That’s the reason we have to still use fax machines right?
I know there are ways to do encryption like PGP on your message directly or I think email sent over TLS? But that isn’t the default right and that’s why I can’t send a picture of my license to the insurance company directly over email?
Lol no, faxes do not have encryption. However, they are transferred over old school phone lines, which are not exposed to the internet, therefore making them harder to intercept. Also, federal wire tap laws are pretty beefy so risk in doing so is higher. That’s pretty much it though
therefore making them harder to intercept.
You mean far, far easier to intercept? You used to be able to just stick a coil around the wires.
The main issue is just a lot of countries governments’ don’t trust computers still. In Germany they insist on fax and post as it’s the only thing they can use as proof of signature in court, etc.
But it’s government laws and regulation that is behind. It’s not so much of a technical problem (although E2EE email standard would be nice!).
“Harder to intercept” as in you have to go outside where the grass is to play around with the telephone wires, as opposed to typey-typey in your mom’s basement. Ain’t nobody got time for that
But it’s government laws and regulation that is behind. It’s not so much of a technical problem (although E2EE email standard would be nice!).
No. Government had nothing to do with it, these are separate issues. WhatsApp was never approved by the government, yet it’s widely used and it has E2E. OTOH, German government accepts email for lots of things. I know of some public sectors requiring email with PGP even.
The actual problem is that both email and PGP are really bad. This on my opinion describes it very well: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html
Well, how do you proof an email has been delivered if you don’t get a confirmation? That’s the main problem when going to court.
Most companies now use fax severs which use the same SIP trunks that phone calls to the business use. Even if they are using old POTS lines the fax machines themselves are usually not in a secure area, but out in the open where anyone can walk by and pick them up.
I had to have a discussion with our cyber group that didn’t understand this and insisted that we encrypt our digital fax sever. I tried many ways to convince them that it simply was not possible to encrypt faxes when we were getting or sending faxes to random people in the general population. It really tested my patience and my ability to stretch the truth so they would drop their idiotic request.
Fax isn’t encrypted. What keeps it alive is just inertia.
As for why your insurance company won’t take emailed photo, that probably has more to do with whatever system your insurance is using for their backend.
Email content can be end to end encrypted by GPG and S/MIME as well as through a few other standards. Email in transit can be (but not always is) encrypted via TLS.
The reason encryption is not default is because (I think) of backwards compatibility. E-mail originated at a time when almost nothing electronic was ever encrypted, including the username and password you used to log into a system with. Most of the encryption we use of today has simply been “bolted on” to standards that were already in place at the time and it did take a few tries to get it right.
When the internet was first getting started, few people, if anyone, thought it would become as invasive (possibly the wrong word) as it has become. Everyone on the net knew each other. They were friends, why would they ever need to hide anything from each other. /s
That and the early systems couldn’t really spare the processing power for encrypting and decrypting things.
It’s very easy to E2E encrypt stuff you’re sending via email: zip it up in a password protected archive. Even the email client won’t know what it’s sending.
And even if that isn’t good for whatever reason, there’s no reason to use email. A web form via https is secure and encrypted, and cuts out the email middleman.
That’s not the reason we still use fax machines. The reason we still use fax machines is because someone very old and set in their ways is the one in charge of making the decision to move away from fax machines.
PGP is already that answer. We just need a common trusted CA. It would be nice if the government did this and issued certs with your driver license or ID. We could replace our reliance on SSNs with actually good cryptography.
We have that already in Belgium. It’s been a while. It’s used to authenticate for government services or sign stuff. Why the hate?
trusting the government with certs to access data they’re providing you == good
trusting the government not to listen to every email and website you ever visit and then not use that data to lock up dissidents. == bad
I’m sure there is a much more sophisticated explanation from the lawyers’ end, but more fundamentally, I’m pretty sure that encryption is not part of the basic protocol. Privacy is not actually a basic feature of the internet, so something as basic as email does not include it. Anything that uses email to do private coms would have to be referred to as ________ over email.
PGP/GPG has been around as an option since the 90s, but it’s rather clunky to implement and you need to know how to keep your private key safe. So, the problem has long been functionally “solved” for the competent, and there we stay; you and anyone you want to talk to privately will always be free (possibly not legal, but free) to generate a key pair each, share your public keys, and then talk privately using those keys for as long as you can keep your private keys safe.
And really, I personally find the idea fairly silly, that some company is going to keep my key for me and respect my privacy. No, if someone wants to keep your private key for you, they want to know your business, all of it. You don’t ask to hold anyone’s keys anymore than you ask to hold their johnson for them when they piss. I do use some corporate encryptions, signal for things I don’t want the DEA to know about mainly. Oh also FUCK THE DEA
