Off-the-record Email System

In the flood of communications now carried via email, it frequently happens that users want to keep some casual or sensitive exchanges off the record, just as in ordinary telephone conversations. Within the system architectures commonly in use today, however, virtually all email transmissions leave a permanent record behind - a paper trail - that is extremely difficult to obliterate. Even after an email is "deleted" by both the sender and the recipient, a copy will likely remain in backup storage at one or more of the email servers that handled the message during its lifetime. Encryption does not solve the problem, because the message can be recovered if the decryption key is revealed, perhaps under court order, or for some other reason. To ensure email privacy, an off-the-record email system is proposed in this paper. In this system, the email stays in the sender's computer and is read by the recipient through a Web browser over a secure connection. The message content cannot be recovered from an encrypted copy even with the help of both parties' private keys. Further, the email has a limited lifetime. After it is deleted from the sender's computer, it cannot be recovered from any remaining backup records. The new system is completely compatible with current email implementations. Using existing tools, email users can conduct secure, off-the-record communications. Two practical implementations are given to demonstrate how to deploy off-the-record email both in an Intranet as well as on the Internet. Keywords: Off-the-record, email, security, privacy. I