PGP: An Old Technology for a New Media Environment

Data privacy is, and should, be top of mind for journalists. As the Trump Administration takes an antagonistic approach with the media, it’s not very unrealistic to imagine the President signing an executive order any day now forcing news organizations to release emails to the government or have to pay significant fines or even face jail time if they do not reveal sources for leaks.

Just this week, President Trump tweeted about the “illegal tweets coming out of Washington” following the resignation of Michael Flynn as National Security Advisor. Flynn’s resignation was due in large part to reporters from The New York Times, the Washington Post, and other outlets publishing stories based on leaked information from government officials about Flynn’s conversations with Russia.

For journalists to keep informing the public of the stories that the Administration is trying to hide or ignore, they must continue using anonymous sources from within the government. These leaks cannot stop, regardless of whatever measures the Administration tries to put in place to stop government employees from speaking out and contacting the press.

The Need for Encryption

But for many of these employees, there are major ramifications to divulging top secret or sensitive information. Before any government employee considers leaking information to the press, they need to be sure that the communication is delivered securely and their identity is not divulged. Outside of in-person, secret meetups Deepthroat-style, this means that the journalist will need to use encryption to keep the information secure. Similarly, the journalist will need to keep the information secure to keep sources private to continue reporting the stories that need to be told.

PGP: A Golden Standard

Pretty Good Privacy (PGP) is a free encryption and decryption program created by Phil Zimmermann and typically used for email that has been around since 1991. The name, which is a tribute to A Prairie Home Companion, is misleading, as the tool is known to be more than just “pretty good” when it comes to maintaining a user’s privacy. In a post titled “Why do you need PGP?,” Zimmermann explains the need for the encryption tool:

Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable military grade public-key cryptographic technology. Until now. PGP empowers people to take their privacy into their own hands. There’s a growing social need for it.

Encryption, much like PGP, is a very old technology that is still just as relevant and powerful as it was when it  was first invented. Through encryption, the message you send is muddled up into a meaningless string of letters and numbers so that anyone snooping through your email cannot decipher the message. Only those with the correct key can unlock the meaning:

(via Lifehacker)

To start using PGP, you need to download GNU Privacy Guard (GnuPG), either through GPGTools (OS X) or Gpg4win (Windows). Once he or she has his or her own PGP key, the person can communicate with anyone else through encryption, so long as the recipient also has a PGP key. There are several browser extensions you can download to make the process of sending an encrypted email quicker, including PGP Anywhere and Mailvelope. PGP also works with mail clients such as Mozilla Thunderbird for email encryption.

The biggest hurdle for anyone new to PGP is finding others who have their own PGP keys as well. WIthout the two-way system, you cannot send the encrypted messages. This may be a deterrent for some reporters who cannot convince sources to use a PGP key because of the time it takes to set it up. But for journalists who want to protect information and confidentiality, the upfront costs are worth the privacy gained through encryption.

To avoid this issue, there are other encryption tools journalists can use, such as Virtru. This tool is used in conjunction with other platforms such as Gmail and Salesforce to keep information secure through data encryption. However, unlike PGP, Virtru and other similar products are not free for users.

PGP is only the first step

Though email encryption is only one step journalists can take to keep their messages secure and the privacy of their sources intact, it’s one of the most important and the first they should consider. PGP is not the perfect solution for encryption, as several government agencies to have the ability to unlock keys and decipher the message. But using PGP can be seen as a gateway for journalists to better maintain confidentiality and keep information secure. Creating a key and locking their emails is the first step journalists can take to unlocking the road to better privacy habits.

Maddie’s Bio

I’m Maddie Perez, a second year MBA at MIT Sloan. Before coming to MIT I had a mixed bag of a career, including working in sports journalism, crisis communication, education PR, R&D research and consulting, and venture capital. I’m an aspiring venture capitalist with the hope of funding media companies that have found ways to create high-quality, accurate content with a profitable business model—we’ll see how long that takes. Here are a few more random facts about me:

  • I’m an army brat and moved around a bit growing up, but I consider Fayetteville, NC home
  • Coding-wise, I’ve focused primarily on front end work, and am pretty proficient in CSS/HTML and quasi-proficient in JavaScript
  • I’m currently working on a VR platform for autism therapy. The hope is that using different types of media in new ways (in this case building simulation exercises for VR) can improve the efficacy of autism therapy while drastically reducing costs
  • I was an English major in undergrad with a minor in policy journalism and media studies, so in some ways I feel like I get to relive some of my favorite classes
  • I’m a proud Slytherin