Slashdot Mirror
Philip Zimmermann and 'Guilt' Over PGP
No Regrets About Developing PGP
The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case, and made her repeat back to me this point so that she would not get it wrong in the article. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.
Because of the political sensitivity of how my views were to be expressed, Ms. Cha read to me most of the article by phone before she submitted it to her editors, and the article had no such statement or implication when she read it to me. The article that appeared in the Post was significantly shorter than the original, and had the abovementioned crucial change in wording. I can only speculate that her editors must have taken some inappropriate liberties in abbreviating my feelings to such an inaccurate soundbite.
In the interview six days after the attack, we talked about the fact that I had cried over the heartbreaking tragedy, as everyone else did. But the tears were not because of guilt over the fact that I developed PGP, they were over the human tragedy of it all. I also told her about some hate mail I received that blamed me for developing a technology that could be used by terrorists. I told her that I felt bad about the possibility of terrorists using PGP, but that I also felt that this was outweighed by the fact that PGP was a tool for human rights around the world, which was my original intent in developing it ten years ago. It appears that this nuance of reasoning was lost on someone at the Washington Post. I imagine this may be caused by this newspaper's staff being stretched to their limits last week.
In these emotional times, we in the crypto community find ourselves having to defend our technology from well-intentioned but misguided efforts by politicians to impose new regulations on the use of strong cryptography. I do not want to give ammunition to these efforts by appearing to cave in on my principles. I think the article correctly showed that I'm not an ideologue when faced with a tragedy of this magnitude. Did I re-examine my principles in the wake of this tragedy? Of course I did. But the outcome of this re-examination was the same as it was during the years of public debate, that strong cryptography does more good for a democratic society than harm, even if it can be used by terrorists. Read my lips: I have no regrets about developing PGP.
The question of whether strong cryptography should be restricted by the government was debated all through the 1990's. This debate had the participation of the White House, the NSA, the FBI, the courts, the Congress, the computer industry, civilian academia, and the press. This debate fully took into account the question of terrorists using strong crypto, and in fact, that was one of the core issues of the debate. Nonetheless, society's collective decision (over the FBI's objections) was that on the whole, we would be better off with strong crypto, unencumbered with government back doors. The export controls were lifted and no domestic controls were imposed. I feel this was a good decision, because we took the time and had such broad expert participation. Under the present emotional pressure, if we make a rash decision to reverse such a careful decision, it will only lead to terrible mistakes that will not only hurt our democracy, but will also increase the vulnerability of our national information infrastructure.
PGP users should rest assured that I would still not acquiesce to any back doors in PGP.
It is noteworthy that I had only received a single piece of hate mail on this subject. Because of all the press interviews I was dealing with, I did not have time to quietly compose a carefully worded reply to the hate mail, so I did not send a reply at all. After the article appeared, I received hundreds of supportive emails, flooding in at two or three per minute on the day of the article.
I have always enjoyed good relations with the press over the past decade, especially with the Washington Post. I'm sure they will get it right next time.
The article in question appears at http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html
-Philip Zimmermann
24 September 2001
(This letter may be widely circulated)
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3iQA/AwUBO69F2sdGNjmy13leEQIn+QCg2DjDeyibtRe61tUSplSAobdzAqEAoOMF ir3lRc4c1D/0Mmmv/JtP/E73 =HmRO
-----END PGP SIGNATURE-----
Only their users. And remember, good and evil are relative. Not everybody thinks like you do.
Vintage computer games and RPG books available. Email me if you're interested.
We who live in the D.C. area are very familiar with the Post's penchant for "manufacturing" stories where none exist. Mr. Zimmerman unfortunately was the party on the receiving end of the editorial foul play in this particular case.
/.ers are.
As a community, we should recognize that the Post as well as other news media outlets are NOT in their line of work to provide complete and unbiased coverage of events. They are in business to make MONEY, and that is a goal that creates in and of itself conflict of interest with reporting the truth in most (if not all) cases.
I wish the readership of the Post was going to be privy to Mr. Zimmerman's clarifications in the same way we
Now that the encryption tools, which are not evil, but can be used for such just like a car or a hammer or a computer or virtually any other useful thing, are out there with full source code and all, does anyone seriously think the nasty bad men
1) will upgrade to the new CIA-approved encryption technologies, should they pass, or
2) will not be able to extend the previous technology as computers get faster
The genie is out of the bottle. All we can do is allow government to pry into the lives of honest, law abiding citizens with new back doors.
It's the same as *strict* gun control - criminals already won't follow the law, so they aren't going to suddenly turn in their guns if they become illegal. Oh, guess I'll have to find a new way to break the law, now that guns are illegal.
+5:offtopic,but anti-American
Everyone's been lashing-out at the wrong people lately (all Islamics, Zimmerman, ...). They just don't know where to direct their anger. But as long as we know they're not justified, it's not so bad.
