Encryption is the best way to protect your online communications from the prying eyes of the National Security Agency. So says NSA whistleblower Edward Snowden.
The rub is that email encryption systems like PGP — short for Pretty Good Privacy — are a real pain for people to use, especially if they're not steeped in the minutiae of computing. That means few people use PGP, and those who do are in danger of using it incorrectly. But it looks like Google is trying to change that. According to Venture Beat, the search giant working to create a new version of Gmail that makes PGP encryption far easier to use.
Google didn't respond to our request for comment on the story, and even if the rumors are true, the company is facing an extremely difficult task. But it's in a better position to take encryption mainstream than anyone else, and such a project is just what the web needs.
PGP, first released in 1991, uses a form of encryption known as public-key cryptography. This means that if you use PGP, you create two encryption "keys," which are basically big chunks of random numbers and letters that email software programs can use to scramble and descramble your messages. Your "public key" is what other people use to encrypt messages they send to you. That's freely available to the world at large. Then there's your "private key," which lets you decipher these encrypted messages. Using your PGP keys, you can also "sign" a message to prove to someone that it was sent by you.
PGP is remarkably hard to crack, but it's also hard to use in the correct way. Researchers at Carnegie Mellon University published a paper in 1999 showing that most people couldn't figure out how to sign and encrypt messages using the current version of PGP. Eight years later, another group of Carnegie Mellon researchers published a follow-up paper saying that, although a newer version of PGP made it easy to decrypt messages, most people still struggled with encrypting and signing messages, finding and verifying other people's public encryption keys, and sharing their own keys.
The easiest way to use PGP today is probably a plugin available for both Firefox and Chrome called Mailvelope. It makes it pretty easy to create a PGP key pair and decrypt messages, but there are some limitations. First, you need to download the plugin and either create new PGP keys or import existing ones. And the plugin and your keys will need to be installed on every computer that you plan to use.
And when you get it installed on all your machine, it doesn't always play nicely with a tool like Gmail. Instead of just letting you type your message in Gmail's own "New Message" interface, Mailvelope opens a separate window for you to type in, then sends the encrypted text back into Gmail. Mailvelope developer Thomas Oberndörfer tells us the plug-in does this because it's impossible to know whether Google will save an unencrytped copy of your text while you're typing. "That means all private data like message content and keys have to be completely isolated from Gmail," he says.
Since Snowden revealed so many of the ways that the NSA is eavesdropping on our online communications, several projects that try to solve such problems. Mailpile, for instance, is an open source e-mail client built from the ground up to handle encryption. The idea is that by being a core part of the application, rather than a plugin, the user experience will be much better. But although the Mailpile team is working hard to reproduce as many of Gmail's features as possible — such as a fast search system and a conversation view — there's always a question of whether normal users can be convinced to download the software to begin with.
Meanwhile, a new company called Keybase.io is trying to make it easier to find and verify other people's public keys by tying them to Twitter profiles, personal websites and GitHub accounts to verify identities.
But Google may be in a better position to solve both the integration and key management issues. The company could build PGP tools directly into the Chrome browser as well as its mobile apps, so that users would be able to retain control over their private keys without having to download special software. And if public keys were associated with user profiles, the discovery and verification of keys could be baked right into Gmail's address book, all but solving the discovery and verification issue for most users.
Baking features into Google's already popular applications could go a long way towards getting more users to adopt the tools. But Brennan Novak, a usability designer at Mailpile, tells us that it will still be tricky for Google to manage the transfer of keys back and forth between different devices. And, of course, Google would need to open source the relevant bits of software before it can be trusted.
There's also no guarantee that Google would do a better job than any of its predecessors at making PGP usable enough to be safe. Google has gained a reputation in recent years of prioritizing engineering over design and usability. But those who remember what search was like before Google, what web based email was like before Gmail, and what mapping software was like before Google Maps may disagree with this assessment.
That said, there are downsides good design can't solve. If you lose your private key or forget your passphrase, you'd still be out of luck. There's no way Google could recover it for you. Also, Google wouldn't be able to scan and index the text of your e-mails. That's a problem if you need to search for old emails not stored on your own machine. It could be a real issue for Google's business model as well, which involves scanning the text of emails in order to place contextual advertising.
But if Google was willing to take that advertising hit — and it might, if it meant retaining access to other data, and providing users with more peace of mind — it could bring PGP to a much larger audience.
The added issue that PGP is has own limitations. Even if you encrypt your e-mail, someone who intercepts the message will be able to tell who it was sent by and who it was sent to. On one hand, the fact that senders are exposed even in encrypted messages could help Google search mail that's stored on a server. But it could be a real security issue for some people. "If you’re actually concerned that someone will know who you’re communicating with, that’s not something that PGP can help," Rainey Reitman, the director of the activism team at the Electronic Frontier Foundation, told us last year.
She says under some circumstances, real-time communications tools like Off-the-Record plugin for the Pidgeon and Adium instant message clients, or an anonymous file uploading system like the Freedom of the Press Foundation's open source project DeadDrop. Meanwhile, other projects are trying to create entirely new forms of secure communication. PGP creator Phil Zimmermann has teamed up with Ladar Levison of Lavabit — the email service Edward Snowden used — to create a new messaging protocol called Darkmail. Other projects along these lines include BitMessage, SecuShare and Briar.
But as Mailpile developer Bjarni Rúnar Einarsson told us last year: "Email is going to be with us for a long time. We need to do what we can to make it more secure." And while we applaud Mailpile's efforts to do that, Google is in an even better position to bring secure mail to the masses, should it choose to do so.
