This week’s headlines about newfound vulnerabilities in the PGP and S/MIME email-encryption programs really shocked me—not because the vulnerabilities (dubbed EFAIL … get it?) seemed so dangerous but rather because I was astonished to discover there are apparently people who still care about PGP. The vulnerabilities were first announced on Monday by a group of researchers based in Germany and Belgium who described their findings in a paper that will be presented at the USENIX Security Symposium in August.
The researchers identify an interesting and novel way of accessing encrypted emails by exfiltrating the text of those messages through active HTML content, like externally loaded images. That active content can allow for the encrypted text of the email messages to be intercepted by an attacker when the message attempts to load outside URLs. This is an interesting and important discovery from the perspective of academic cybersecurity research, but to rely on it to declare—as, for instance, Gizmodo’s headline did—“Email No Longer a Secure Method of Communication” is both hyperbolic and ironic.
Email was never a secure method of communication for most of us—odds are pretty good you don’t encrypt your emails and never have, and may not even have an easy way to do so, especially if you rely on web-based clients to access your email. (In the event that you are one of the few people who do rely on OpenPGP to encrypt your email, the Electronic Frontier Foundation has a good guide to what you need to know about the most recent discoveries.)
Trying to persuade people to encrypt their email is a battle that security and privacy advocates have been losing for decades. The original PGP, or Pretty Good Privacy, program that relies on the vulnerable OpenPGP standard dates back to 1991. In the nearly three decades since then, we’ve made considerable strides in encrypting many of our digital communication channels, including our iMessages, our Skype calls, our Facebook Messenger conversations—but not our emails.
Encrypting our emails is harder than encrypting our iMessages or Skype calls or Facebook chats precisely because it requires us to do something ourselves rather than rely on Apple or Microsoft or Facebook to do it all for us. Unlike iMessage or Skype, email is an application that is not owned and operated by a single, centralized company, which means there is no single company that can unilaterally flip a switch and encrypt all of your email correspondence end to end. You may have a Gmail account managed by Google, but you probably still send some emails to people whose email accounts and servers are managed by other companies. So Google can’t just promise to encrypt all your messages and decrypt them at the other end for the recipients because they do not have access to those recipients’ inboxes or devices.
If you wanted to use an encryption standard like S/MIME for your email account (before it was discovered to be vulnerable, that is), you would have to procure your own encryption keys and set them up with your mail client—a process that has not, historically, been straightforward for nontechnical users. In fact, there’s a series of research papers that look at this very problem, beginning with a classic 1999 USENIX paper authored by Alma Whitten and J.D. Tygar titled “Why Johnny Can’t Encrypt: a Usability Evaluation of PGP 5.0,” followed by a 2006 poster “Why Johnny Still Can’t Encrypt: Evaluating the Usability of Email Encryption Software” by another set of researchers, and a 2016 paper “Why Johnny Still, Still Can’t Encrypt: Evaluating the Usability of a Modern PGP Client” by yet another research group.
You get the idea: You’re Johnny, and despite having had access to email-encryption software since the early 1990s, you’re probably completely incapable of using it because most email clients have never done a good job of supporting encryption standards like OpenPGP and have never made encryption a priority or incorporated it seamlessly into their software. Why would anyone ever bother to send encrypted emails when they could instead send encrypted iMessages without having to do any of the necessary legwork of getting their own encryption keys or configuring their mail clients?
There are, of course, a small number of security-conscious people who do send and receive encrypted email messages, but that’s only a worthwhile activity if the people they are corresponding with are also sending and receiving encrypted email messages. For instance, if you search your email for attachments with the filename “smime.p7s,” you’ll get a sense of how many people you’ve corresponded with who tried to append digital signatures to their emails that could be used to exchange encrypted emails only to discover that your email host didn’t support encryption. (That attachment is what the digital signature turns into when it can’t be interpreted or used for its intended purpose.)
So the encrypted-email EFAIL, such as it is, did not happen this week and runs much deeper than the technical vulnerabilities identified by the German and Belgian researchers. We can—and should—fix those flaws, but if we actually want to turn email into a secure channel of communication for the first time, the much larger hurdle is and always has been baking it into email clients so seamlessly and invisibly that it requires no more effort from the end user than sending an iMessage.