The Biggest Lesson from the Sony Hack? We Need to Replace Email

The most striking discovery of the Sony hack wasn't that studio head Amy Pascal had an intensely personal meltdown or that the feds were collaborating with the company on the ending of The Interview—it was that all of these things existed together in one, utterly defenseless spot, just waiting to be hacked and leaked.

We use email for everything now: newsletters, professional collaboration, and jokes to grandma. But email wasn't designed for the age of hackers that can—apparently, god help us—bend skittish corporations to their will.

It might be time to consider a world with less email, where secure chat apps that can send messages to each other rule online communication. Unless you want to leave a paper trail, that is.

The kind of email we're familiar with today and the protocols that govern it were designed during the heady days of the ARPANET in the early 70s. A project run out of universities and research labs across the country, the ARPANET was relatively small, and people weren't exactly worried about government spies or hackers in their network.

In other words, email wasn't designed with security in mind.

"The trouble with email and the internet in general is that it grew far beyond what anyone expected or could have predicted," Joss Wright from the Oxford Internet Institute at Oxford University told me. "What we're left with is a whole host of protocols that are fundamentally insecure, because they were never designed to be secure in the first place."

Security features like end-to-end encryption in the form of digital cryptographic key programs like Pretty Good Privacy (PGP) had to be tacked on later, when people realized not only that someone could actually gain access to their private files and copy them, but that malicious users in their network would actually want to.

As many frustrated internet users new to encryption in the post-Snowden age can likely attest, this retrofitted approach has resulted in some serious usability issues. PGP works by generating a private key stored on your machine that allows you to decrypt messages sent to you. A public key is also generated that allows others to encrypt email and send it to you. As long as you're the only one holding the secret key, only you can read them.

If you lose that key or forget your password, nobody can help you.

"The extra added effort of managing encryption—setting up these complex encryption keys—is just not worth it for some people. They want to send their emails and get on with it," Wright said. "What you end up with is a few encryption geeks who go to key-signing parties and sign each other's keys, and nobody else uses it."

Key-signing parties happen when a bunch of cryptography nerds get together, play a little game of "I'll show you mine if you show me yours" with their public PGP keys, and "verify" that they are the owners of their keys, thereby building a web of trust among PGP users.

Sounds rad—ever been to one? Yeah, me neither.

Google is taking steps to build end-to-end public key encryption into Gmail, with the goal of making robust encryption easy enough for the average person to use without having to understand the underlying concepts. The company plans to host their own public key server, too.But Google's plan to make end-to-end cool with internet teens doesn't address another of email's flaws: centralization.

If all of your messages are stored on one server, and if someone gets access to that server, you're completely screwed. The same goes for a permanent inbox, as Sony executives discovered, or a public key server hosted by Google for that matter. These centralized data stores have targets on their metaphorical backs.

"If someone gets access to that server, then they've got everyone's inboxes," Wright said. "If you get access to someone's computer directly, then you've won. Distributing between different services can make that more difficult."

In the early days of email, before Gmail ruled the roost, numerous email services coexisted online. Remember sending emails to people with Aol, Hotmail, and Sympatico addresses? If I send an email to someone with an Yahoo address now, I usually mutter to myself, "Bless their heart."

Email can be sent across services owned by different companies because it uses a universal protocol called Simple Mail Transfer Protocol, or SMTP. SMTP allows messages to be sent between servers, regardless of who owns them. Gmail, for example, uses a custom protocol when sending email to another Gmail address, but when communicating outside of the service it still uses SMTP.

A universal protocol is arguably what has made email such a useful and enduring tool, and right now, no other chat or messaging program is taking such an open approach. So, here we are in 2014, stuck with an entrenched and fundamentally insecure mode of online communication that we just can't quit.

There's no way to fix something that's broken at its core when it comes to security. The best thing to do is start over. Chat apps can be built from the ground up with end-to-end encryption and other features like automatic message deletion. Think Snapchat, but actually secure.

"Email might get used for too many things right now, and we can already see that a lot more communication happens on chat platforms like WhatsApp, iMessage, Google Hangouts, and similar things," Joseph Bonneau, a research fellow at the Center For Information Technology Policy at Princeton University, told me. "Those have pretty different properties. In particular, I think, there's the assumption that you don't have to keep logs around forever and you can do things in secrecy and delete messages after a short period of time."

A host of chat apps, most notably WhatsApp and iMessage, already use forms of end-to-end encryption. It's built in to the system, so users never have to deal with the technical hang-ups that plague the use of PGP in email. A chat app that automatically deletes messages and is fundamentally secure isn't such a wild idea—we already have many apps that function in similar ways.

"I think we have seen in the last couple years that there is a demand for more ephemeral kinds of online communication that don't produce this permanent paper trail," Bonneau said. "Email will probably survive, but it may become for more formal, long-term requests and things like that where you want there to be a paper trail."

Many of us already communicate over the internet in this way. Chances are that you message memes and shoot the shit over Facebook, and talk to your boss over email. The future could just be a continuation of this trend.

But, lest we forget, email's great virtue is its universal protocol, SMTP. Right now, a WhatsApp user can't message a Snapchat user like a Gmail user can email someone with a Hotmail account. This "walled garden" approach to chat apps is actually a recent development, much like the centralization of email services. Correcting this could open a new, lively domain for chat as the new email.

"Back in the day, there was Aol Instant Messenger and there was a protocol that eventually grew up called Jabber," Bonneau said. "SMTP and Jabber are kind of the same thing; they let you talk across things. You could talk across Google Hangouts for a while. Over the last couple years, all the most popular messaging platforms that have gotten really big are complete walled gardens."

"There might be some kind of universal protocol down the road when you can use WhatsApp to send a message to somebody on iMessage, but there's no indication that that's close at all," Bonneau continued. "In fact, the industry is actually moving in the opposite direction."

Opening the walled garden of distributed, ephemeral chat apps could be the key to a new dominant mode of online communication more resistant to Sony-style hacks. The email of the future could very well be Snapchat, and iMessage, and WhatsApp. Unless, of course, you want to keep a paper trail around. Then, encrypted email is still probably still going to be your best bet.

Technological nudges toward more secure methods of communications will only be a salve for a fundamental problem: humans are bad at security. It's worth noting that most hacks are a result of poor security—like Sony—or someone clicking a spammy email link that they should've learned to send straight to the trash years ago.

"It's a technological solution for what is ultimately a human problem," Wright told me. "It's not a question of there being some magic secure technology that would make it all work, because we'd still get people sending emails to the wrong people. The most common form of hacking is still social engineering, somebody phones you up and says, 'Hi, I'm from tech support, I need your password to get into your computer.'"

Even in a brave new world of online communication where a distributed network of cross-talking secure chat apps address most of our messaging needs, security concerns that rely on a user's vigilance and knowhow will continue to exist.

"You need the operating system to be secure," Bonneau explained. "You need to be able to securely download the messaging app to keep it up to date. You need to be able to authenticate your device so it knows that you're you."

Laziness is also sure to be a factor, no matter what technical solutions are realized. Most people don't use encryption because they believe they don't need it. And they're probably right, in most cases, but it's those rare moments when they're wrong that security matters.

Even Sony's former executive director of information security, Jason Spaltro, said in a 2007 interview with CIO magazine that "it's a valid business decision to accept the risk" of a security breach.

It's also worth noting that Snapchat's latest leak was, in part, due to a secondary market of apps that let users save images on insecure servers that could be hacked. Like with any encryption initiative, everybody has to play along and not act like an idiot.

"I think there will always be some level of insecurity," Bonneau said. "Even so, I'm not a total pessimist when it comes to security. Security gets better all the time."