reappearance that summer in an omnibus anti-crime bill, from which it was also
removed) after lobbying by the Electronic Frontier Foundation and other
organizations, but in the meantime the threat that strong encryption would be
outlawed seemed very real.
To many early Net users it seemed plain that this was a crisis: because of the way
the Internet is constructed it is not possible to guarantee that communications can't
or won't be read as they flow from one place to another. Even within a single
system, email and other stored files are accessible by the system's administrators,
if no one else. In general, system administrators have better things to do than read
those files. But the fact remains that on most systems they can, and if policemen
were to show up with a court order, they probably would turn over copies.
Facing the possibility that legal access to encryption might soon be lost,
Zimmermann put together the first version of his encryption program, PGP (for
Pretty Good Privacy), and gave it to a friend, who proceeded to upload it to as
many bulletin board systems as he could find. Zimmermann, who speaks
passionately on the right of ordinary citizens to protect their privacy, said for a long
time that his whole concern was domestic: he wanted to secure access to strong
cryptography for American citizens. "I figured other countries could solve their own
problems." However, Zimmerman has since modified this, telling a London
conference in 1997, "I did it for human rights."
Unfortunately for Zimmermann's immediate future, the program very quickly headed
out into cyberspace at large, and it didn't take long before copies were available all
over the world--even at a time when relatively few individuals outside of the
academic and government community had access to the Internet. For example,
PGP's availability on the WELL was announced to the eff conference there on June
It may well have made its way out of the United States much sooner, but it was
definitely posted to the crypto conference on CIX, in London, on June 29, 1991. Today it all happens even faster: by the time Zimmermann
demonstrated a new version of PGP that offered military-grade security for phone
connections made across the Internet, PGPfone, at the 1996 Computers, Freedom,
and Privacy Conference, rumors were that it was already available on an Italian site
on the Net, from where it could be readily downloaded by non-U.S. citizens.
In February 1993, Zimmermann was informed by the U.S. Department of Justice
that he was being investigated to determine whether he had illegally exported
strong cryptography, which is actually classed as a munition under the International
Traffic in Arms Regulations (ITAR). It was three years before the investigation was
dropped without charge. It was a very shaky time for Zimmermann, who seriously
believed he might wind up bankrupt and on the receiving end of a trial and possibly
a jail sentence.
During that time, however, PGP became solidly established on the Net as a
standard; at the same time, as cryptanalysts examined it and failed to crack it, its
reputation grew. It also went truly international, with teams outside the United
States working to develop the program further. Even if Zimmermann had been
arrested, charged, and jailed, the program would have gone on being developed,
distributed, and used. With development teams working in countries such as
England and Australia, the export question was somewhat moot: if a British citizen
picked up a copy of the British version of the program from an FTP server at
Britain's Demon Internet, this was not a situation covered by ITAR.
PGP would have taken off even faster if it hadn't had a second legal problem: it used technology that was patented, and Zimmermann and his company, Phil's Pretty Good Software, did not have a license from the patent-holder.