Berners-Lee: We need PGP for the people

Sir Tim Berners-Lee has called on security professionals to come up with a form of public key cryptography for use by people in email exchanges, and to get involved in W3C standards development

World wide web inventor Sir Tim Berners-Lee has set security professionals the challenge of coming up with PGP-like encryption for use by the general population in emails.

Tim Berners-Lee

Sir Tim Berners-Lee has called on security experts to implement PGP-like encryption on people's emails.

Berners-Lee envisaged the use by limited groups of people of public key cryptography, in which data is encrypted using a widely distributed public key and can be decrypted using a private key.

"I'm amazed I still can't do public key-encrypted email with people in the local community," Berners-Lee said at an RSA Conference press event on Thursday. "The things that public key cryptography promised us are not actually there in practice."

This means that complex interactions between multiple stakeholders still do not have the necessary level of security and privacy, according to Berners-Lee. For example, buying a house involves multiple stakeholders, including banks, lawyers, accountants and estate agents, but these people cannot easily encrypt the email sent between them, he said in a speech at the conference.

Certain email services, such as Gmail, already allow users to send and receive encrypted email within the service. Berners-Lee envisages an overarching public key infrastructure system that would allow encrypted emails between different services and pieces of software.

"I'm engaged in these multi-party discussions, and you guys [security professionals] are not supporting me," he said. "I've got PGP on my machine, and I'd like to do key exchange... but we don't have key exchange."

'Dysfunctional' implementation

Security professionals must shoulder some of the responsibility for the "dysfunctional" implementation of encryption, according to Berners-Lee.

"I'd like my computer and the world to work in particular ways, and they don't always," he said. "The people who are responsible for security worldwide — to a certain extent, it's got to be your fault."

In addition, Berners-Lee invited security professionals to get involved in creating the web standards being developed by the World Wide Web Consortium (W3C), where he is the director.

"I'd like the security community to come to W3C and join in the working groups which are building that environment, help them make it a secure and powerful environment," he said.

People need to have more control of their data and which organisations access that data, he added, saying security professionals can help develop the standards to make this happen.

"I want anything — whether it comes from the web or not, or whether it comes from a desktop — I want to be able to control those resources again," said Berners-Lee. "I've got to be able to control the devices it accesses. I need more powerful tools for control."

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Show Comments