If the public has been taught anything from the recent exposure of widespread surveillance targeting online data, it is that encryption has never been a more important part of our daily communications. News stories regarding the NSA, GCHQ and the whistle-blower Edward Snowden have all highlighted the need for consumers to take responsibility for their own data encryption, by using a more robust approach.
Encryption: Never Leave Your Draft Folder Without It
So what is the significance of encrypted data in an increasingly digital world? Without encryption, it is fair to assume that any online message may be compromised: a potential embarrassment when discussing personal data, but potentially catastrophic when discussing business, or state-level information.
PGP: Is ‘Pretty Good’ Still Good Enough?
So, what is encryption? There are many forms and different techniques, but the current standard for web security is the OpenPGP system, which has been in place since 1991 in various forms. PGP (‘Pretty Good Privacy’) combines public and symmetric, private key systems with a digital signature authentication, ensuring encryption at both the sender and recipient’s ends, and guaranteeing the identities of both parties.
Essentially, PGP can provide impenetrable encryption on emails and data exchanges across the net. But how strong is PGP? And can one product really provide the solution for every security problem?
Cracks and Back Doors: Knowing the Risks
The question in the light of recent developments is whether PGP is still fit for purpose. It is worth noting that Phil Zimmermann, the man behind PGP encryption, is confident that no agencies have yet managed to crack his system. The reason for his assertion is that the US Government itself uses the PGP system to encrypt its own data, which it would not do were it aware of any vulnerabilities.
Cracking the cipher is not the only way that agencies and individuals can access personal data, however. One of the most startling revelations in the wake of the NSA and Snowden affair was the accusation that many consumer products have covert security ‘back doors’ purposely built into them. The Guardian newspaper has reported that end-user services by Microsoft (including Outlook 2010, Outlook2013 and Skype), Apple, Google, Facebook and Yahoo have all willingly provided access points for their own systems to the NSA.
Additionally, in an increasingly handheld driven market of smartphones and tablet computers, the ability to use a separate PGP client in conjunction with an app-based email client is a complicated and time-consuming procedure that, so far, has no easy solution. Given that data encryption is all the more important on roaming devices, the need for a PGP app that meshes well with email is growing by the day.
Striking back: Taking Extra Measures, and the Crypto Campaign
The upshot of this is that modern businesses – and, indeed, individuals – should no longer consider their web-based data either private or secure, unless it is encrypted. The strength of PGP and its Unix derivative GPG is that the great majority of encryption clients are open source, can be run in the background alongside email clients, and offer multilevel security for your data.
Campaigning for free use of cryptographic technologies is an issue of fierce debate, with many state-level organisations limiting the export of encryption software. Zimmermann himself was the target of legal action by the American government in the 1990s. Currently, certain levels of encryption are still banned but, with the recent focus on the security of private data, the interest and demand for widely-accessible, and viable encryption has never been higher.