2018-02-23 18:58:03 +00:00
|
|
|
|
---
|
|
|
|
|
created_at: '2015-11-17T16:11:01.000Z'
|
|
|
|
|
title: Why I Wrote PGP (1999)
|
|
|
|
|
url: https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html
|
|
|
|
|
author: pdkl95
|
|
|
|
|
points: 149
|
|
|
|
|
story_text:
|
|
|
|
|
comment_text:
|
|
|
|
|
num_comments: 47
|
|
|
|
|
story_id:
|
|
|
|
|
story_title:
|
|
|
|
|
story_url:
|
|
|
|
|
parent_id:
|
|
|
|
|
created_at_i: 1447776661
|
|
|
|
|
_tags:
|
|
|
|
|
- story
|
|
|
|
|
- author_pdkl95
|
|
|
|
|
- story_10581971
|
|
|
|
|
objectID: '10581971'
|
|
|
|
|
|
|
|
|
|
---
|
2018-03-03 09:35:28 +00:00
|
|
|
|
![](../../images/pixel.gif) ![Picture of
|
|
|
|
|
Phil](../../images/photos/prz.jpg)
|
2018-02-23 18:19:40 +00:00
|
|
|
|
|
2018-03-03 09:35:28 +00:00
|
|
|
|
## Why I Wrote PGP
|
2018-02-23 18:19:40 +00:00
|
|
|
|
|
2018-03-03 09:35:28 +00:00
|
|
|
|
*Part of the Original 1991 PGP User's Guide (updated in 1999)
|
|
|
|
|
*
|
2018-02-23 18:19:40 +00:00
|
|
|
|
|
2018-03-03 09:35:28 +00:00
|
|
|
|
*"Whatever you do will be insignificant, but it is very important that
|
|
|
|
|
you do it." -Mahatma Gandhi*
|
|
|
|
|
|
|
|
|
|
It's personal. It's private. And it's no one's business but yours. You
|
|
|
|
|
may be planning a political campaign, discussing your taxes, or having a
|
|
|
|
|
secret romance. Or you may be communicating with a political dissident
|
|
|
|
|
in a repressive country. Whatever it is, you don't want your private
|
|
|
|
|
electronic mail (email) or confidential documents read by anyone else.
|
|
|
|
|
There's nothing wrong with asserting your privacy. Privacy is as
|
|
|
|
|
apple-pie as the Constitution.
|
|
|
|
|
|
|
|
|
|
The right to privacy is spread implicitly throughout the Bill of Rights.
|
|
|
|
|
But when the United States Constitution was framed, the Founding Fathers
|
|
|
|
|
saw no need to explicitly spell out the right to a private conversation.
|
|
|
|
|
That would have been silly. Two hundred years ago, all conversations
|
|
|
|
|
were private. If someone else was within earshot, you could just go out
|
|
|
|
|
behind the barn and have your conversation there. No one could listen in
|
|
|
|
|
without your knowledge. The right to a private conversation was a
|
|
|
|
|
natural right, not just in a philosophical sense, but in a
|
|
|
|
|
law-of-physics sense, given the technology of the time.
|
|
|
|
|
|
|
|
|
|
But with the coming of the information age, starting with the invention
|
|
|
|
|
of the telephone, all that has changed. Now most of our conversations
|
|
|
|
|
are conducted electronically. This allows our most intimate
|
|
|
|
|
conversations to be exposed without our knowledge. Cellular phone calls
|
|
|
|
|
may be monitored by anyone with a radio. Electronic mail, sent across
|
|
|
|
|
the Internet, is no more secure than cellular phone calls. Email is
|
|
|
|
|
rapidly replacing postal mail, becoming the norm for everyone, not the
|
|
|
|
|
novelty it was in the past.
|
|
|
|
|
|
|
|
|
|
Until recently, if the government wanted to violate the privacy of
|
|
|
|
|
ordinary citizens, they had to expend a certain amount of expense and
|
|
|
|
|
labor to intercept and steam open and read paper mail. Or they had to
|
|
|
|
|
listen to and possibly transcribe spoken telephone conversation, at
|
|
|
|
|
least before automatic voice recognition technology became available.
