But even before this week’s news, questions have been raised about the usability of PGP. Matthew Green, a cryptographer and professor at John Hopkins University has argued that “it’s time for PGP to die”. It turns out that for the majority of people, Pretty Good Privacy may not be good enough.
‘It’s time for PGP to die’
One of the many problems with PGP is its age, says Green. It was first developed in 1991 (“when we didn’t really know anything about crypto”) and then standardised into OpenPGP from 1997.
The science of cryptography has advanced dramatically since then, but PGP hasn’t, and any new implementations have to remain compatible with the features of previous tools, which can leave them vulnerable to similar exploits.
There are other faults, including the difficulty of accessing encrypted emails across multiple devices, and the issue of forward secrecy, which means that a breach potentially opens up all your past communication (unless you change your keys regularly). It’s rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.
But the biggest problem with PGP is how difficult it is for people to use simply. "It’s a real pain," says Green. "There’s key management – you have to use it in your existing email client, and then you have to download keys, and then there’s this whole third issue of making sure they’re the right keys."
This criticism has plagued PGP for most of its existence. A technical research paper by Alma Whitten and JD Tygar called Why Johnny Can’t Encrypt: a Usability Evaluation of PGP 5.0 drew attention to the problem as early as 1999.
To encrypt an email manually using PGP requires a decent level of technical knowledge, and adds several steps to the process of sending each message, to the extent that even Phil Zimmerman, the creator of PGP, no longer uses it.
Read more: Protect your iPhone with these essential iOS security tips
“All of these things have been really hard for non-experts, and even for experts,” says Green. Even Edward Snowden has screwed it up. When he first reached out anonymously to a friend of Poitras, Micah Lee, to ask him for her public PGP key, he forgot to attach his own public key, meaning that Hill had no secure way to respond to him.
Many of the issues around PGP are aligned with email being a dated form of communication. To make PGP easier to use, end users can install plug-ins for their email clients, or use browser-based solutions to encrypt and decode their messages, but this is where vulnerabilities can creep in.
In the case of EFail, the issue is not with the PGP protocol itself, but with the way it has been implemented, says Josh Boehm, founder and CEO of encrypted communications service cyph.com, which offers private voice and video chat in a web browser.
“There’s no standard way of implementing it, so a number of people have just done it wrong,” he says. “That then becomes the weakest link in the chain. It doesn’t matter how strong the chain of PGP is, if they can get you to unlock it and send that information to them it’s essentially worthless.”
The rise of encrypted messengers
We could all benefit from end-to-end encryption of our emails, but because it’s so difficult to use, PGP has largely remained the reserve of tech-savvy whistle-blowers and cryptography experts. Green says a recent search puts the number of non-expired public PGP keys at around 50,000. “That’s the total usage of PGP,” he says. “The vast majority of people don’t use it.”
By contrast, in 2016, there were almost 50 million global downloads of the encrypted messaging app Telegram. On Twitter, links to PGP keys in the bios of journalists are being replaced by the phone numbers they use for Signal, the encrypted messaging service endorsed by leading security experts around the world. Then there’s Apple’s iMessage, and of course WhatsApp - which, in turning on end-to-end encryption for more than a billion by default has arguably done the most to take encryption to the masses.