If you celebrate Xmas, befriend me (538
What do you think about the idea of having government backdoors in crypto standards?
If they hadn't invented the airplane, none of this would have happened, right?
In fact, it's clearly Bernoulli's fault - if he hadn't told everybody all that business about particles in motion exerting less pressure to the sides, none of this would have happened.
No, Phil, if you hadn't invented it, someone else would have. You're on the right side. Tools are not evil and privacy is important, even when abused. Don't give it another thought. Be strong.
-- http://frobnosticate.com
Although I don't use pgp on a daily basis I do occasionally use it and wish that more businesses supported it for use in email. I would much rather encrypt personal information being sent to a company but they don't support it.
Is there any plans for improving pgp's ability to incorporate itself into email programs and other forms of internet communications that will make it easier for companies and end users to use?
If ignorance is bliss, the world is full of blissful people
Hotmail? Internet Cafes? Who needs encryption when you can walk into a cafe and log on to agad435q3@hotmail.com and use keywords instead of blatant text?
Sheesh. I mean there may be a lot of guilt to spread around, but this is ridiculous.
air and light and time and space
It is obvious (at least to me) that you do not support adding backdoors to encryption software.
My question is: is this a true statement (in light of recent events) and do you personally believe that the current maintainers of the PGP software will be against such actions (even though they will have to comply)?
Also: how "clean" do you believe the software is (after you left)?
I am sorry to see that you were misquoted, they seem to like to do that to make their stories seem more interesting. Reminds me of Good Morning Vietnam.
I was very skeptical of that article. My question: Has the Washington Post apologized or printed a correction? Better yet, have they offered to run your comment as an op-ed? They really should.
sulli
RTFJ.
What strikes me about this tragic disaster is the way government is targeting technologies that are not connected with the crime, simply because the implication that they could be used is there, using the need to protect the people as a hollow justification to remove our rights.
Bruce
Bruce Perens.
I'm sorry to hear about the misrepresentation. I'm sure as well that they will do better next time. It's very important that your reaction to this mistake wasn't anger, which is what I'd have expected of a lot of people. Anyway, here's my question:
To what point would you go with PGP? For example, if it were outlawed, or you considered your life to be threatened through some government's outlawing of it, would you stop working with it, or supporting strong crypto? And if you would actually "go underground" if you sincerely believed that it would help people's freedom, do you think it would matter?
What I mean is... do you think the internet(email, freenet, www, etc) could still be seen as a place where people can somehow communicate and share information, even under a regime that tried hard to stop that information being shared?
Couple honest questions I would like to ask within this thread for clarification on this issue?
1. What are the uses of cryptography as a "Human Rights Tool"?
2. If in fact tools such as PGP are used by terrorists, how do governments protect against this?
Any information provided would be greatly appreciated.
Awesome!
This isn't a question for Zimmermann, it's a question for anybody who knows. What can you do when, like him, you're misquoted in by a journalist?
From the sounds of it, he did everything you could expect someone to do to avoid being misquoted. He emphasized to her he did not feel "overwhelmed with guilt", had her read the article to him over the phone before it was published, and was still misquoted thanks to an editor.
I imagine in certain circumstances you could sue the newspaper for libel, but what else can you do? What are your rights to: 1) not sound like a complete moron, 2) not be quoted out of context, 3) not be misquoted, 4) not have words put in your mouth.
And while we're on the topic, another question for the masses. From what the DoJ and others are doing, I'm getting less and less willing to send my email in plain text. The problem is that my technically unsophisticated friends don't have PGP, and I'm afraid it might be too tough for them. I know I could point them at hushmail (http://www.hushmail.com/), but are there any other good options? Also, what good arguments can I use to convince them it's worth the effort?
Btw, by "technically unsophisticated" I mean one until a couple of months ago was using a 486 and windows 3.1. I can't expect them to switch to Linux yet, but I want to help them find a good way to use pgp.
The idea is seriously being canvassed in the UK, of making it a criminal offence to send strongly encrypted material by email, or to put it up on a web page. Could such a law be enforced ?
Obviously after developing one of the most profound applications in the computer world (take all the complex problems of high-speed encryption over insecure channels and bundle them into an easy to use program), we have come to a self-evident belief that you support cryptography. But with the US government already in over react mode, and consider weakening crypto after years of progress in the other direction, we find ourselves in a nasty situation. And though the answer is obvious that we need to persuade a vote against anything like this, I am led to believe that you have more experience in such things than the majority of the people on this site. So we ask, exactly what is the best method to ensure that your complaints are both heard and regarded as something other than raving lunacy.
