Oh Squidgy. Kiss me, please. [Sound of kissing.] Do you know what I'm going to be
imagining I'm doing tonight, at about 12 o'clock? Just holding you so close to me.
It'll have to be delayed action for 48 hours.
--Man talking to Princess Diana over an unencrypted cellular phone, 1992
Privacy was one of the big concerns on the Net even before junk email and spam.
Because the Internet was designed to enable the free flow of data, it's not
particularly good at protecting anyone's secrets, as several well-publicized
computer hacking (read: breaking and entering with a modem) cases have showed.
When, for example, the world's most demonized hacker, Kevin Mitnick, was
arrested in early 1995, he was accused of having stolen a copy of a list of leading
domestic Internet service provider Netcom's customer credit card numbers, 20,000
of them in all, and posted it on the WELL in a file directory from where anyone
could retrieve a copy. As far as anyone knows, none of those numbers were ever
used fraudulently, but that's not the point: the point is that the data needed to be
protected properly and wasn't.
San Francisco software developer Bruce Koball, a key organizer of the annual
Computers, Freedom, and Privacy Conference, took advantage of his brief moment
in the arc lights as the discoverer of the copied files to point out that there was and
is a simple solution to such theft: encrypt the files, garbling them so they can only
be read by the authorized owner. The one problem: the lack of well-designed, easy-
to-use cryptography products. The reason: governmental distrust of what citizens
can hide by such means.
Cryptography is not the only possibility; a second school of thought holds that
legislation is needed to control what information may be collected and how it may
be used. In most European countries, for example, privacy laws enjoin corporations
from collecting user data for one purpose (say, building a customer database for
internal marketing purposes) and using it for another (say, selling it to another
company as a bulk mailing list) or exporting it to another country without such
protections. There are arguments that such laws primarily protect the rich and
powerful; however, one problem as Europe unifies is that the United States's lack of
privacy legislation may make it illegal for subsidiary companies abroad to send
certain types of data to their U.S. headquarters.
The problem is that laws move slowly and data moves quickly. Cypherpunks, as the
heavy-metal fans of cryptography are known, tend to believe it's better to protect
the data directly. Unlike privacy advocates who favor legislative solutions,
cypherpunks can vote with their computers to write, use, and deploy their own
Or at least, they can now.
Although codes and ciphers are thought to go back to
1900 B.C., if you want something uncrackable these days you need a
computer. For that reason, for the last few decades strong cryptography was largely
the province of governments. Amateurs simply didn't have access to the necessary
hardware. That was why the dream that gripped Phil Zimmermann in the 1970s of
writing a microcomputer implementation of a new kind of cryptographic system was
so unattainable at the time.
Like a lot of kids, Zimmermann was fascinated with codes and ciphers. He says he
was only in about fourth grade when he read Herbert Zim's Codes and Secret
Writing and thought it was "so cool." In seventh grade,
a schoolmate challenged Zimmerman to crack a message written in a code of the
schoolmate's own devising, an alphabet that looked something like the runes in
Lord of the Rings. Zimmermann took it home and attacked it by comparing the
frequencies with which individual symbols recurred with the frequencies with which
the letters in the English language are known to be used. Shades of Sherlock