What is PGP Encryption? An inside look with Phil Zimmermann & Phil Dunkelberger.
PGP encryption is a critical security feature of StartMail’s email service – it scrambles the contents of your messages so that it can’t be read by anyone other than the sender and the intended recipient. And they really mean no one can read it, not even them! Though technologically complicated, they made it extremely user-friendly for StartMail users, ensuring that there are no obstacles to your email privacy.
PGP stands for Pretty Good Privacy, which is quite the understatement since it is considered the gold standard for email privacy. What exactly is PGP? And why is PGP so important? Looking for some background (and data!) on all of this, I talked to Phil Zimmermann, creator of PGP and co-founder of PGP Corporation.
PGP was originally designed as a human rights tool; Zimmermann published the source code online in 1991 so that people could analyze it. “It was my activism of the 1980s that led me to want to make a tool for human rights activists because they’re often working at odds with the governments in the countries they live in,” said Zimmermann. “I was trying to protect people against governments. I felt like they needed protection and thought PGP would be good for human rights applications.”
This led to a series of persecutions from the US Government. “It took many years of struggling (…), but that ended in 1996, but then we still had to spend the rest of the decade fighting to change the laws, which we did in 2000” Zimmermann added.
In early 1996, after the persecutions ended, Zimmermann founded PGP Inc. “I wanted to include this valuable security tool into a commercial product. Before then, I was thinking that PGP was mainly a human rights tool and I realized it could be a valuable business tool too,” commented Zimmermann.
These days, PGP is used for private messages and transactions across the world. Everything from your email to your ATM uses PGP to secure customer safety. “In the past years, strong encryption has become entrenched in the world economy, and it was PGP that paved the way for that” (Zimmermann, 2020).
So what is PGP and why is it such a big deal? Phillip Dunkelberger, co-founder and CEO of PGP Corporation (until Symantec acquired it in 2010) and currently President and CEO of Nok Nok Labs had the answers. The following is my Q&A with him.
In layman’s terms, can you briefly explain what PGP is?
According to its creator, Phil Zimmermann, PGP was designed to be an applied piece of cryptography. Cryptography essentially scrambles plain text data. So, let’s say you want to send someone an email. PGP will scramble that email and make it look like gibberish to anyone that tries to intercept it. Underneath that gibberish, and wrapped up in a very secure wrapper, is the plaintext message you are actually sending. Only those with the decryption key can “unwrap” the wrapper and read the plaintext message. Basically, this means that outsiders can’t read it. If a third party tries to look at your encrypted email, all they’d see is a string of random letters and characters.
How is PGP different from other forms of encryption?
Encryption, in general, is the ability to scramble data. There are several ways you can implement that. You can encrypt many things, such as hard drives, files, and text messages. Think of things we use like WhatsApp or any of the chat apps, or something like an email system, those things have their own needs of encryption that works for how their system works; all encryption methods have a different flavor of scrambling data at their core, and they’re implemented differently depending on the use case.
What made PGP stand out is that it provided the world with a standard way to encrypt emails regardless of the underlying email system. It doesn’t matter what email system you’re using, the PGP protocol can scramble mails from your computer and ensured that only the recipient can decipher them.
Of course, there are several standard encryption protocols that were introduced to the IETF (Internet Engineering Task Force) so everybody could essentially scramble and unscramble data in email. PGP was the most widely-used of all those protocols.
How has PGP encryption changed over time?
Originally, PGP was freeware with no graphical user interface. It had a simple command-line interface and you had to be reasonably technical to use it on both sides. Most people didn’t know how to set it up, create it, use their keys to unlock, and so forth.
Then, companies such as PGP Corporation built tools, like user interfaces. We ultimately built a server that could service the keys and do everything behind the scenes. All users had to do was type and send the email while the service behind the scenes did all the encryption. We’ve gone a long way in taking away the complexity and making the PGP protocol simple to use.
What makes PGP so important?
PGP has given people far more security and flexibility than they had before. In fact, it’s one of the most important technologies in the PC era.
One of my favorite quotes is: “PGP gave the ability for individuals to whisper on the internet.” Everything you send on the internet unencrypted is in plaintext. The same goes for everything you download and store on your device. It’s all basically a postcard – anyone who has gained access to your device can read everything there. Many people don’t know that and are shocked when something private gets posted online or when identity theft occurs.
Data breaches and identity theft are still some of the biggest risks on the internet. Fraud is rampant because people can easily steal your information or impersonate you. “Identity theft is going nuts right now with this pandemic, as is fraud because we’re so used of interacting, uploading and downloading info, contacts, passwords, everything” commented Dunkelberger.
Fraud is now more profitable than drug cartels. Data is the new currency. We’re emailing things like banking information, and most of that is going over the internet unsecured. That’s what PGP was designed to prevent.
Cryptanalysis had an enormous impact on World War II. Many governments, including the U.S. and its NATO allies, regulated the export of cryptography for national security reasons, basically denying potential enemy countries access to cryptographic systems. As late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Equipment. The U.S. has since relaxed such laws, but some restrictions still remain, even for mass-market products, particularly with regard to export to “rogue states” and terrorist organizations.
Encrypting your email is an important step in protecting your online privacy. Use StartMail to protect your email with strong encryption. You can now get one for 50% with our World Privacy Day Deal. For current users, keep in mind that you and your friend can earn a 50% discount for an account renewal or upgrade with the referral program.