LEAP is a non-profit dedicated to giving all internet users access to secure communication by making encryption technology easy to use and widely available.
Many people, particularly journalists, still rely heavily on email communication, and the stakes could not be higher. Sources are being jailed, and in some countries, journalists are dying because their communication technologies betray their identity, location, and conversations.
To address this, LEAP has created a free, open source email system with both high security and ease of use. The LEAP application works by providing a local proxy that a standard email client connects to. The application takes the pain out of sending secure emails by quitely handling the complexities of public key encryption: automatic key management, decryption of incoming mail, and encryption of all outgoing email (using OpenPGP). Along with the application, LEAP has also created “provider in a box” server software to lower the barriers for aspiring service providers.
Project: Encrypted Email Made Easy
By taking the approach of a custom server and a custom application, a LEAP-powered system has several security advantages over typical encrypted email: incoming email is immediately encrypted by the service provider so only the recipient can read it; email is always stored client-encrypted, both locally and when synchronized with the server; all message relay among service providers is required to be encrypted (when this capability is detected); and public keys are automatically discovered and validated.
This system is not perfect: the limitations of existing email protocols means that protection of meta-data and forward secrecy are the responsibility of the service provider. However, other important security properties, such as confidentiality and authenticity, are “end-to-end” and do not rely on the service provider. Obviously, when a user sends email to someone who has never used encrypted email, then the communication works like normal email, with all the normal security problems. In the long run, we all probably need to migrate beyond email. For now, LEAP is pushing the boundary of how secure email can be and how usable encryption can be.
After a year of development, LEAP will be releasing a public beta of the application and server platform in early 2014, but they have a lot of work ahead to create a truly stable product. All donations received by LEAP will be devoted to programmer time for fixing bugs, improving reliability, refining the user experience, and improving compatibility with Windows, Mac, and Linux. See https://leap.se/email for more information.