Slashdot Mirror

← Back to Stories (view on slashdot.org)

Philip Zimmermann and 'Guilt' Over PGP

Posted by Roblimo on from the freedom-is-still-the-goal dept.

Philip R. Zimmermann, creator of PGP, was quoted in a recent Washington Post article as saying he has been "overwhelmed with feelings of guilt" about the use of PGP by suspected terrorists. Zimmermann says the story was not entirely accurate, and has written a response to it (below) that he hopes will clear things up. He has also consented to a Slashdot interview, so please post any questions you have for him. As usual, we'll send 10 of the highest-moderated ones to Zimmermann by email, and post his replies verbatim as soon as we get them back.

No Regrets About Developing PGP

The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case, and made her repeat back to me this point so that she would not get it wrong in the article. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.

Because of the political sensitivity of how my views were to be expressed, Ms. Cha read to me most of the article by phone before she submitted it to her editors, and the article had no such statement or implication when she read it to me. The article that appeared in the Post was significantly shorter than the original, and had the abovementioned crucial change in wording. I can only speculate that her editors must have taken some inappropriate liberties in abbreviating my feelings to such an inaccurate soundbite.

In the interview six days after the attack, we talked about the fact that I had cried over the heartbreaking tragedy, as everyone else did. But the tears were not because of guilt over the fact that I developed PGP, they were over the human tragedy of it all. I also told her about some hate mail I received that blamed me for developing a technology that could be used by terrorists. I told her that I felt bad about the possibility of terrorists using PGP, but that I also felt that this was outweighed by the fact that PGP was a tool for human rights around the world, which was my original intent in developing it ten years ago. It appears that this nuance of reasoning was lost on someone at the Washington Post. I imagine this may be caused by this newspaper's staff being stretched to their limits last week.

In these emotional times, we in the crypto community find ourselves having to defend our technology from well-intentioned but misguided efforts by politicians to impose new regulations on the use of strong cryptography. I do not want to give ammunition to these efforts by appearing to cave in on my principles. I think the article correctly showed that I'm not an ideologue when faced with a tragedy of this magnitude. Did I re-examine my principles in the wake of this tragedy? Of course I did. But the outcome of this re-examination was the same as it was during the years of public debate, that strong cryptography does more good for a democratic society than harm, even if it can be used by terrorists. Read my lips: I have no regrets about developing PGP.

The question of whether strong cryptography should be restricted by the government was debated all through the 1990's. This debate had the participation of the White House, the NSA, the FBI, the courts, the Congress, the computer industry, civilian academia, and the press. This debate fully took into account the question of terrorists using strong crypto, and in fact, that was one of the core issues of the debate. Nonetheless, society's collective decision (over the FBI's objections) was that on the whole, we would be better off with strong crypto, unencumbered with government back doors. The export controls were lifted and no domestic controls were imposed. I feel this was a good decision, because we took the time and had such broad expert participation. Under the present emotional pressure, if we make a rash decision to reverse such a careful decision, it will only lead to terrible mistakes that will not only hurt our democracy, but will also increase the vulnerability of our national information infrastructure.

PGP users should rest assured that I would still not acquiesce to any back doors in PGP.

It is noteworthy that I had only received a single piece of hate mail on this subject. Because of all the press interviews I was dealing with, I did not have time to quietly compose a carefully worded reply to the hate mail, so I did not send a reply at all. After the article appeared, I received hundreds of supportive emails, flooding in at two or three per minute on the day of the article.

I have always enjoyed good relations with the press over the past decade, especially with the Washington Post. I'm sure they will get it right next time.

The article in question appears at http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html

-Philip Zimmermann
24 September 2001

(This letter may be widely circulated)

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQA/AwUBO69F2sdGNjmy13leEQIn+QCg2DjDeyibtRe61tUSplSAobdzAqEAoOMF ir3lRc4c1D/0Mmmv/JtP/E73 =HmRO
-----END PGP SIGNATURE-----

9 of 837 comments (clear)

  1. Future of pgp by Darkstorm · · Score: 5, Interesting

    Although I don't use pgp on a daily basis I do occasionally use it and wish that more businesses supported it for use in email. I would much rather encrypt personal information being sent to a company but they don't support it.

    Is there any plans for improving pgp's ability to incorporate itself into email programs and other forms of internet communications that will make it easier for companies and end users to use?

