The Envelope Subject
Encrypted email normally sends the “
Subject:” line unencrypted. The disadvantage is obvious. The advantages less so.
Back in the age of paper based messaging a message was represented as a physical object. That works well because people are good at manipulating objects (even thin sheets of paper) and because they are good at identifying objects. A person can easily pick out a particular message from a stack by riffling through them and triggering on the overall appearance of the marks on the paper and even subtle differences in the paper itself.
The Subject was a blank to fill in on business memorandums along with the To and From. A memorandum was intended for short, handwritten, tactical style messaging. The preexisting context in a fixed format reduced the amount of writing required and helped the reader to parse the message quickly. A subject line was never seen in personal correspondence. It was seen sometimes in business mail (a memo in an envelope).
Sometimes people write things on the outside of the envelope:
Do not open before Christmas.
To be opened on passing the Sixth Degree of Longitude West of Greenwich.
For your eyes only.
Sometimes the message is for the post office:
There doesn't seem to be any term available for this sort of meta information, so for my purposes I will dub it the “envelope subject”. Since the envelope and contents are physical objects, in practice there is always meta information due to differences in the envelope and the weight and feel of the contents. A letter from your employer that looks like your paycheck is opened immediately. A letter from your employer of unknown aspect might be opened apprehensively in private.
Email adopted the memorandum format and as a result email has a “
An email has no accompanying physical token. As a result some of the memorandum meta information (usually Date, From, and Subject) is placed on the row of a table to produce a pseudo object that can be used as a sort of handle to allow the selection and manipulation of the email. The subject is mostly used to identify and group discussion through the simple expedient of the email client making the incoming subject the default on outgoing subjects for replies. As with paper based messaging, the subject is not important for personal communication and is often left blank or will contain a semi-random phrase or a social greeting. The subject often has random meta information added in transit as it is the only place to put such information where it would be immediately visible and would not affect the content.
The encryption is the envelope. So here in the age of encrypted email we have an envelope subject. Here are some example circumstances where the envelope subject might be preferred to a secret subject:
- In any case where a better email handle is needed than just the Date and From data can provide. Encrypted email envelopes all look exactly the same.
- Any time you might want to filter encrypted email without opening it. An encrypted email list for example.
- To indicate urgency.
- To provide a subject that can be searched on without opening the email.
- Where someone like a customer can see your email index.
- Where you would like to group related discussion together, perhaps without revealing anything about the discussion.
- Something to use in a new mail pop-up, particularly if the platform is something like a smart phone.
An advantage that encrypted email has over other mediums is that the recipient can carefully choose when and where they open the email1). Having an envelope subject supports this.
If it was originally decided that the subject would be included with the encrypted part of the email then things would of been more complicated. Some questions:
- Should we decrypt the entire message just to show the subject?
- Should the subject be cached? For how long?
- How much protection should the cached subject have? How can it be done in a straightforward and understandable way?
The more general issue is that when we decide to protect the privacy of the subject we have to decide how much it should be protected. That is going to be different for different users of the system depending on circumstances.
It is sometimes suggested2) that we now switch the function of the subject from envelope to secret. Email subjects have been treated as envelope subjects for 30 years. It is a well established standard method. Attempting to convince everyone to switch to a secret subject will not work because:
- People are using the subject as an envelope subject and will not change.
- People will not want to contribute to the destruction of a long established standard. Such an action would be irresponsible.
The work involved in creating a new standard that would take into account forward and backward envelope/secret subject compatibility would be better spent in coming up with a method of automatically creating a email handle from the unlocked body of the email. Such a solution would improve casual non-business email use and could be customized per user. The result would be conceptionally compatible with full text searches which are also limited to unlocked emails.
Ending on an advocacy note… The fact that the subject of an encrypted email is unencrypted is not some sort of oversight. It is a simple and reasonable thing to do. Such an unencrypted subject could even be considered an essential feature for a medium like encrypted email. It would certainly be possible to have some sort of encrypted context/summary but that would be an addition, not a replacement.