Game Theory Tuesday: Three Ways to Protect Your Email Privacy Using Low-Tech Encryption (Caesar Cipher, Vigenère Cipher, Three-Pass Protocol)

Emails worry me

I wrote half as many emails the day after meeting the company legal staff. I learned that emails are often discoverable in court, and it was rumored company email was being scanned. This whole episode annoyed me, because as a consultant, I enjoyed the convenience of email.

But I didn’t want to join the crowd of world dumbest emails. Here are some examples, described in a CNN article about emails:

• “Can I quit now? Can I come home?” Brown wrote to Cindy Taylor, FEMA’s deputy director of public affairs, the morning of the hurricane. A few days later, Brown wrote to an acquaintance, “I’m trapped now, please rescue me.” ….
• In a Massachusetts class-action suit over the dangers of the diet drug combination Phen-Fen, the court allowed this e-mail from a company executive to be admitted: “Do I have to look forward to spending my waning years writing checks to fat people worried about a silly lung problem?”
• Chevron settled a lawsuit for $2.2 million that involved an interoffice e-mail giving 25 reasons why beer is better than women.
• Former star investment banker Frank Quattrone was convicted of obstructing federal investigations into stock offerings at Credit Suisse First Boston. Central to the case was an e-mail Quattrone forwarded telling employees it was “time to clean up those files” after he learned of the investigation.
• More than 500 of former West Virginia Gov. Bob Wise’s intimate e-mails with a state employee were obtained under the Freedom of Information Act and made public in 2003. The employee’s husband filed for divorce and Wise didn’t seek re-election in 2004.

The stories provide two lessons. First, if you’re doing something very bad, your email will likely be discovered and reviewed. Second, if you write messages that could be taken out of context, watch out.

I imagine the second situation is the worry for us law-abiding and hard-working people. Computer programs might flag our emails, which could be later used against us. Although avoiding email would be best, it’s s not always practical.

The ancients tell us a possible answer

What’s the answer? Searching for solutions, I wondered about our ancients and thought about a solution they came up with: why not send messages in code, just like war generals did?

Coded emails might be the right solution. A small barrier would probably get around automatic computer scanners. And it’s a quick, free, time-effective solution. Computer programs have made the encoding a breeze. And it’s possible to choose which emails to encode, so it’s time-effective. For me, I can continue writing 99 percent of your emails the same way and just encode the few sensitive or important ones.

What code should be used? This is the question that drives the game of encryption, which battles between two opposing forces of security and accessibility. Security suggests strong codes to ward off eavesdroppers who could overhear and crack the code. Accessibility suggests easy codes so intended recipients can figure out the message quickly.

Finding the right balance is the art of encryption. We’ve recently seen digital media rights face this challenge: too little encryption allows for piracy, but too much annoys the end user, as Sony learned a few years ago.

I’ve thought about this issue and come up with three practical ways to encode emails. Each method is more secure than the previous one, but consequently requires more work.

Caesar Cipher

• Turns key words into garbled code; might work against automatic text software (Gmail, company mail)
• Easy to implement

Suppose you want to tell a friend about your new car, but you don’t want Gmail to start sending you ads about cars. Or suppose you want to tell your friend you’re leaving a company in a month, but you don’t want automatically scanning software to flag you.

What method can you use to thwart text recognition software?

The answer is that you can encode your message using the Caesar Cipher. This is a simple encryption where you shift every letter by a certain number of letters. The coded message is easily decipherable, but it looks like garbage to automatic software.

Here’s an example. If you had a 1 letter shift for instance, then the encoding would be:

A—>B
B—>C
C—>D
D—>E
E—>F
….

For instance, the text “car” would become “dbs,” and the word “quit” would become “rvju.”

Here is how you might send a decoded message to a friend.

Hi Bob,

For security reasons, I’ve encoded my message. Go to http://www.simonsingh.net/The_Black_Chamber/caesar.html and decode my message using a shift of 1 letter. Thanks.

“J CPVHIU B OFX DBS. MFU’T ESJWF JU UIJT XFFLFOE”

When Bob receives the message, he can visit the Caesar Cipher, copy the message, and have it automatically decoded:

You can shift by any other numbers of letters too.

The Caesar Cipher is quick and seems like it would beat many automatically scanning tools.

But there is a basic flaw with the Caesar Cipher. Any human that reads the message could easily decode it. Simple shifting is among the easiest of codes to crack.

So a more powerful method is needed, and that’s idea behind the next technique.

Vigenère Cipher

• Turns key words into garbled code; might work against automatic text software (Gmail, company mail)
• Might defeat human eavesdroppers
• Medium hard to implement

The Vigenère Cipher is essentially Caesar Cipher 2.0. It uses a variable shift based on a keyword, which is explained in more detail below.

