Why isn't there an end-to-end encryption standard for email so that we can get rid of fax machines?
That's the reason we have to still use fax machines right?
I know there are ways to do encryption like PGP on your message directly or I think email sent over TLS? But that isn't the default right and that's why I can't send a picture of my license to the insurance company directly over email?
You are viewing a single comment
Lol no, faxes do not have encryption. However, they are transferred over old school phone lines, which are not exposed to the internet, therefore making them harder to intercept. Also, federal wire tap laws are pretty beefy so risk in doing so is higher. That’s pretty much it though
You mean far, far easier to intercept? You used to be able to just stick a coil around the wires.
The main issue is just a lot of countries governments' don't trust computers still. In Germany they insist on fax and post as it's the only thing they can use as proof of signature in court, etc.
But it's government laws and regulation that is behind. It's not so much of a technical problem (although E2EE email standard would be nice!).
“Harder to intercept” as in you have to go outside where the grass is to play around with the telephone wires, as opposed to typey-typey in your mom’s basement. Ain’t nobody got time for that
It's the same though.
To intercept the email you need to be on a network that receives it (i.e. ISPs).
It being stored unencrypted is a totally different problem (and also for letters, faxes, etc.)
No. Government had nothing to do with it, these are separate issues. WhatsApp was never approved by the government, yet it's widely used and it has E2E. OTOH, German government accepts email for lots of things. I know of some public sectors requiring email with PGP even.
The actual problem is that both email and PGP are really bad. This on my opinion describes it very well: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html
On top of that these days most phone calls are routed over the internet at some point too.
Well, how do you proof an email has been delivered if you don't get a confirmation? That's the main problem when going to court.
Yeah, this is a pain with faxes and letters too though - I had first-hand experience in Germany unfortunately.
Would be interesting to require read receipts to be on.
You can't without the logs from the recipient server.
Phone systems are all digital these days. A phone tap is easier than ever, and in higher quality.
Also playing back the sound of a fax can reproduce a fax, with the right tools.
Most companies now use fax severs which use the same SIP trunks that phone calls to the business use. Even if they are using old POTS lines the fax machines themselves are usually not in a secure area, but out in the open where anyone can walk by and pick them up.
I had to have a discussion with our cyber group that didn’t understand this and insisted that we encrypt our digital fax sever. I tried many ways to convince them that it simply was not possible to encrypt faxes when we were getting or sending faxes to random people in the general population. It really tested my patience and my ability to stretch the truth so they would drop their idiotic request.