|
|
|
|
|
This kind of labor-intensive monitoring was not practical on a large
|
|
|
|
|
scale. It was only done in important cases when it seemed worthwhile.
|
|
|
|
|
This is like catching one fish at a time, with a hook and line. Today,
|
|
|
|
|
email can be routinely and automatically scanned for interesting
|
|
|
|
|
keywords, on a vast scale, without detection. This is like driftnet
|
|
|
|
|
fishing. And exponential growth in computer power is making the same
|
|
|
|
|
thing possible with voice traffic.
|
|
|
|
|
|
|
|
|
|
Perhaps you think your email is legitimate enough that encryption is
|
|
|
|
|
unwarranted. If you really are a law-abiding citizen with nothing to
|
|
|
|
|
hide, then why don't you always send your paper mail on postcards? Why
|
|
|
|
|
not submit to drug testing on demand? Why require a warrant for police
|
|
|
|
|
searches of your house? Are you trying to hide something? If you hide
|
|
|
|
|
your mail inside envelopes, does that mean you must be a subversive or a
|
|
|
|
|
drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any
|
|
|
|
|
need to encrypt their email?
|
|
|
|
|
|
|
|
|
|
What if everyone believed that law-abiding citizens should use postcards
|
|
|
|
|
for their mail? If a nonconformist tried to assert his privacy by using
|
|
|
|
|
an envelope for his mail, it would draw suspicion. Perhaps the
|
|
|
|
|
authorities would open his mail to see what he's hiding. Fortunately, we
|
|
|
|
|
don't live in that kind of world, because everyone protects most of
|
|
|
|
|
their mail with envelopes. So no one draws suspicion by asserting their
|
|
|
|
|
privacy with an envelope. There's safety in numbers. Analogously, it
|
|
|
|
|
would be nice if everyone routinely used encryption for all their email,
|
|
|
|
|
innocent or not, so that no one drew suspicion by asserting their email
|
|
|
|
|
privacy with encryption. Think of it as a form of solidarity.
|
|
|
|
|
|
|
|
|
|
Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling
|
|
|
|
|
measure buried in it. If this non-binding resolution had become real
|
|
|
|
|
law, it would have forced manufacturers of secure communications
|
|
|
|
|
equipment to insert special "trap doors" in their products, so that the
|
|
|
|
|
government could read anyone's encrypted messages. It reads, "It is the
|
|
|
|
|
sense of Congress that providers of electronic communications services
|
|
|
|
|
and manufacturers of electronic communications service equipment shall
|
|
|
|
|
ensure that communications systems permit the government to obtain the
|
|
|
|
|
plain text contents of voice, data, and other communications when
|
|
|
|
|
appropriately authorized by law." It was this bill that led me to
|
|
|
|
|
publish PGP electronically for free that year, shortly before the
|
|
|
|
|
measure was defeated after vigorous protest by civil libertarians and
|
|
|
|
|
industry groups.
|
|
|
|
|
|
|
|
|
|
The 1994 Communications Assistance for Law Enforcement Act (CALEA)
|
|
|
|
|
mandated that phone companies install remote wiretapping ports into
|
|
|
|
|
their central office digital switches, creating a new technology
|
|
|
|
|
infrastructure for "point-and-click" wiretapping, so that federal agents
|
|
|
|
|
no longer have to go out and attach alligator clips to phone lines. Now
|
|
|
|
|
they will be able to sit in their headquarters in Washington and listen
|
|
|
|
|
in on your phone calls. Of course, the law still requires a court order
|
|
|
|
|
for a wiretap. But while technology infrastructures can persist for
|
|
|
|
|
generations, laws and policies can change overnight. Once a
|
|
|
|
|
communications infrastructure optimized for surveillance becomes
|
|
|
|
|
entrenched, a shift in political conditions may lead to abuse of this
|
|
|
|
|
new-found power. Political conditions may shift with the election of a
|
|
|
|
|
new government, or perhaps more abruptly from the bombing of a federal
|
|
|
|
|
building.
