4 Guerilla Cryptographers

1 2 3 4 5 6 7 8

reappearance that summer in an omnibus anti-crime bill, from which it was also removed) after lobbying by the Electronic Frontier Foundation and other organizations, but in the meantime the threat that strong encryption would be outlawed seemed very real.


To many early Net users it seemed plain that this was a crisis: because of the way the Internet is constructed it is not possible to guarantee that communications can't or won't be read as they flow from one place to another. Even within a single system, email and other stored files are accessible by the system's administrators, if no one else. In general, system administrators have better things to do than read those files. But the fact remains that on most systems they can, and if policemen were to show up with a court order, they probably would turn over copies.[7]


Facing the possibility that legal access to encryption might soon be lost, Zimmermann put together the first version of his encryption program, PGP (for Pretty Good Privacy), and gave it to a friend, who proceeded to upload it to as many bulletin board systems as he could find. Zimmermann, who speaks passionately on the right of ordinary citizens to protect their privacy, said for a long time that his whole concern was domestic: he wanted to secure access to strong cryptography for American citizens. "I figured other countries could solve their own problems." However, Zimmerman has since modified this, telling a London conference in 1997, "I did it for human rights."


Unfortunately for Zimmermann's immediate future, the program very quickly headed out into cyberspace at large, and it didn't take long before copies were available all over the world--even at a time when relatively few individuals outside of the academic and government community had access to the Internet. For example, PGP's availability on the WELL was announced to the eff conference there on June 7, 1991.[8]


It may well have made its way out of the United States much sooner, but it was definitely posted to the crypto conference on CIX, in London, on June 29, 1991.[9] Today it all happens even faster: by the time Zimmermann demonstrated a new version of PGP that offered military-grade security for phone connections made across the Internet, PGPfone, at the 1996 Computers, Freedom, and Privacy Conference, rumors were that it was already available on an Italian site on the Net, from where it could be readily downloaded by non-U.S. citizens.


In February 1993, Zimmermann was informed by the U.S. Department of Justice that he was being investigated to determine whether he had illegally exported strong cryptography, which is actually classed as a munition under the International Traffic in Arms Regulations (ITAR). It was three years before the investigation was dropped without charge. It was a very shaky time for Zimmermann, who seriously believed he might wind up bankrupt and on the receiving end of a trial and possibly a jail sentence.


During that time, however, PGP became solidly established on the Net as a standard; at the same time, as cryptanalysts examined it and failed to crack it, its reputation grew. It also went truly international, with teams outside the United States working to develop the program further. Even if Zimmermann had been arrested, charged, and jailed, the program would have gone on being developed, distributed, and used. With development teams working in countries such as England and Australia, the export question was somewhat moot: if a British citizen picked up a copy of the British version of the program from an FTP server at Britain's Demon Internet, this was not a situation covered by ITAR.


PGP would have taken off even faster if it hadn't had a second legal problem: it used technology that was patented, and Zimmermann and his company, Phil's Pretty Good Software, did not have a license from the patent-holder.


    

Copyright © 1997-99 NYU Press. All rights reserved.
Reproduction in whole or in part in any form or medium without written permission of New York University Press is prohibited.


Be sure to visit the NYU Press Bookstore

[Design by NiceMedia]