<nettime> why i wrote pgp

[Tilman Baumgärtel <mail@tilmanbaumgaertel.net>]

...not me personally, of course.

But Philip Zimmermann.

But in the light of the recent disclosures about internet surveillance 
by the NSA and the British Intelligence (and who knows on who Snowdon 
will spill the beans next - once is in exile), this is pretty 
interesting reading (or re-reading), in regards to your "private 
electronic mail (email)".
But whoever reads these User´a Guides, anyway? ;)

Yours,
Tilman Baumgärtel

ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß

from :
http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

Philip Zimmermann: Why I Wrote PGP

Part of the Original 1991 PGP User's Guide (updated in 1999)

"Whatever you do will be insignificant, but it is very important that 
you do it."
-Mahatma Gandhi

It's personal. It's private. And it's no one's business but yours. You 
may be planning a political campaign, discussing your taxes, or having a 
secret romance. Or you may be communicating with a political dissident 
in a repressive country. Whatever it is, you don't want your private 
electronic mail (email) or confidential documents read by anyone else. 
There's nothing wrong with asserting your privacy. Privacy is as 
apple-pie as the Constitution.
The right to privacy is spread implicitly throughout the Bill of Rights. 
But when the United States Constitution was framed, the Founding Fathers 
saw no need to explicitly spell out the right to a private conversation. 
That would have been silly. Two hundred years ago, all conversations 
were private. If someone else was within earshot, you could just go out 
behind the barn and have your conversation there. No one could listen in 
without your knowledge. The right to a private conversation was a 
natural right, not just in a philosophical sense, but in a 
law-of-physics sense, given the technology of the time.
But with the coming of the information age, starting with the invention 
of the telephone, all that has changed. Now most of our conversations 
are conducted electronically. This allows our most intimate 
conversations to be exposed without our knowledge. Cellular phone calls 
may be monitored by anyone with a radio. Electronic mail, sent across 
the Internet, is no more secure than cellular phone calls. Email is 
rapidly replacing postal mail, becoming the norm for everyone, not the 
novelty it was in the past.
Until recently, if the government wanted to violate the privacy of 
ordinary citizens, they had to expend a certain amount of expense and 
labor to intercept and steam open and read paper mail. Or they had to 
listen to and possibly transcribe spoken telephone conversation, at 
least before automatic voice recognition technology became available. 
This kind of labor-intensive monitoring was not practical on a large 
scale. It was only done in important cases when it seemed worthwhile. 
This is like catching one fish at a time, with a hook and line. Today, 
email can be routinely and automatically scanned for interesting 
keywords, on a vast scale, without detection. This is like driftnet 
fishing. And exponential growth in computer power is making the same 
thing possible with voice traffic.
Perhaps you think your email is legitimate enough that encryption is 
unwarranted. If you really are a law-abiding citizen with nothing to 
hide, then why don't you always send your paper mail on postcards? Why 
not submit to drug testing on demand? Why require a warrant for police 
searches of your house? Are you trying to hide something? If you hide 
your mail inside envelopes, does that mean you must be a subversive or a 
drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any 
need to encrypt their email?
What if everyone believed that law-abiding citizens should use postcards 
for their mail? If a nonconformist tried to assert his privacy by using 
an envelope for his mail, it would draw suspicion. Perhaps the 
authorities would open his mail to see what he's hiding. Fortunately, we 
don't live in that kind of world, because everyone protects most of 
their mail with envelopes. So no one draws suspicion by asserting their 
privacy with an envelope. There's safety in numbers. Analogously, it 
would be nice if everyone routinely used encryption for all their email, 
innocent or not, so that no one drew suspicion by asserting their email 
privacy with encryption. Think of it as a form of solidarity.
Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling 
measure buried in it. If this non-binding resolution had become real 
law, it would have forced manufacturers of secure communications 
equipment to insert special "trap doors" in their products, so that the 
government could read anyone's encrypted messages. It reads, "It is the 
sense of Congress that providers of electronic communications services 
and manufacturers of electronic communications service equipment shall 
ensure that communications systems permit the government to obtain the 
plain text contents of voice, data, and other communications when 
appropriately authorized by law." It was this bill that led me to 
publish PGP electronically for free that year, shortly before the 
measure was defeated after vigorous protest by civil libertarians and 
industry groups.
The 1994 Communications Assistance for Law Enforcement Act (CALEA) 
mandated that phone companies install remote wiretapping ports into 
their central office digital switches, creating a new technology 
infrastructure for "point-and-click" wiretapping, so that federal agents 
no longer have to go out and attach alligator clips to phone lines. Now 
they will be able to sit in their headquarters in Washington and listen 
in on your phone calls. Of course, the law still requires a court order 
for a wiretap. But while technology infrastructures can persist for 
generations, laws and policies can change overnight. Once a 
communications infrastructure optimized for surveillance becomes 
entrenched, a shift in political conditions may lead to abuse of this 
new-found power. Political conditions may shift with the election of a 
new government, or perhaps more abruptly from the bombing of a federal 
building.
A year after the CALEA passed, the FBI disclosed plans to require the 
phone companies to build into their infrastructure the capacity to 
simultaneously wiretap 1 percent of all phone calls in all major U.S. 
cities. This would represent more than a thousandfold increase over 