|
|
|
|
|
|
|
|
|
|
A year after the CALEA passed, the FBI disclosed plans to require the
|
|
|
|
|
phone companies to build into their infrastructure the capacity to
|
|
|
|
|
simultaneously wiretap 1 percent of all phone calls in all major U.S.
|
|
|
|
|
cities. This would represent more than a thousandfold increase over
|
|
|
|
|
previous levels in the number of phones that could be wiretapped. In
|
|
|
|
|
previous years, there were only about a thousand court-ordered wiretaps
|
|
|
|
|
in the United States per year, at the federal, state, and local levels
|
|
|
|
|
combined. It's hard to see how the government could even employ enough
|
|
|
|
|
judges to sign enough wiretap orders to wiretap 1 percent of all our
|
|
|
|
|
phone calls, much less hire enough federal agents to sit and listen to
|
|
|
|
|
all that traffic in real time. The only plausible way of processing that
|
|
|
|
|
amount of traffic is a massive Orwellian application of automated voice
|
|
|
|
|
recognition technology to sift through it all, searching for interesting
|
|
|
|
|
keywords or searching for a particular speaker's voice. If the
|
|
|
|
|
government doesn't find the target in the first 1 percent sample, the
|
|
|
|
|
wiretaps can be shifted over to a different 1 percent until the target
|
|
|
|
|
is found, or until everyone's phone line has been checked for subversive
|
|
|
|
|
traffic. The FBI said they need this capacity to plan for the future.
|
|
|
|
|
This plan sparked such outrage that it was defeated in Congress. But the
|
|
|
|
|
mere fact that the FBI even asked for these broad powers is revealing of
|
|
|
|
|
their agenda.
|
|
|
|
|
|
|
|
|
|
Advances in technology will not permit the maintenance of the status
|
|
|
|
|
quo, as far as privacy is concerned. The status quo is unstable. If we
|
|
|
|
|
do nothing, new technologies will give the government new automatic
|
|
|
|
|
surveillance capabilities that Stalin could never have dreamed of. The
|
|
|
|
|
only way to hold the line on privacy in the information age is strong
|
|
|
|
|
cryptography.
|
|
|
|
|
|
|
|
|
|
You don't have to distrust the government to want to use cryptography.
|
|
|
|
|
Your business can be wiretapped by business rivals, organized crime, or
|
|
|
|
|
foreign governments. Several foreign governments, for example, admit to
|
|
|
|
|
using their signals intelligence against companies from other countries
|
|
|
|
|
to give their own corporations a competitive edge. Ironically, the
|
|
|
|
|
United States government's restrictions on cryptography in the 1990's
|
|
|
|
|
have weakened U.S. corporate defenses against foreign intelligence and
|
|
|
|
|
organized crime.
|
|
|
|
|
|
|
|
|
|
The government knows what a pivotal role cryptography is destined to
|
|
|
|
|
play in the power relationship with its people. In April 1993, the
|
|
|
|
|
Clinton administration unveiled a bold new encryption policy initiative,
|
|
|
|
|
which had been under development at the National Security Agency (NSA)
|
|
|
|
|
since the start of the Bush administration. The centerpiece of this
|
|
|
|
|
initiative was a government-built encryption device, called the Clipper
|
|
|
|
|
chip, containing a new classified NSA encryption algorithm. The
|
|
|
|
|
government tried to encourage private industry to design it into all
|
|
|
|
|
their secure communication products, such as secure phones, secure
|
|
|
|
|
faxes, and so on. AT\&T put Clipper into its secure voice products. The
|
|
|
|
|
catch: At the time of manufacture, each Clipper chip is loaded with its
|
|
|
|
|
own unique key, and the government gets to keep a copy, placed in
|
|
|
|
|
escrow. Not to worry, though–the government promises that they will use
|
|
|
|
|
these keys to read your traffic only "when duly authorized by law." Of
|
|
|
|
|
course, to make Clipper completely effective, the next logical step
|
|
|
|
|
would be to outlaw other forms of cryptography.
