View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 12, 2014

EFF slams ISPs for customer email decryption

Networks like Cisco strip security measure to monitor spam.

By Jimmy Nicholls

The Electronic Frontier Foundation (EFF) advocacy group has criticised ISPs for removing their customers’ email encryption.

The move follows reports from the security company Golden Frog who discovered that encrypted emails would not send over the Cricket Wireless network last month, with the encryption command StartTLS being masked out by the servers.

Jacob Hoffman-Andrews, senior staff technologist at EFF, said: "Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent.

"Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public internet, where it is subject to eavesdropping and interception."

He added that the problem had gone unnoticed because it tended to apply to residential networks, where email servers are rarely run, and also because StartTLS had been "relatively uncommon until late 2013".

The likes of Twitter, Yahoo and Facebook have all rolled out StartTLS this year, lauding the benefits of the technology to their customers’ privacy.

"It is important that ISPs immediately stop this unauthorized removal of their customers’ security measures," Hoffman-Andrews added.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

"ISPs act as trusted gateways to the global Internet and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.