The problem with secure communications is not so much the protocols as it is usability – the tech may be there, but if it’s a pain to use then people won’t use it. This makes the Pretty Easy Privacy (pEp) project an interesting one to watch.
Currently crowdfunding via Indiegogo, pEp is a user interface project that aims to make standards like PGP more accessible to ordinary people by removing the need for understanding key management. To start with, the Switzerland- and Luxembourg-based team has come up with an Outlook plugin that’s intended to help corporate users embrace encryption. If the crowdfunding campaign works out, this will be followed by pEp apps for Android, then iOS.
“The basic idea is that we are constantly failing in spreading cryptography,” pEp software architect Volker Birk told me in a phone interview. “Either we have the problem that cryptography is very complicated like PGP, and people don’t use it, or we have that trap that people make new apps like Threema but people cannot reach their friends there.”
Hence pEp’s nature as a user interface scheme rather than some new standard (it uses established standards such as GnuPG and NetPGP). The idea is to provide encryption in the simplest possible manner – if it works as promised, the user will be aware of the security of their communications channels but will need to do no more than hit “send”.
pEp uses color-coding to denote trust. “Gray” means the conversation is open to surveillance. If the pEp user is initiating the conversation, the first message they send will be “gray” because that’s how it works with setting up encrypted email conversations. The conversation will stay gray if the correspondent does not have encryption capabilities or uses a poor encryption system, but it will turn yellow if the correspondent uses well-known encryption that has not been subject to any known attacks.
As Birk stressed, “yellow”-worthy encryption would need to, for example, use RSA keys of at least 2048 bits and not depend on public certificate authorities (CAs) that may have been “taken out” by secret services or hackers (the pEp folks really don’t like the commercial CA system). “Yellow means it is technically correct,” he said.
The top level of security is denoted by the color green, which would involve both correspondents using a pEp client – this would add subject and metadata anonymization to the encryption that’s already used in “yellow” conversations, by relying on the GnuNET transport framework. Here, pEp eschews the web of trust and CA-dependent X.509 public key infrastructure models in favor of a safewords system – in order to establish that no-one has executed a man-in-the-middle attack to let them spy on the conversation, the correspondents need to have a phone conversation to establish that they’re both seeing the same safewords, after which their communications channel will become and stay “green”.
Plugins are ideal for the pEp team’s vision, as they mean users can just use the same programs they’re already using, only more securely – this is already demonstrated with Outlook, but browser plugins can achieve the same with webmail providers that offer an API. However, mobile platforms like iOS and Android don’t do plugins, which is why pEp is planning apps for those.
Yes, this means downloading another app, but the idea here is to pull in messages from all the other communications apps on the device, so the pEp app can act as a hub and a way to steer conversations onto a secure channel. As all the pEp implementations use the same engine, they can also be used to synchronize contacts and calendar entries between them through secure P2P, rather than the cloud.
Corporate and consumer hopes
pEp comes out of the Cypherpunk movement but it’s gunning for corporate customers too. One of the co-founders, Leon Schumacher, was group CIO for huge firms like [company]Novartis[/company] and [company]ArcelorMittal[/company] – he reckons there will be big demand in this sector for such systems.
“The corporate market is totally underserved,” Schumacher told me. “If we’re lucky, 0.5 percent of all email going over the internet is encrypted. To secure that and to protect corporate IP and so forth, if we can give people a solution that does not annoy them, that just works, they will embrace it.” To that end, pEp’s Outlook plugin will go in sale during the next month – Schumacher said it is already being piloted by “a couple of large companies.”
Here, pEp would charge the companies for support. On the consumer side, because pEp is free software under the Gnu General Public License, anyone can download it and compile it themselves – if they have the know-how to do so – but the team will also sell its apps for a few bucks.
pEp’s free, open-source nature means anyone can inspect the code, but some of the team’s revenues will go towards paid code review, Birk said. “As we learned with OpenSSL, providing the source code is not enough,” he said. “It’s not enough if you can read the source code; you have to really read it. Before each release, we will hire a code reviewer and make them publish the code review on it.”