previous levels in the number of phones that could be wiretapped. In 
previous years, there were only about a thousand court-ordered wiretaps 
in the United States per year, at the federal, state, and local levels 
combined. It's hard to see how the government could even employ enough 
judges to sign enough wiretap orders to wiretap 1 percent of all our 
phone calls, much less hire enough federal agents to sit and listen to 
all that traffic in real time. The only plausible way of processing that 
amount of traffic is a massive Orwellian application of automated voice 
recognition technology to sift through it all, searching for interesting 
keywords or searching for a particular speaker's voice. If the 
government doesn't find the target in the first 1 percent sample, the 
wiretaps can be shifted over to a different 1 percent until the target 
is found, or until everyone's phone line has been checked for subversive 
traffic. The FBI said they need this capacity to plan for the future. 
This plan sparked such outrage that it was defeated in Congress. But the 
mere fact that the FBI even asked for these broad powers is revealing of 
their agenda.
Advances in technology will not permit the maintenance of the status 
quo, as far as privacy is concerned. The status quo is unstable. If we 
do nothing, new technologies will give the government new automatic 
surveillance capabilities that Stalin could never have dreamed of. The 
only way to hold the line on privacy in the information age is strong 
cryptography.
You don't have to distrust the government to want to use cryptography. 
Your business can be wiretapped by business rivals, organized crime, or 
foreign governments. Several foreign governments, for example, admit to 
using their signals intelligence against companies from other countries 
to give their own corporations a competitive edge. Ironically, the 
United States government's restrictions on cryptography in the 1990's 
have weakened U.S. corporate defenses against foreign intelligence and 
organized crime.
The government knows what a pivotal role cryptography is destined to 
play in the power relationship with its people. In April 1993, the 
Clinton administration unveiled a bold new encryption policy initiative, 
which had been under development at the National Security Agency (NSA) 
since the start of the Bush administration. The centerpiece of this 
initiative was a government-built encryption device, called the Clipper 
chip, containing a new classified NSA encryption algorithm. The 
government tried to encourage private industry to design it into all 
their secure communication products, such as secure phones, secure 
faxes, and so on. AT&T put Clipper into its secure voice products. The 
catch: At the time of manufacture, each Clipper chip is loaded with its 
own unique key, and the government gets to keep a copy, placed in 
escrow. Not to worry, though–the government promises that they will use 
these keys to read your traffic only "when duly authorized by law." Of 
course, to make Clipper completely effective, the next logical step 
would be to outlaw other forms of cryptography.
The government initially claimed that using Clipper would be voluntary, 
that no one would be forced to use it instead of other types of 
cryptography. But the public reaction against the Clipper chip was 
strong, stronger than the government anticipated. The computer industry 
monolithically proclaimed its opposition to using Clipper. FBI director 
Louis Freeh responded to a question in a press conference in 1994 by 
saying that if Clipper failed to gain public support, and FBI wiretaps 
were shut out by non-government-controlled cryptography, his office 
would have no choice but to seek legislative relief. Later, in the 
aftermath of the Oklahoma City tragedy, Mr. Freeh testified before the 
Senate Judiciary Committee that public availability of strong 
cryptography must be curtailed by the government (although no one had 
suggested that cryptography was used by the bombers).
The government has a track record that does not inspire confidence that 
they will never abuse our civil liberties. The FBI's COINTELPRO program 
targeted groups that opposed government policies. They spied on the 
antiwar movement and the civil rights movement. They wiretapped the 
phone of Martin Luther King. Nixon had his enemies list. Then there was 
the Watergate mess. More recently, Congress has either attempted to or 
succeeded in passing laws curtailing our civil liberties on the 
Internet. Some elements of the Clinton White House collected 
confidential FBI files on Republican civil servants, conceivably for 
political exploitation. And some overzealous prosecutors have shown a 
willingness to go to the ends of the Earth in pursuit of exposing sexual 
indiscretions of political enemies. At no time in the past century has 
public distrust of the government been so broadly distributed across the 
political spectrum, as it is today.
Throughout the 1990s, I figured that if we want to resist this 
unsettling trend in the government to outlaw cryptography, one measure 
we can apply is to use cryptography as much as we can now while it's 
still legal. When use of strong cryptography becomes popular, it's 
harder for the government to criminalize it. Therefore, using PGP is 
good for preserving democracy. If privacy is outlawed, only outlaws will 
have privacy.
It appears that the deployment of PGP must have worked, along with years 
of steady public outcry and industry pressure to relax the export 
controls. In the closing months of 1999, the Clinton administration 
announced a radical shift in export policy for crypto technology. They 
essentially threw out the whole export control regime. Now, we are 
finally able to export strong cryptography, with no upper limits on 
strength. It has been a long struggle, but we have finally won, at least 
on the export control front in the US. Now we must continue our efforts 
to deploy strong crypto, to blunt the effects increasing surveillance 
efforts on the Internet by various governments. And we still need to 
entrench our right to use it domestically over the objections of the FBI.
PGP empowers people to take their privacy into their own hands. There 
has been a growing social need for it. That's why I wrote it.
Philip R. Zimmermann
Boulder, Colorado
June 1991 (updated 1999)

--
Dr. Tilman Baumgärtel
mail@tilmanbaumgaertel.net
Twitter:  Tilman Baumgaertel ?@tilmazio


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org