Why aren’t more news organizations protecting their e-mail with STARTTLS encryption?

Kevin Gallagher

The Guardian published a shocking story a few weeks ago showing that in 2008 Britain’s spy agency GCHQ collected and stored the e-mails of some of the world’s biggest news organizations, including the New York Times, Washington Post, and BBC. We wanted to find out which news organizations are still vulnerable to this mass spying technique, so we conducted a survey of 65 major news organizations to see if they have implemented a common security protocol known as STARTTLS that can protect their e-mails from being intercepted as they travel across the Internet.

We found that news organizations like the Associated Press, Le Monde, LA Times, CBS News, Forbes, Baltimore Sun, and Der Spiegel are still not protecting journalists and their sources from this type of surveillance, and are putting all of the people who communicate with them at risk of being spied on. You can see the full results of our survey below.

STARTTLS is a form of encryption which allows e-mails sent from one e-mail server to another server to be encrypted in transit. If implemented correctly at every newsroom, it would largely prevent the type of surveillance done by GCHQ described in the Guardian article. Without it, e-mails directed to a certain mail server can be snooped on at any point between the sender’s mail provider and that of the recipient, and eavesdroppers can obtain the entire contents of the e-mail, assuming PGP isn’t being used.

Yet even with PGP it's still useful since it guards the metadata (subject line and other headers). STARTTLS functions as a simple extension to common e-mail transmission standards such as SMTP.

Imagine that a source within the government wants to talk to a reporter at the Baltimore Sun and set up a meeting. So [email protected] sends an e-mail to [email protected], but the server handling mail for baltimoresun.com doesn’t have STARTTLS capability. This means that even if the source’s e-mail server has this form of encryption, it doesn’t matter, because the news organization’s server can’t support it. So the communications are transmitted and received in the clear, actively exposing the metadata and messages of sources and other correspondents.

If news organizations are serious about protecting sources and the communications of journalists, then they should make sure that their e-mail servers support STARTTLS—and that it’s configured in a secure way. For the popular Postfix mail server, you can go here to learn how.

Survey Results

Using the website STARTTLS.info¹, we surveyed the domains of 65 major news organizations. About 25% of them didn’t have STARTTLS at all. Another 25% had STARTTLS, but their configuration could use improvement.²

STARTTLS is not difficult to implement, and has been around for 15 years.³ The largest tech companies have all implemented it for their e-mail services, according to EFF’s Encrypt the Web report. Google has been openly shaming companies who have not adopted STARTTLS in their Safer e-mail transparency report, while Facebook has also surveyed the state of STARTTLS deployment and encouraged its adoption. If most major service providers on the Internet support it, why hasn’t every news organization followed suit?

Our survey found that regional, local and city newspapers tend to be less protected than large national outlets, which was expected as they operate with less resources and lower stakes. But many of these city papers also cover national and international news, such as those owned by The Tribune Company. Some organizations route their mail through commercial security/filtering systems (such as Websense or Symantec MessageLabs), but remarkably, even these solutions—which news organizations are likely paying money for in order to enhance security—typically don’t have STARTTLS!

Many news organizations host their e-mail with third parties like Google or Microsoft. This comes with the risk of making it easier for governments to secretly obtain information through various legal processes without the news organization’s knowledge. However, these providers always scored the highest grade possible on STARTTLS.info. If your organization uses Google Apps you can enable a secure transport (TLS) compliance setting or Postini’s Policy Enforced TLS to enforce encryption for specific domains or even all incoming and outgoing mail.

A recent study by the Pew Research Center showed that fully half of the journalists polled feel that their organizations are not doing enough to protect them and their sources from surveillance and hacking. If systems administrators and technical support people at news organizations want to do more, they can start by making sure that their incoming e-mail is encrypted in transit—since e-mail is a primary tool of virtually every reporter these days.

The surveillance threats that journalists face are real. For that reason, news organizations owe it to the reporters that work for them and the sources they rely on to adopt this industry standard security technology.

—Chris Soghoian
Principal Technologist, ACLU

E-mail was not designed with privacy in mind. The pervasiveness of the passive bulk interception dragnet, as exemplified by the routine tapping of fiber-optic cables, and NSA’s infiltration of the links between datacenters of Yahoo and Google, is one of the greatest threats to press freedom today. To be clear, STARTTLS is not a silver bullet, especially against such adversaries—in particular it’s vulnerable to downgrade attacks and certificate validation issues, so its deployment should be combined with OPSEC practices and security tools like PGP in order to achieve confidentiality. It’s also important that the type of encryption used has a property called forward secrecy. EFF’s STARTTLS Everywhere project is designed to address many of the concerns.

The use of transport encryption with e-mail protocols has increased in recent years. But many of those groups which are most at-risk—namely news organizations—have a ways to go before they can be said to be taking security and privacy seriously.

About the Methodology

Every domain can be associated with multiple servers that handle e-mail for it. Some of them might have STARTTLS while others do not. Therefore, we tried to take the STARTTLS.info score of the server that was assigned the highest priority. We also took the lowest score of any server listed in the MX records as representative. If any of them didn’t have STARTTLS, or failed to connect for any reason, we treated it as a negative result, while attempting to confirm this manually. The results are sorted from the lowest score to the highest. This data is not authoritative, and false positives have been known to occur.

¹ STARTTLS.info assigns a letter grade based on factors like whether the server supports weak ciphers and protocols (such as SSL version 1 and 2), whether its certificate is valid, the size of its encryption key, or whether it supports anonymous Diffie-Hellman key exchange.

² It’s important to make clear that this survey only tested the STARTTLS mechanism on port 25. It’s possible that some servers could be using other ports with SSL/TLS encryption, like 587 and 465, in which case they would be doing even better than supporting STARTTLS alone. We’re treating the universal adoption of STARTTLS in combination with SMTP as an important first step before securing the rest of the ports and protocols through which e-mail is transmitted.

³ STARTTLS works opportunistically to wrap plain text protocols in a secure layer—first a client checks if the server supports or advertises the capability, and then a secure connection is negotiated. If not then it remains unencrypted. While there is wide consensus that it’s the basic preferred mechanism for encrypting the transmission of e-mail, it does have limitations and can be circumvented with some effort. That’s why it’s important to encourage the enforcement of encryption with certificate validation and strong cipher suites as well. Future focus should be on DNSSEC and DANE and SMTP Strict Transport Security.