freeware version. The Net got legal PGP: in 1994, the download rate of PGP from
just the single, export-controlled FTP site at MIT was 500 to 1,000 copies a day. This opened the way for use of the software by businesses, who were
never going to rely on a product whose legality was in doubt.
Zimmermann himself may be in the best position to exploit this new legality: three
years of government investigation probably have made him the most trusted
cryptographer on the Net. In March 1996, a month after the government
investigation was dropped, Zimmermann formed PGP Inc. to further develop
software and other privacy and networking products with Seybold Seminars founder
Jonathan Seybold and Dan Lynch, founder of Interop and chairman of CyberCash.
In July 1996, PGP Inc. bought Viacrypt and its parent company, and in November it
followed up by acquiring the leading company for privacy on the World-Wide Web,
North Carolina-based Privnet.
Once the patent issues were resolved, support for the idea that PGP should be
distributed as widely as possible among the Net community was phenomenal.
Spreading PGP, even in defiance of the government regulations, was seen as a
way of ensuring that encryption would have to remain legal. The more people have
and use PGP, the argument went, the more difficult it will be for the government to
outlaw it. This argument gained greater urgency after the 1994 passage of the
Digital Telephony Act, which requires telecommunications providers to design their
equipment to assure the government a backdoor for access. Besides, the pervasive
culture of the Net combines a kind of permanent rebelliousness with a slightly
malicious enjoyment of successfully defying authority. Making the government look
silly felt good to a lot of people, especially because those who came to adulthood in
the era of Viet Nam and Watergate felt they had right and prudence on their side.
Today's government may be friendly; tomorrow's may not be.
One enterprising British Net user encoded the entire RSA algorithm into four lines
of code in a programming language known as PERL, with a one-line "user manual"
listing in order all the software switches you could use to configure
the program when you ran it. This was small enough to fit into the generally
accepted size limits for .sigs, and the author encouraged others to
copy the lines and distribute them further. Since you can never tell exactly what
route a Usenet posting will take, at one point this algorithm was probably being
illegally exported from the United States tens of thousands of times a day.
That wasn't all. The short version got printed and bar-coded on a T-shirt, which a
few daring souls wore through customs on their way out of the country, and even
onto small labels you could stick to the side of your laptop (or anywhere else). One
of these was passed to me at the 1995 Computers, Freedom, and Privacy
Conference by a lawyer; on the top it read, "This label is a munition," with a
warning that handing the label to foreigners constituted export under the ITAR.
People who believed that the program's continued availability was a vital plank in
defending our traditional national freedoms handed out disks by the dozens at
conferences, parties, and other gatherings.
The importance of the PGP story in terms of governing the Net isn't limited to the
encryption facilities it gives Netizens, although those have already proven important
in circumstances where keeping data confidential is important, such as dissident
groups in repressive regimes. Equally important is the fact that powerful national
and intellectual property laws were overridden by the Net community when that
community felt strongly enough that it was important to do so. The patent questions
kept newsgroups like alt.security.pgp buzzing and buzzing with violent arguments
between people who argued that PGP violated RSA's patent, was illegal, and
shouldn't be used by any responsible human and cypherpunks who said that to
keep cryptography legal everyone should use it. But they didn't stop a large