Why isn't there an end-to-end encryption standard for email so that we can get rid of fax machines?

Lol no, faxes do not have encryption. However, they are transferred over old school phone lines, which are not exposed to the internet, therefore making them harder to intercept. Also, federal wire tap laws are pretty beefy so risk in doing so is higher. That’s pretty much it though

Fax isn't encrypted. What keeps it alive is just inertia.

As for why your insurance company won't take emailed photo, that probably has more to do with whatever system your insurance is using for their backend.

Email content can be end to end encrypted by GPG and S/MIME as well as through a few other standards. Email in transit can be (but not always is) encrypted via TLS.

The reason encryption is not default is because (I think) of backwards compatibility. E-mail originated at a time when almost nothing electronic was ever encrypted, including the username and password you used to log into a system with. Most of the encryption we use of today has simply been "bolted on" to standards that were already in place at the time and it did take a few tries to get it right.

When the internet was first getting started, few people, if anyone, thought it would become as invasive (possibly the wrong word) as it has become. Everyone on the net knew each other. They were friends, why would they ever need to hide anything from each other. /s

That and the early systems couldn't really spare the processing power for encrypting and decrypting things.

It’s very easy to E2E encrypt stuff you’re sending via email: zip it up in a password protected archive. Even the email client won’t know what it’s sending.

And even if that isn’t good for whatever reason, there’s no reason to use email. A web form via https is secure and encrypted, and cuts out the email middleman.

That’s not the reason we still use fax machines. The reason we still use fax machines is because someone very old and set in their ways is the one in charge of making the decision to move away from fax machines.

PGP is already that answer. We just need a common trusted CA. It would be nice if the government did this and issued certs with your driver license or ID. We could replace our reliance on SSNs with actually good cryptography.

I'm sure there is a much more sophisticated explanation from the lawyers' end, but more fundamentally, I'm pretty sure that encryption is not part of the basic protocol. Privacy is not actually a basic feature of the internet, so something as basic as email does not include it. Anything that uses email to do private coms would have to be referred to as ________ over email.

PGP/GPG has been around as an option since the 90s, but it's rather clunky to implement and you need to know how to keep your private key safe. So, the problem has long been functionally "solved" for the competent, and there we stay; you and anyone you want to talk to privately will always be free (possibly not legal, but free) to generate a key pair each, share your public keys, and then talk privately using those keys for as long as you can keep your private keys safe.

And really, I personally find the idea fairly silly, that some company is going to keep my key for me and respect my privacy. No, if someone wants to keep your private key for you, they want to know your business, all of it. You don't ask to hold anyone's keys anymore than you ask to hold their johnson for them when they piss. I do use some corporate encryptions, signal for things I don't want the DEA to know about mainly. Oh also FUCK THE DEA

In the States, fax is required by HIPAA because legislators don't understand technology. Which is hilarious because I, like many providers, use a fax service which emails me a PDF of the fax.

Protonmail (which offers free accounts) let's you click on a padlock icon, to set an encryption password and a password hint for the recipient, to send a pgp-encrypted email. Email can be opened by anyone as it directs the recipient to a web page where they enter the password. They can reply to your from that page with a message that is also itself encrypted.

It's not quite what you're asking but it will get your ID securely to your insurance company. I haven't found anyone yet whose employer has blocked this ability.

PGP is the solution, but the problem is, that noone likes to use it. Or it's "too complicated", because it's another password they need to remember. Or, whatever. It would literally solve nearly all of the problems we currently have with emai 🤷 No more spam, because you could filter out all unsigned or untrusted mails, no problems when your email account is hacked, because the mails are encrypted on the server. No Mailserver admin spying on your mails...

Generally, fax is still considered more secure. It's a direct connection. It can't be intercepted without physical access to the phone line. Encryption can be broken and not just brute force, which is always possible given enough time. The more common issue is poor implementation and insecure storage of keys. And the way email works, there's no opportunity to exchange keys like with SSL/TLS. So you have to find a way to get your public key to the recipient in a way that they can trust it before you send the message and they have to store it securely so it doesn't get tampered with. Email just isn't designed to support that kind of thing.

Anything we want to add to the e-mail system has to be a backwards-compatible with the older system. Otherwise, few people will actually use it.

Antiquated laws/regulatory environment gives fax special treatment even though it's quite possibly the worst mechanism available to send a message.

90% of email sent today is encrypted between servers but even if it’s not, it’s probably 1000x harder to intercept an email than a fax.

You could impersonate a telephone company worker, twist a speaker to a phone line, and literally record the noise with your phone to get a reproducible fax image.

Email is going to be a lot harder. A lot.

There’s barely any analog phone lines anymore anyway so you could say that probably made fax more secure, but that has nothing to do with fax being inherently secure. It’s the opposite of that.

Just send a matrix invite lol

error loading comment

I have no idea about the technical stuff (I can’t really decipher your second paragraph), but there is a legal advantage for fax machines.

Emails don’t count here as “ in writing“, so if something needs to be in writing you need to send a signed letter - or a fax.

Fax is like a signed mail, but In almost real time. So if you send legal relevant stuff, you have proof what you sent and when the receiver got it.

However, you talk about Encryption, I don’t know if E-Mails can be encrypted, fax are definitely not. They go through a normal landline with those beep tones similar to a normal modem made when dialling into BTX or the early internet.

I've seen something about emails being signed and stuff like that. I guess I'm out of the loop. I had a coworker once PGP sign their emails and it would have a signature at the bottom that I (and probably everyone else) ignored.

Why couldn't email just be encrypted ala https? Make a TLS connection, send message, end, move on. Or really just make TLS connection, POST a message, move on.

I know it's more complicated than that but not by much really.. why haven't we just made a new secure standard based on https?