Imagine a scenario where the post office has free access to our personal mail, which we entrust to them for transit and delivery. Not many would obviously be comfortable with such an idea. Nonetheless, we seem to have got used to this privacy invasion in the virtual space. The most popular email service, Google Mail, for instance, is known to peruse our personal emails and use them for “targeted” advertising.
Lay users would appear awestruck at the precisely targeted ads, fitting the context of a conversation on Gmail or Facebook. This does not happen by accident, but by very clever design. Intelligent programmes, which interpret and parse information in our conversations, forward ads that it thinks are ‘relevant’ to our ‘profiles’.
Those who want to stop these programmes from making sense out of our personal messages turn to the several solutions that are available. The ideal solution, stopping the use of email services, would appear impractical today. A more practical option would be to adopt a solution that encrypts and decrypts the content in our emails.
Pretty Good Privacy
In 1991, Phil Zimmermann released PGP (Pretty Good Privacy), which has since altered user-level encryption and decryption techniques. PGP enables users of ‘low-end’ computers to secure their conversations over a public channel, in comparison to the military encryption techniques, which are expensive and involve heavy computation using high-performance machines.
PGP secures conversations and encrypts data by implementing digital signatures for authenticating the source, compression and decompression of data to conserve transmission time, and encryption and decryption of data to prevent eavesdropping. Although PGP can be performed even on a relatively low-end personal computer, it maintains almost unbreakable encryption levels, matching military-grade techniques.
How it works
To encrypt and decrypt data, PGP uses public key encryption technique. The session key implements a standard encryption algorithm to encrypt the compressed data. Then the session key is encrypted to the recipient’s public key. This public-key encrypted data is transmitted along with the encrypted data to the recipient.
To decrypt the data, the public key alone is of no use, and the intended recipient’s private key, which is maintained as a secret with the recipient only can decrypt the data.
The insecurity of having to transmit keys for decryption is eliminated in public key encryption, which is fluently incorporated in PGP implementations. The famous encryption algorithms RSA and DSA are primarily used with PGP.
OpenPGP and GPG
When Zimmermann’s PGP programme got entangled in licensing and patent issues because of the algorithms it used, an international standardisation was proposed which would serve to monitor the design and implementation of PGP, and OpenPGP was established in 1997.
The Free Software Foundation implemented its own Free version of PGP based on OpenPGP specifications — The GNU Privacy Guard (GPG), a Free software implementation of PGP with source code available for study and improvement.
While the conventional implementation of PGP, or GPG, could be cumbersome for normal users, various enhancements in the form of plugins to Web browsers and mail clients are now available. Mozilla Firefox’s add-on FireGPG and Thunderbird’s Enigmail are examples of these enhancements.
Praveen Arimbathodiyil, a Debian developer, emphasises the importance of securing privacy in virtual communication.
“OpenPGP is not just about the technology of encryption and decryption. What we are accomplishing is a method of providing a secure channel for communication on the Internet. People need to have a mechanism to carry out conversations over the Internet without having to compromise their privacy, and OpenPGP ensures it to the fullest,” he says.