|
|
|
|
|
|
|
|
|
|
The government initially claimed that using Clipper would be voluntary,
|
|
|
|
|
that no one would be forced to use it instead of other types of
|
|
|
|
|
cryptography. But the public reaction against the Clipper chip was
|
|
|
|
|
strong, stronger than the government anticipated. The computer industry
|
|
|
|
|
monolithically proclaimed its opposition to using Clipper. FBI director
|
|
|
|
|
Louis Freeh responded to a question in a press conference in 1994 by
|
|
|
|
|
saying that if Clipper failed to gain public support, and FBI wiretaps
|
|
|
|
|
were shut out by non-government-controlled cryptography, his office
|
|
|
|
|
would have no choice but to seek legislative relief. Later, in the
|
|
|
|
|
aftermath of the Oklahoma City tragedy, Mr. Freeh testified before the
|
|
|
|
|
Senate Judiciary Committee that public availability of strong
|
|
|
|
|
cryptography must be curtailed by the government (although no one had
|
|
|
|
|
suggested that cryptography was used by the bombers).
|
|
|
|
|
|
|
|
|
|
The government has a track record that does not inspire confidence that
|
|
|
|
|
they will never abuse our civil liberties. The FBI's COINTELPRO program
|
|
|
|
|
targeted groups that opposed government policies. They spied on the
|
|
|
|
|
antiwar movement and the civil rights movement. They wiretapped the
|
|
|
|
|
phone of Martin Luther King. Nixon had his enemies list. Then there was
|
|
|
|
|
the Watergate mess. More recently, Congress has either attempted to or
|
|
|
|
|
succeeded in passing laws curtailing our civil liberties on the
|
|
|
|
|
Internet. Some elements of the Clinton White House collected
|
|
|
|
|
confidential FBI files on Republican civil servants, conceivably for
|
|
|
|
|
political exploitation. And some overzealous prosecutors have shown a
|
|
|
|
|
willingness to go to the ends of the Earth in pursuit of exposing sexual
|
|
|
|
|
indiscretions of political enemies. At no time in the past century has
|
|
|
|
|
public distrust of the government been so broadly distributed across the
|
|
|
|
|
political spectrum, as it is today.
|
|
|
|
|
|
|
|
|
|
Throughout the 1990s, I figured that if we want to resist this
|
|
|
|
|
unsettling trend in the government to outlaw cryptography, one measure
|
|
|
|
|
we can apply is to use cryptography as much as we can now while it's
|
|
|
|
|
still legal. When use of strong cryptography becomes popular, it's
|
|
|
|
|
harder for the government to criminalize it. Therefore, using PGP is
|
|
|
|
|
good for preserving democracy. If privacy is outlawed, only outlaws will
|
|
|
|
|
have privacy.
|
|
|
|
|
|
|
|
|
|
It appears that the deployment of PGP must have worked, along with years
|
|
|
|
|
of steady public outcry and industry pressure to relax the export
|
|
|
|
|
controls. In the closing months of 1999, the Clinton administration
|
|
|
|
|
announced a radical shift in export policy for crypto technology. They
|
|
|
|
|
essentially threw out the whole export control regime. Now, we are
|
|
|
|
|
finally able to export strong cryptography, with no upper limits on
|
|
|
|
|
strength. It has been a long struggle, but we have finally won, at least
|
|
|
|
|
on the export control front in the US. Now we must continue our efforts
|
|
|
|
|
to deploy strong crypto, to blunt the effects increasing surveillance
|
|
|
|
|
efforts on the Internet by various governments. And we still need to
|
|
|
|
|
entrench our right to use it domestically over the objections of the
|
|
|
|
|
FBI.
|
|
|
|
|
|
|
|
|
|
PGP empowers people to take their privacy into their own hands. There
|
|
|
|
|
has been a growing social need for it. That's why I wrote it.
|
|
|
|
|
|
|
|
|
|
**Philip R. Zimmermann**
|
|
|
|
|
Boulder, Colorado
|
|
|
|
|
June 1991 (updated 1999)
|