Email has an identity crisis
Back to /blog/newsby
Georg C. F. Greve
Tue Feb 19 2019
If only life was as exciting as your Email inbox. A prince wants to bequeath you millions, you have been granted a mysterious early tax refund, and Obama apparently wants to meet you in exchange for your credit card details. Fame, glory and riches await! Only none of this is true, of course. But why do all of the above sound familiar? It is because Email has an identity crisis. A complete lack of verified identity makes it easy for criminals and pranksters to take on any number of identities in your inbox.
These schemes are getting more professional and harder to see through and their continued growth shows the returns still outweigh the costs. Business Email Compromise and CEO Fraud hit $12.5 billion last year, according to the FBI. Identity theft cost people in the United States a total of $16.8 billion in 2017 according to Javelin Strategy & Research. According to Symantec, more than 978 million adults in 20 countries have fallen victim to Cybercrime. That is half the online population from the countries included in the study.
It is a rampant problem, but also one that we rarely hear about amongst friends and family. Because a large number of victims feel shame for having been stupid or careless, and prefer to keep things to themselves. The mother I recently spoke to during our kids’ hockey practice is a rare exception. She had caught on to the fact that someone had taken over her Email inbox and was going through her digital life and that of her family. She now has to live with the feeling of having lost her safe zone online, much like victims of home break-ins do.
Email is virtually always at the centre of these stories because it is universal. It connects nearly 4 billion people peer-to-peer and allows criminals to directly target people at home or in their business. And Email is typically the channel preferred for all the most important information, including account restoration of other services. Capture the inbox and you are more than half the way to stealing someone else’s identity and delicate personal information. Which is why 95% of Cyberattacks take place via Email.
So what if the sender could share with the recipient information about who they are, and why the information is true and trustworthy? What if the recipient could verify that information? What if the identity of the sender could be hardened in the same way that banks and governments provide identification? Just signing Email is not enough for that, because digital signatures do not carry reliable information about the person in control of this signature. Anyone may sign their Emails and documents as James Bond.
In order to not lose all the many benefits of Email, this problem would have to be solved by connecting a Self-Sovereign Identity. An identity that can be verified and hardened by third parties, yet remain under control of the user. This identity would have to be referenced by each Email so that any recipient can verify truth of sender.
As a result, Email becomes far more trustworthy. Would you want all your Email to carry such a seal? And would you want to always send your messages in this way to ensure you are not being misrepresented so your peers can easily identify what has really been produced by you — and what may have been done by a malicious person gaining access to your account? What if this capability was seamlessly integrated into any provider and email client worldwide?
Vereign has been working on exactly this, and we would welcome you to try out our prototype and help us spread the word. Your inbox might become a lot less exciting. But at least you would know the content to be genuine.