
Just 0.06 per cent of emails are encrypted, according to an analysis of 81 million messages sent over 27 years.
at Leibniz University Hannover, Germany, and his colleagues analysed emails sent by 37,000 of the university’s students and staff between January 1994 and July 2021. Only 5.46 per cent of users had ever used encryption tools such as S/MIME or PGP – the latter of which has been in existence for 30 years. In all, 0.06 per cent of all the 81 million emails sent were encrypted.
Stransky believes that even this low proportion may exaggerate encryption’s use, because users in the data set are highly educated and the university offers a free S/MIME service to users.
Advertisement
Email encryption works by scrambling text sent in an email and only allowing it to be decrypted if the recipient has a “key” to read the message that matches the one the sender used. The process is designed to prevent unwanted access to the contents of messages as they are transmitted through the internet, and it is separate from encryption schemes used to secure the connection to your email provider.
“S/MIME and PGP are not very usable for normal users,” says Stransky. Both require installing specialist email clients and sometimes third-party tools to operate them. The adoption of built-in PGP encryption into email clients like Thunderbird has made it slightly easier, says Stransky. However, Thunderbird has a of the email market.
S/MIME is supported by more email applications than PGP, but still isn’t very popular – a fact borne out by Stransky and his team’s analysis, which found that even those who previously shared encryption keys with correspondents didn’t use them all the time. Just 3.36 per cent of all emails between S/MIME users were encrypted.
“Personally, I think the main reason is it’s just such a faff to set up, and particularly to manage keys,” says at the University of Surrey, UK. “With the rise of end-to-end encryption in messaging apps [such as WhatsApp], which just happens as if by magic, users naturally use that route if they want to have a private conversation.”
The researchers will at the IEEE Symposium on Security and Privacy next year.