PGP4civiCRM
Add email encryption to CRM
E-mail security and privacy is not just relevant inside organisations or between individuals. A lot of email traffic comes from the institutions we all have to deal with, including some of the most confidential emails we get. And yet there is no way for users to protect their privacy and confidentiality when sending and receiving messages from organisations using such systems. PGP4civiCRM enables automatic PGP encryption/decryption of e-mails on the server side. While the project will provide special integration for the Constituent Relation Management System CiviCRM, the basic functionality can be used also with regular mailservers like postfix. The PGP4civiCRM core will basically be a milter, that listens for input messages, then looks up PGP keys from configurable sources (local key rings, LDAP) and then, based on a local, configurable, policy, encrypts/decrypts messages (or leaves them untouched) before passing them on. This way system administrators can with tiny effort provide transparent encryption support for all their mail users. Especially for CiviCRM the project will create an extension that allows easy web-based configuration of the relevant pieces and displaying of encrypted, received e-mails using OpenPGP.js.
- The project's own website: https://civicrm.org/
Why does this actually matter to end users?
Email was designed without privacy or security in mind, which is amazing for such a popular service. When you send an email, anyone that can gain access to your mail server or the mail server of the recipient can read your mail, from top to bottom. And copy it, for later usage. Computer specialists have been protecting their email with encryption for decades. This is the equivalent of putting your message very carefully in the blender, pressing the button before anyone else has read your mesage, shredding it up and sending a packet of shreds over to the other end. The amazing thing about cryptography is that you can magically (or rather mathematically) make it possible for your secret love - and not anyone else - to recreate the message from the shreds, and know it was you - and not anyone else - that sent it. For the rest of the world, the message would be meaningless garble pretty much forever. However, the solution they came up with is not easy for normal people to work with. This means that most people are probably not even aware that it is possible to protect the contents of their email with cryptography.
The encryption issue is especially important for sensitive emails, like the messages and documents we get from all sorts of institutions and civic services. Whether you apply for a new drivers license, buy a house, or need healthcare services, a lot of personal and sensitive information needs to be sent back and forth. That communication should be well-protected, which encryption can do. This project adds plug & play email encryption to an open-source customer relationship management (CRM) system. Civic sector organizations that use this CRM system to keep in touch with their clients can then easily encrypt every email they send their clients. This way we can be sure that the sensitive information we share with public institutions is private and secure.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.