    --
    If ignorance is bliss, the world is full of blissful people
  2. Anti-Empowerment == Anti-Liberty by Bruce+Perens · · Score: 5, Interesting
    PGP empowers people to exchange secrets. Computers empower people to run flight simulators and much else. The internet empowers people to meet each other, organize, and exchange data. All are used for great good, and some evil. One of the things that threaten government and large industry the most is the fact that these technologies empower the individual in a way that only government and industry were empowered before. They would like to use the excuse that these technologies can be used for crime to remove them from everybody's hands.

    What strikes me about this tragic disaster is the way government is targeting technologies that are not connected with the crime, simply because the implication that they could be used is there, using the need to protect the people as a hollow justification to remove our rights.

    Bruce

    --
    Bruce Perens.
  3. To what point should you go, and would it help? by shomon2 · · Score: 4, Interesting

    I'm sorry to hear about the misrepresentation. I'm sure as well that they will do better next time. It's very important that your reaction to this mistake wasn't anger, which is what I'd have expected of a lot of people. Anyway, here's my question:

    To what point would you go with PGP? For example, if it were outlawed, or you considered your life to be threatened through some government's outlawing of it, would you stop working with it, or supporting strong crypto? And if you would actually "go underground" if you sincerely believed that it would help people's freedom, do you think it would matter?

    What I mean is... do you think the internet(email, freenet, www, etc) could still be seen as a place where people can somehow communicate and share information, even under a regime that tried hard to stop that information being shared?

  4. Criminalization of Encryption by JPMH · · Score: 5, Interesting

    The idea is seriously being canvassed in the UK, of making it a criminal offence to send strongly encrypted material by email, or to put it up on a web page. Could such a law be enforced ?

  5. A Related Question by jalefkowit · · Score: 5, Interesting

    I wonder why the reporter didn't think to ask the CEO of Boeing if he is tormented by feelings of guilt? After all, the attacks showed us that he makes his living selling giant flying bombs that Very Bad People can use to kill thousands of our people in one fell swoop. Surely he must agree that he and his company have blood on their hands, right?

    Of course not. Boeing isn't responsible for this tragedy, and neither is Phil Zimmerman (and kudos to Phil for standing up and saying so). Boeing's aircraft have contributed immensely to our national economy by helping make easy commercial air travel possible. Strong crypto has contributed immensely to the economy by helping make the online world a safe, secure place to do business. Both have been misused by evil men to do a great wrong; but they are just tools, with no moral implications beyond those transferred to them through the hands of those who wield them. To place the blame anywhere else is to absolve the monsters behind the attack of the full weight of their crimes.

    -- Jason Lefkowitz

    --

    Read my blog.

  6. question to mr. zimmermann ... by Frizzled · · Score: 5, Interesting

    what, would you say, is the flaw to backdoor'd crypto and how would you explain this defect to someone who lacks a wide knowledge of computers, especially in light of recent events?

    thanks, _f

  7. Quantum Cryptography by KjetilK · · Score: 5, Interesting
    We all know that a working quantum computer will make the current algorithms obsolete. Thus, the following questions:
    1. Do you think a quantum computer can be developed in secrecy?
    2. If yes, how can we tell if our encryption needs to be changed?
    3. What are your ideas for a "quantum PGP"?

    Also, I would like to thank you for PGP. Indeed, it is making the world a better place, and to me it is even more apparent in light of recent events.

    Kjetil (Keyid: 6A6A0BBC)

    --
    Employee of Inrupt, Project Release Manager and Community Manager for Solid
  8. I Like Your Hat! by 4of12 · · Score: 4, Interesting

    [That would be the "Phil's Pretty Good Software" hat.]

    Questions:

    Do you see any reasonable chances for success for a truly free and open system of certification authorities that would enable large numbers of people to exchange ideas and money in a way they would trust and yet simultaneously permit them privacy and anonymity?

    What is your opinion of Hailstorm?

    --
    "Provided by the management for your protection."
  9. Question for Phil by merlin_jim · · Score: 4, Interesting

    First off, hats off to a career that has been inspiring to us all. I know that I, for one, cried for joy on the day that cryptographic export was opened up.

    Now, the question:

    It is hard for the public to hear the message "crypto backdoors are bad" without associating it with an anarchist anti-gov't message.

    First off, do you believe it is possible for the gov't to implement a crypto backdoor without "Bad Guys" getting into the backdoor and thereby compromising security?

    Secondly, do you have any positive examples or anecdotes of why strong crypto is good for gov't, or at least not detrimental?

    Thanks, and once again congrats.

    --
    I am disrespectful to dirt! Can you see that I am serious?!