IBM - Click here to find out more
Connected Magazine Tuesday 16 December 1997
Issue 936

Menu bar - see text links at bottom of page
Analysis: Pretty good Phil bounces back


Pretty Good Privacy, Inc

The International PGP home page

US Encryprion Export Policy - White House press release, 15 Nov '96

UK Encryption Export Policy

Cryptography Research home page

The Data Protection Registrar

The Electronic Frontier Foundation

Internet Privacy Coalition

The Anonymiser

Electronic Privacy Information Centre

Privacy: A Call to Action - WIRED Online Information Services

Rolf's page on Electronic Privacy

Wendy M. Grossman home page, the HTML Edition

The creator of PGP encryption survived a wobble in his reputation. Which is just as well, says Wendy Grossman, because we need Phil Zimmermann

IN one short week the most trusted man on the Net fell from grace, and was reinstated. The man in question is Phil Zimmermann, whose program PGP (Pretty Good Privacy) gave strong encryption to the masses on its release in 1991 and who ever since has persistently argued that the right to use strong, uncrackable encryption is a logical extension of the right to privacy and vital in safeguarding democracy for the electronic era.

Encryption is considered a key technology in building public data networks because, by garbling the contents of messages, files, and voice streams so that they can be unlocked only by someone who has the right key, encryption both guards the privacy of confidential communications and guarantees that they have not been forged or tampered with.

The story goes like this. In 1991, Zimmermann was impelled to finish and release PGP by the introduction into the Senate of an anti-terrorist Bill that contained a provision to require all communications systems to include a backdoor by which government agencies could access a plain text version of the communications (files, voice, or data).

Uploaded on to a number of American electronic bulletin boards by a friend of Zimmermann's, the program quickly escaped on to the Internet and out of US borders, thereby contravening the International Traffic in Arms Regulations (ITAR), which classify strong encryption as a munition and strictly control its export.

In 1993, the American Department of Justice accordingly announced it was investigating the question of whether Zimmermann had violated the ITAR by exporting PGP. It took the DoJ three years to announce it was dropping the investigation. In the meantime, PGP became the de facto standard for encryption on the Net because of its price (free), its ready availability, and its made-for-the-Net design.

The fact that the DoJ was investigating the program's author didn't hurt, either. As Zimmermann said, had the government wanted to cast doubt on the program's worth its best shot would have been to hang a medal round his neck. Instead, the investigation made him a folk hero.

Once the investigation was concluded Zimmermann attracted the financial backing to set up PGP Inc to develop PGP as a commercial product. There were some small waves of dissatisfaction when the most recent corporate version of the program included a function companies could turn on to enable key recovery - the ability to retain a copy of a private key so the plain text version of a communication can be retrieved by a third party.

The really big wave came, however, when PGP Inc announced its sale to Network Associates and Wired News broke the story that PGP's purchaser was a member of the Key Recovery Alliance, a group founded in October 1996 to develop an exportable, worldwide approach to strong encryption which would include the same backdoor functions the Net had dreaded all along and that PGP was originally released to defeat. Was Zimmermann selling out his principles?

The answer turned out to be no: Network Associates promptly announced its withdrawal from the alliance, now boasting 70 members including PGP's most important competitor, RSA. "I didn't know that Network Associates was a member of the Key Recovery Alliance until after the acquisition," Zimmermann said last week by email, "but as soon as I heard I moved to remedy the situation. Their positive response is a good indication of how our future relationship will go."

Sighs of relief all round, and reasonably so: the Net needs Zimmermann to take a strong stand in favour of privacy because he is one of the few people who has proved capable of building the technology to support that stand. Six years of widespread deployment of PGP has failed to unearth flaws in the design.

Zimmermann's stand is especially important because governments have not given up the desire to be able to gain access to the plain text version of all communications, and it's become increasingly clear that the Net's paranoia about government intentions is in fact justified.

Zimmermann won't have an easy time ahead of him: he faces constant suspicion both from governments and from the Net as Network Associates uses its bigger size and popularity to promote PGP. But for this week his reputation is safe.

  • See also in this week's issue: Spies like US (a report on the US base in Britain which intercepts and monitors European non-military communications).

    15 July 1997: Fine talk, Mr Clinton. Now let's get real . . .
    9 June 1997: E-mail open to police scrutiny
    27 May 1997: What's the key to electronic commerce?
    20 May 1997: Ups and downs of new data rules
    29 April 1997: Connected Electronic Privacy Issue
    1 April 1997: DTI threatens privacy
    1 May 1996: Secret service

    Search Connected for:

  • Next report: Nasa looks into the future - but it doesn't work

    email: Connected
    Search | Connected | Electronic Telegraph | etcetera | Netlife | Wired World | Reviews | Opinion | Hard Drive

    © Copyright Telegraph Group Limited 1997. Terms & Conditions of reading.

    Information about Telegraph Group Limited and Electronic Telegraph.

    "Electronic Telegraph" and "The Daily Telegraph" are trademarks of Telegraph Group Limited. These marks may not be copied or used without permission. Information for webmasters linking to Electronic Telegraph.

    Email Electronic Telegraph.