I was watching a round table with Ridley Scott the other day where he admitted he still uses fax because it's more secure than e-mail [0]. Does anyone know how valid that claim is?
Fax isn't encrypted. If you wiretap the line, you can just read off any faxes. Email can be sent over TLS, and the email itself can be encrypted with PGP.
However, superficially, fax is more secure because there are no stored copies (maybe depending on the machine?). There's the original, and the copy that gets printed out on the other end. If you were to fax over a script for a movie, there wouldn't be a copy sitting on a disk on the receiving end, there would only be a printout. That's what Ridley Scott is alluding to in that video.
Haha no. Telcos have had a tapping mentality for a long time. It's not advertised, but it's clearly there.
So, if we go from there and then take something like https://theintercept.com/2018/06/25/att-internet-nsa-spy-hub... and consider the complexity of that, then ponder XKEYSCORE and so forth, yes, absolutely ISPs store faxes __precisely because they're unencrypted__ and __precisely because they're routinely used for medical and other sensitive data__.
Or the NSA isn't worth its $1B/yr.
I don't know Ridley Scott, but he needs to talk to a nice security researcher at some point, someone whose feet are on the ground and who likes sharing honestly.
While it would be great if everyone used PGP, I don't think you can guarantee that interim SMTP servers (of which there could be several on your email's path to its recipient) will communicate with each other over TLS, or that your end user will download the email over a secure connection either. So, wiretapping your email is definitely that can happen even if you send it securely.
[0] https://www.youtube.com/watch?v=3_9bdVECQLo&t=20m37s