Monday, 26 September 2011

PGP and bankers

Does anyone know any bank that understands or properly uses PGP or similar digital signing or encryption on communications to/from the bank?

It is probably not something too relevant to most people simply because emailing your bank, or them emailing you, pretty much does not happen. On-line banking is fine for most things and that has a lot of security.

But where you do have a proper bank manager, or a "private banking team" or some such, and you may well want to just email them and get them to just sort something, I would think this would be ideal.

It would allow the convenience of email with the proper security a bank needs. The simplicity of just saying "lost my debit card, can you get me a new one sorted" with the security of the bank knowing it is definitely you asking, and even who you are without you saying.

It would also allow banks to email statements or information as needed in a secure way. They could lose the cost of posting lots of the usual crap and send it by encrypted email.

Basically, I am trying to pitch the idea to Lloyds as they seem quite keen to get us on their private banking package.

The idea is that for a small group dealing with select customers, this sort of extra benefit would be really useful. And if they get their act together - which probably means some central key management - then this could easily extend to more general banking customers.

So, comments please - I'll pass them on to the bank!


  1. This would be a very good step forwards, although I have a lot of doubt that any bank would do it any time soon.

    The best I get from Smile at the moment is an e-mail to tell me that I've been sent a 'secure e-mail' and that I have to log in to the on-line banking web site to read it. Needless to say, I never read them. If it doesn't appear in my inbox, it's too much hassle to read (and that applies for plenty of e-mails in my inbox, too ;-) ).

    I have accounts at Lloyds, though, so if you can persuade them that PGP is the way forward, then I'd be happy to start receiving encrypted e-mails from them. I'd probably still want paper statements, although an encrypted PDF that prints well (like the A&A invoices) would definitely make me reconsider.

  2. +100 from me too - still amazes me in this day and age that PGP isn't commonly used by, well, everyone. I'm also a Lloyds customer.

  3. This isn't PGP related but something that would be very useful is if banks offered a read-only API (perhaps requiring a client certificate for authentication or similar), that customers could then easily integrate in to a billing system to retrieve the payments received to automatically check if invoices have been paid...

    I know there have been various solutions that involve automating the pin pad things and screen scraping, but a nice API and format (in a dream world one that is standard across banks) would make things much easier.

  4. PGP is only as secure as the key used to sign the message though, so would you be willing to accept a switch in liability for anything that were to happen if your key was compromised? If not, then the banks would have to just trust that you'll stick to key management principles and don't allow your private key to become compromised.

  5. I've often moaned about how secure email never happened, and I fear that nowadays it never will in any general sense. The opportunity was there, and the technology was there, in the 90s, but nobody ever managed to make the user experience tolerable (or comprehensible) to non-geeks. This meant that when on-line banking took off, each bank set up its own web-based messaging system instead, and I think at that point the opportunity to make secure email ubiquitous was lost.

    Now the world is divided into those who don't use email for anything sensitive and those who don't realise that they shouldn't. Mostly the latter. Oh, and a very few folk whose circles of contacts are set up for either PGP or S/MIME.

    No, that's not really relevant. Just a pet whinge.

  6. I think it's a shame that everyone thinks in terms of PGP. IMO, S/MIME is better, for various reasons:

    - The PGP web of trust doesn't really work in practice. You can do it with small groups of friends, if you're willing to take the trouble, but it doesn't scale beyond that. I might want to send you a PGP message, even though we've never met. I can do that, but it's very unlikely I would be able to find a trust path, so I would have to use an untrusted key.

    CAs are a long way from being perfect, but at least that model works. I can get your key and—without unreasonable fuss—I can see that someone has verified it. If you pay money, your identity will be verified more stringently, and I can see that too.

    - There is one S/MIME standard but there are lots of PGP ones. Do you do inline PGP or PGP/MIME? If you do PGP/MIME, which version? Which symmetric ciphers are you going to use, given that different versions of PGP and gnupg support different ones?

    - Although encrypted email is not widely used, S/MIME is at least used internally by some companies. This means that it is supported natively by common email clients.

    If the bank tries to do PGP, they will fall on their face. People won't be able to read their emails because of compatibility problems. They'll end up getting the bank's PGP key from their SSL website, so using the CA security model, but in a way that causes needless fuss. If they do S/MIME, it will just work, with quite a lot of common email clients.

  7. The banks paperwork can simply have the PGP fingerprint on it, and in the branch, and the leaflet from the branch on "secure emails" can have it. That will make it easy to ensure the key from the ssl web site or a key server is the right one though.

