Secure Portals instead of Secure E-Mail

E-mail itself is a completely insecure message service. Mails are routed through all participating servers on the world, everyone can send them. And whatever washes up in your inbox could come from anyone. It is not that bad any more, the connection from sender to sender's provider and recipient and recipient's provider is usually transport layer encrypted. The connection between the providers is becoming encrypted as well, but there is no guarantee. Essentially the providers can still read the messages, which is unacceptable for confidential messages.

In order to mitigate this problem and introduce some end-to-end encryption, e-mail protocol extensions like S/MIME and PGP have been invented. Both basically work with key pairs that everyone has to have and some vetting mechanism. In the S/MIME world the key pairs are called certificates and the vetting is done via central authorities (just like with HTTPS-certificates in the browser). PGP uses a “web of trust”, where people have to sign each other's keys to provide trust via trusted parties.

The user experience of both has been catastrophically bad. Some e-mail clients supported S/MIME, I believe that Outlook and Thunderbird did and do so. Obtaining certificates was a big hurdle. When I went to school, I didn't afford to buy one, and none of my peers did either. It was just something which was useless to have unless everyone else also has one. Instead I tried PGP in the form of GPG, but except from select other nerd friends, nobody cared for it. A plugin was needed in Thunderbird, and often enough it did not work. Keys had to be revoked, people encrypted with the wrong key (often their own), and so on. In theory, both are completely secure end-to-end solutions. In practice their are useless as people don't have certificates.

Companies still have a need to securely communicate with their customers. I had been happy to upload a PGP key to a website and receive encrypted e-mail. Or with the new electronic German ID card everyone has a vetted smartcard which could be used to encrypt and sign e-mail. But support is extremely bad, so nobody uses it. Also it doesn't work with people who don't have or trust a German ID card.

As the need was still there, the only form of popular encryption was used: TLS encryption in the browser. The companies already have certificates, either bought from one of these certificate authority companies or from something like Let's Encrypt. Either way, users can just open the URL in their browser and have a secure connection to the company. This actually is end-to-end! And so companies host secure messages on their server and require the customer to log into their secure portal to view them. Usually they can then download them as PDF files. In order to learn about new secure messages, companies send an insecure e-mail with just the notification. If one wants to send an secure message to the company, one needs to log in and use their secure contact form.

A couple weeks ago this pattern just hit me: Instead of having a dependable and secure interoperable messaging system like e-mail, we haven't managed to evolve e-mail and instead every company has their own secure portal. The effort might be roughly the same for each company, but I as a user have to manage all the login credentials for every company. And if I want to contact another person who is not a company I don't have such a portal and just have to write an e-mail.

These days personal stuff uses one of the messaging apps, and these are end-to-end encrypted as well. It would be great to see these secure portals going away and receiving for instance my bank statements via secure messenger. Thanks to path dependency we are not going to go anywhere any time soon.