Implementation is just as easy as the Caesar Cipher. Here is how you might send a message:

Hi Bob,

For security reasons, I’ve encoded my message. Go to http://sharkysoft.com/misc/vigenere/ and decode my message. The key word is the name of the movie we saw last week. Thanks.

“q schshg i esj oae. tvh’f prvdv wg fhva nsrweal”

The extra security layer is adding a key word that is known only to Bob and not an eavesdropper. Bob would know you two saw the movie “Iron Man” together, and thus he could go and decipher the message:

How does the Vigenère Cipher work? It’s essentially a Caesar Cipher with a variable key shift determined by a key word (or password). The description on Wikipedia is nice, and I paraphrase it below.

Imagine you want to encode the message:

COLLEGE DEBT

The person writing the message would first choose a key word, like “help.” If the key word is shorter than the message, then keep repeating it until it’s long enough (computer programs like Sharky’s Vigenère Cipher does this for you). The encoding key word would be:

HELPHEL PHEL

The plain text is then encoded using the Vigenère square, which indicates how letters translate. (image from user:Matt Crypto)

The top row of letters is for the plain text, the left hand column of letters is for the key word, and the middle characters are the encoded letters. For instance, the letter “C” on the top row and the letter “H” on the left column translate to the letter “J” in cipher text.

Repeating the process for all letters, here is the coded, or cipher, text that would result:

Plain text: COLLEGE DEBT
Key word: HELPHEL PHEL
Cipher text: jswalkp slfe

The Vigenère Cipher does have a practical flaw: the receiving person has to know the key word. If you put the key word in the email, the message is no more secure than the Caesar Cipher. If you can’t communicate it, the message becomes incomprehensible.

Also, you might not even want to reveal your key word to the other party if it happens to be a special password that you use for other accounts.

So is there a way you can send an encoded message without revealing your key word?

Amazingly, there is a way. The extra restrictions are the other person needs a key word and the message has to travel three times.

The Three Pass Protocol (Shamir Three-Pass Protocol)

• Turns key words into garbled code; might work against automatic text software (Gmail, company mail)
• Might defeat human eavesdroppers
• Protects your secret key word
• Hard, possibly annoying, to implement

How is it possible to send a message without revealing your key word? An example will illustrate the method developed by Adi Shamir around 1980.

Let’s suppose Alice wants to send Bob a message. Assume each person has a secret password to lock the message (also known as a private key). Here is how the message can be sent, without exchanging keys or giving up security:

–Alice first locks the message and sends it to Bob.
–Upon receipt, Bob locks the message again and sends it back to Alice.
–Alice then removes her lock and sends the message back to Bob.
–At this point, Bob has the message, and it only has his lock. He can simply unlock it and read it.

As the diagram illustrates, the message always has at least one lock during transit to block eavesdroppers, and neither Alice nor Bob has to reveal passwords to each other.

Here is how the three-pass protocol might work in practice for an email, if Alice uses the key word “wonderland” and Bob uses the key word “office space”:

Correction: The following method is NOT a three-pass protocol. But it serves as an instructive example of something that looks secure but it not. Try working through it and then read Eyal’s explanations in the comment section.

Step 1: Alice encrypts the message and sends it to Bob (“pass one”)

Hi Bob,

For security reasons, I’ve encoded my message. Go to http://sharkysoft.com/misc/vigenere/ and encode the message again with your password, and send it back to me:

“e pbxkye a ahs qnu. pve’s quejr lx ksif zasxhru”

Step 2: Bob “super-encrypts” the message with his own key, and sends back to Alice (“pass two”)

Hi Alice,

“s ugfmcw p ajw esz. xxi’k fugnf qc sumx oaubvwz”

Step 3: Alice decodes the message with her own key, and sends back to Bob (“pass three”)

Hi Bob,

“w gtcill p nga qfw. tgx’k srkzs ny bjmk legossi”

Step 4: Upon receipt, Bob decodes the message with his own key, and he gets the message

Bob gets the message “i bought a new car. let’s drive it this weekend”

As you can see, the steps for a Three-Pass-Protocol are annoying (but remember the above is not a correct implementation).

(Other locking mechanisms can be used as long as they are commutative. That means the order of the locks doesn’t matter; this is necessary because Alice needs to unlock hers after Bob puts on his lock. The Vigenere Cipher is a shifting of letters, so it’s equivalent to addition, which is commutative.)

I hope these methods might serve you well. With so much attention to privacy, I’m sure there are other cost effective methods too.

How do you protect your email privacy?