    As for trust for the end users PGP keys, the bank simply need a signing system - even if that is based on their secure web site. I.e. you log in, and answer even more security, post your public key and get back a signed key.

    Then, the bank manager can trust the key. The signing can contain account number even. Make the bank email systems check signatures on the way in - the bank staff don't even need PGP themselves if the bank trust their internal network. Similarly outgoing emails can be signed by the bank generically, and encrypted for recipient.

    I am thinking for a start that all they need is my bank manager to be aware of how to use, and allowed to use, something like PGP to communicate, but larger scale it can be done relatively easily.

  8. Problem is that the Bank has no control. While they could sign your key and verify it is your key they can do nothing to control how you use or misuse your key. You might give the secret key a weak passphrase because you are to lazy to remember or type a secure one. You might write your passphrase down or give it to someone else. While a corporation might be able to put some policies around key management a home user is a massive risk. With a web of trust liability is difficult to assign and the banks won't like that.

  9. I suppose they could issue keys in smart card - not used myself, but that would be a way to provide a better level of control.

  10. 'The banks paperwork can simply have the PGP fingerprint on it, and in the branch, and the leaflet from the branch on "secure emails" can have it.'

    Hmm... Think about it from the point of view of someone who isn't a cipherpunk. He gets a leaflet that says he can now use email for talking to the bank about his account. There is something he doesn't understand, about 'verifying' the bank's 'key' so he doesn't bother with that. As a result, he ends up in the usual situation, where PGP's broken security model leads to him using an untrusted key.

    '... You log in, and answer even more security, post your public key and get back a signed key.'

    I think this is close but it doesn't quite work the way you've expressed it. The bank won't want to turn itself into a CA by providing key signatures which can be relied on by third parties. What needs to happen instead is that you register your key, and the bank then marks that key as trusted internally.

    This system only works, of course, because a CA has vouched for the authenticity of the bank's website. The working CA security model allows you to work around the broken web of trust security model.

    (I should add that I don't think the WoT is broken for all use cases. It could work well for a closed group of people who need a higher level of assurance than you would get from public CAs. Unfortunately it doesn't work well in the case of general Internet email. We ended up with the situation where the perfect was the enemy of the good, and the huge bulk of email still gets sent in the clear.)

  11. Part of the problem with S/MIME was (and maybe still is) outlook express - which presented the user with a blank window if you sent a message signed with it... there was an icon you could click on, but it wasn't obvious at all and I just got loads of "that last message you sent was blank.. can you resend it?" messages back during the couple of weeks I tried that particular experiment..

    If OE and Outlook had good user experiences for signed email, it'd probably be used today (and, coupled with exchange, would have probably become common in business).

    PGP suffers from not being built into any clients, so nobody has it unless they already know what PGP is.. which is a vanishingly small number of users.

  12. Slightly unrelated but possibly interesting for you RevK... I just had Sky call me and ask for my password. I told them they could be anyone, at which point she said "No problem sir, I can give you the last four digits of your viewing card to verify that we're really Sky."

    Not perfect, but a step in the right direction it seems. At least she was trained to deal with the situation and there was a policy in place.

  13. If only they did that last time they junk called me!

  14. Hang on - that is the default PIN. So you just gave someone in the house (teenage son maybe) the PIN to charge crap on the sky box - cool idea.

  15. Almost all mail I send now is S/MIME signed. If Outlook or OE had problems with it in the past, I don't think they do now.

    I agree that S/MIME is a better choice than PGP. You'd need to give the bank *your* key anyway, so it doesn't make much difference there. But banks should be S/MIME-signing *all* outbound email.

    S/MIME uses the *same* system they are already using for security on their web site. It's much less of a step to use it for email too.

    In fact, I think it's quite clear that any bank which doesn't S/MIME-sign all outbound mail is actively *training* its customers to succumb to phishing fraud.

    As such, they are directly contributing to fraud. They are aiding and abetting the fraudsters and. under the terms of the Accessories and Abettors Act 1861, can be tried, indicted and punished as a principal offender.

  16. I received PGP encrypted e-mail from a person at Nationwide Building Society after registering my e-mail address and PGP key with their PGP management system.

    I thought at first that this person must be astonishingly clued-up.

    But when I spoke with them, it turned out they weren't aware that this would happen.

    It seems their automated PGP management system worked out from the recipient e-mail address that I had registered with them and decided to encrypt any outgoing e-mail to me.

    I don't recall whether I was able to successfully sent PGP encrypted e-mail IN to Nationwide or not.