September 2011

S M T W T F S
    123
4 5678910
11121314151617
18192021222324
252627282930 

Style Credit

Expand Cut Tags

No cut tags

August 20th, 2011

hasimir: (Default)
Saturday, August 20th, 2011 06:53 am

Yesterday’s news that Paul Freebody, a candidate for the Queensland seat of Cairns, has been expelled from the Liberal National Party (LNP) highlights the need for the greater adoption of email encryption and digital signatures.

As with the OzCar Affair of two years ago, the issue here relates more to the verification that an email has not been tampered with rather than protecting the content from prying eyes. Thus it is a digital signature which would have been of use to Freebody in this case. Had he already been using OpenPGP compliant software to sign his emails, such as PGP or GPG, Freebody could have proven that the change to his email after signing and sending it was made by someone else, without needing to identify or, in this case, embarass that person.

The reports regarding the case of Paul Freebody are a little unclear as to whether the modified email had been sent from his computer or whether a family member who had received the email modified it and then forwarded it on. Regardless of which of those two alternatives it was, the regular use of a digital signature would have helped.

If the email had been modified on Mr. Freebody’s computer before it was sent, the prompt to sign the message would have prevented message from being sent without the relevant passphrase. If the relative had removed the signing option then Mr. Freebody could have pointed to the lack of the signature as a certain level of proof that he did not send that email.

Had the email been signed and a recipient modified the content before forwarding it to others, the signature would not validate for that message and Mr. Freebody could then have pointed to that as proof that the message had been altered. In this case Mr. Freebody could have provided a copy of the original message with the valid signature for comparison.

This is the second time in as many years in which a forged or modified email has resulted in a scalp being claimed in Australian politics; yet the tools to prevent it have been available for two decades and standardised since the late 1990s. Since that time the ease of using email encryption and signatures, particularly with the combination of Thunderbird, GPG and Enigmail, has been improved considerably.

Until people in public life start using at least this aspect of cryptographic technology, even if they don’t actually encrypt their email, these kind of scandals will continue to occur.

Originally published at Organised Adversary. Please leave any comments there.