SIG: HUP
My question is, will export regulations help at all? By 'help', I mean 'accomplish what the US Government wants to happen', which I assume would be reducing the strength of encryption available outside the US. The only way I can see export regulations helping is if the large majority of R&D into encryption is done inside the US. Do you know how much work is done inside and/or outside the US in the field of encryption, and would cutting off US encryption research from the outside world (assuming that is possible via regulation) have a major impact on encryption available out of the US, or an impact on the field of encryption itself?
Wanting to put back doors in crypto is just like a lot of the firearm control laws to me. What the people that want them don't realize is that criminals DO NOT follow laws. If I'm going to go shoot someone do you really think I'm going to get a gun the legit way and fill out the paperwork? If I'm going to encrypt my email for terroristic purposes, am I really going to use a tool with a back door?
NO! So it just wastes time and costs everyone money.
I wonder why the reporter didn't think to ask the CEO of Boeing if he is tormented by feelings of guilt? After all, the attacks showed us that he makes his living selling giant flying bombs that Very Bad People can use to kill thousands of our people in one fell swoop. Surely he must agree that he and his company have blood on their hands, right?
Of course not. Boeing isn't responsible for this tragedy, and neither is Phil Zimmerman (and kudos to Phil for standing up and saying so). Boeing's aircraft have contributed immensely to our national economy by helping make easy commercial air travel possible. Strong crypto has contributed immensely to the economy by helping make the online world a safe, secure place to do business. Both have been misused by evil men to do a great wrong; but they are just tools, with no moral implications beyond those transferred to them through the hands of those who wield them. To place the blame anywhere else is to absolve the monsters behind the attack of the full weight of their crimes.
-- Jason Lefkowitz
Read my blog.
What's worse than encryption in the wrong hands? No encryption for anyone. That leaves everything a free for all for all terrorists and crackers.
I'm happy that I can use encryption to communicate, especially when dealing with my computer's security. Regretfully, these tools may have been used by bad people, but encryption has prevented many magnitudes of more trouble from being possible. Its good that we have these tools and I have many great thanks to those who advocate their use and security.
Agreed! I'm sure that the Wright brothers, Diesel, Sir Whittle, and others feel no guilt for the actions of criminals.
Friends don't help friends install M$ junk.
I know a lot of questions, but I'm curious to know how you feel after all that you have been through.
.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Since the NYC tragedy I've found that the media has gone berzerk; losing all ability to provide rational and impartial coverage of the situation.
Despite lacking confirmation from official sources that encryption played a pivotal role and (more worrisome!) despite lacking proof, it seems that the collective mind of the media has fixated on encryption as the reason the terrorists were successfull.
Obviously without the airplane this tragedy could never have happened, yet nobody blames the Wright brothers. Why do you think a double standard is being applied to your work and encryption tools in general- when (like the airplane) the potential for good *far* *far* outweighs any potential for bad?
There is justification in someone's mind, else it wouldn't have happened. Not saying it's a good justification, it isn't, but they felt it justified. Which proves the bankruptcy of their ideas.
Best Slashdot Co
My own position is confused and contradictory. I see personal communication mechanisms and security a force for good. I think that US interests would actually be served if everyone in Central Asia had the ability to communicate privately and securely with anyone they wish to. I also believe that it is a proper part of the job of governments to spy. I have problems reconciling these views.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
Situations like this are pretty much the reason the Post has an ombudsman.
As Zimmermann says, the Washington Post usually takes accuracy very seriously. I'm sure they will give this the attention it deserves.
Privacy of communication appears to be extremely important. My private conversations should only involve the persons intended to hear them, or many ideas might never be expressed.
Privacy for citizens carries much more weight than privacy for organizations. Government agents who wish secrecy can afford many levels of secrecy to ensure private communication. Political groups, like terrorists, can also hide their actions through secrecy. Removing secure communications from normal citizens in an attempt to discover political groups is horrible doomed to only remove private speach from the citizens.
There is, however, one divide where people are lost from this equation. Currently private communication requires money. PGP is not available to the vast majority of those under the poverty line. What, if anything, are you doing to bridge this gap?
>PGP users should rest assured that I would still not acquiesce to any back doors in PGP.
It's really good to have a veteran with the possibility of being a champion for privacy issues. Afterall, we all know for a fact that Phil's willing to run the gauntlet in defense of what he thinks is right... I would think that's been proven.
I just hope it won't be necessary to go to the lengths that happened last time.
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
The PGP signature at the end of this article is unverifiable. Can you please link to a version of the article with proper begin/end borders and whitespace preserved?
Crypto doesn't kill people.
People kill people.
...
Encrypt Bears!
Krispy Cream is people
Do you have any wish or intent to have the Post make a correction to their article? I don't know any of the numbers, but it seems to me that a lot more people read the Post than Slashdot. Personally I would want the Post readers to know what I really said, and I also think that the Post would be obligated to make such a statement, to maintain their own 'integrity' and accuracy.
