Facebook added support for PGP encryption this June, enabling users to import their public PGP key to be able to encrypt any emails sent to them via Facebook.
Today, end-to-end encrypted email provider ProtonMail has added support for PGP encrypted Facebook emails — allowing Facebook users to get their encrypted missives automatically decrypted within ProtonMail. The feature works within ProtonMail v2.1, on both web and its mobile apps, once users have imported their ProtonMail public key into Facebook.
The Swiss startup, which was founded last year, has raised more than $2.5 million — via crowdfunding and VC investment — to build a secure encrypted email service in Europe in the wake of the Snowden government surveillance disclosures. As of August ProtonMail had invited 500,000 sign-ups into its beta.
ProtonMail says the PGP support in v2.1 works for any PGP message sent to a ProtonMail account from any sender (so not just messages sent via Facebook) — emphasizing that this is one of the benefits of following the OpenPGP standard.
“If we truly want to have a more private and secure internet, working together will be crucial and we applaud Facebook for sticking with open standards,” the startup writes in a blog post announcing the support.
“As OpenPGP is universal, in the future, we will also be able to integrate with countless other services. We are glad that giants like Facebook are supporting these efforts and if more companies join in, the movement to improve privacy online will be unstoppable,” it adds.
ProtonMail says support for OpenPGP has been one of the most highly requested features since it launched. “In the coming months, we will be extending this feature to also allow automatically sending PGP messages outside of ProtonMail,” it adds.
Today Facebook has also extended its OpenPGP support to include OpenPGP’s standard elliptic curve cryptography (ECC) public keys. In a blog about this, the social network also makes a point of noting how users are requesting PGP support. “We’ve also heard from several organizations that support for Facebook PGP is a popular request from their customers,” it writes.
Moves to strengthen encryption by tech players large and small aren’t going to put any smiles on the faces of government intelligence agencies. Only last week Andrew Parker, the head of the U.K.’s domestic intelligence agency MI5, went on BBC radio calling for “wider co-operation” from Internet companies to pass user information to security agencies.
Parker specifically referenced the spread of encryption across the consumer Internet as a problem for intelligence gathering. Yet there’s no doubt the global nature of the Internet makes it all but impossible for any one government to push a minority view.
The MI5 chief conceded “international agreement and arrangements” would be needed to obtain the kind of ‘co-operation’ they are seeking. So moves by more companies to adopt strong encryption — and to make using it easier for average consumers — are an important provision in the fight for online privacy. Although political pressure on encryption, and on the technology services that are enabling more consumers to adopt encryption, is unlikely to let up.
Only this week the founder of pro-privacy messaging app Telegram confirmed that ISIS extremists are using the app to communicate. Which flags up the kind of ethical conundrum Parker was suggesting Internet companies are facing. However Pavel Durov went on to argue that privacy — and therefore properly implemented encryption — is a matter of principle.
“I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism,” he said during an on stage interview at TechCrunch Disrupt SF. “Ultimately the ISIS will always find a way to communicate within themselves. And if any means of communication turns out to be not secure for them, then they switch to another one. So I… still think we’re doing the right thing — protecting our users privacy.”