose of getting passwords. It's not like these emails could have links to fake login pages. We had no web back then.

But we did all receive an email from a law firm offering green card help. My first spam message. We had a mild panic but little did we guess that spam would nearly take down email at the turn of the century. Nor would we have guessed the solution would come from machine learning which kills nearly all spam and much of the phishing emails today.

I don't disagree with the report that we shouldn't think about the negative broader impacts, but the true impacts negative and positive are nearly impossible to predict. Computer Science works best when we experiment with ideas, get things working and fix problems as they arise. We can't let the fear of the future prevent us from getting there.


  1. meh brides for meh brothers

    1. Couldn't I at least have gotten "The Magnificent Meh" or the original "Meh Samurai".

  2. On the other hand, nowadays most of the "Internet of Things" appliances are built with insufficient (at times negligible) security, at a time we know exactly what that means.

  3. Please don't write about Internet history when you don't even know what the first SPAM message really was.

  4. 1) Lance was referring to the first SPAM message he got, not the first one ever.

    2) You got me curious what the first SPAM message was.

    First one by telegraph:

    First computer email spam:

    I found both of them by Googling so I cannot verify them.
    Thanks for making me curious enough to look it up!

    1. Why assume encryption is/was needed? If the SMTP protocol did things like check the origin "From" and the domain of the origin computer, that could chop out a lot of Phishing attempts without encryption. Also, Green Card Lottery was USENET and not e-mail, which makes this post even more muddled.

    2. Very reliable source