Your
"Deus lo vult!" was a few centuries ago.
Best Slashdot Co
Maybe "Envelope" would be a better product name.
In fact, for this public debate, I think that even "encryption" is a bad term to use. It sounds cryptical in the most literal sense, and the average user (or politician) doesn't understand it, so it must be something scary.
While I see a lot of people who discuss abolishing "secure email transmission" (i.e. encrypted mail), I have seen very few people who would demand backdors in "Secure Socket Layer" (i.e. encrypted HTTP) or "secure online banking" (i.e. encrypted financial transactions). The main difference between the three is that in the case of email transmission, people usually use the term "encrypted", while in the latter cases, the buzzword is "security."
If you want to talk with average people, talk about secure communication, not about encrypted communication. Politicians will have a much harder time abolishing security than abolishing encryption.
Sig (appended to the end of comments I post, 54 chars)
Specifically, if I were to take a picture with my digital camera, then bury my encrypted text in it using steganography, then send that picture to my friend via e-mail, is it possible for a third party who's intercepted that email to determine whether or not it has encrypted information in it? I'm not talking about the possibility of breaking it, just whether or not they can detect that I've done something ostensibly illegal.
Thanks.
Greetings,
Thank you Phil for producing PGP, for standing up for what you really believe, and for re-evaluating your beliefs after this tragic event.
Given the use of techniques like steganography and Chaffing and Winnowing to hide messages with or without encryption, and the many ways of communicating without openly passing a message (codes, one time pads,...) laws on cryptography are obviously pointless as far as stopping terrorism is concerned.
So, What would you like to see being done? What measures do you think might be effective against terrorism?
I don't have any answers, but I haven't seen any that seem effective to me either.
Thanks,
Z.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
> I can only speculate that her editors must have taken some inappropriate liberties in abbreviating my feelings to such an inaccurate soundbite.
You can speculate what you like, but the fact remains that the paper blatantly misrepresented Phil's opinions in order to further the current agenda of cracking down on civil liberties.
This distortion is not a coincidence, it's probably not deliberate either, but people who are sufficiently indoctrinated hear what they want to. Mainstream media is even more laughably distored than normal at the moment. Suddenly the media is full of convenient statistics "80% of US population favors back-doors in encryption". And what percentage of the US population has any idea what the hell that means ? What was the queston "Do you favor laws that make it harder for terrorists to communicate in private ?" or "Should it be illegal for people to try to stop others from monitoring their communication ?"
The media is just as accurate about other stuff. They laud George Jr's "bravery" without a trace of irony, like the jester in the Holy Grail "When danger reared its ugly head,
He bravely turned his tail and fled...." Meanwhile the cowardly terrorists were cowardly
giving their lives for their beliefs. Fanatical assholes, sure, but cowardly ?
The distortion is much worse than you think. The entire language is adjusted in a thoroughly Orwellian fashion. When people on our side die, the "terrorists" cause the "murder of innocent, men, women and children". Fine, this is accurate. However, when we do start beating up on Afghanistan. "Military commanders" will replace "terrorists" and "inevitable collateral damage during surgical strikes" will replace "bombing civilans". It's very difficult to reason about something when the terms are properly loaded.
The language molesters will be hard at work over the next few months. The funny thing is that when we hear blatant distortions in the other direction, (eg "The great satan") we laugh at the stupidity and talk about how these people have been brainwashed into believing all sorts of nonsense. There is a widespread belief that the terrorists killed themselves because they believed they would be rewarded with 72 virgins in heaven. It's time to reconsider who has been brainwashed.
http://rareformnewmedia.com/
In case they decide to change it or post a retraction (everybody contact the editors?), here's the quote right now:
- Michael T. Babcock (Yes, I blog)
what, would you say, is the flaw to backdoor'd crypto and how would you explain this defect to someone who lacks a wide knowledge of computers, especially in light of recent events?
thanks, _f
If you had the time & inclination to write a PPGP (Probably Pretty Good Privacy
2) With regards to those who "artistically" adapted your "guilt" remarks, do you plan on hanging them by their toenails, or using them as shark toys off the Florida coast?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It appears to me that the US government didn't have the capability to react to unencrypted, even overt acts by these terrorists. After all, they entered the country using their real names (mostly), rented apartments, used credit cards, made airline reservations, and took flight lessons. In some cases they did all this while they were on a "watch list". I suspect that the encryption reaction is a knee-jerk diversion to focus attention away from truly pathetic intelligence processing.
I've seen reports that they sent email unencrypted, and used information hiding, but I haven't seen anything besides speculation that they actually used encryption.
Have you seen any specific evidence that indicates these terrorists actually did use PGP (or any other encryption, for that matter)?
This misquoting is absolutely incredible in scope. I've been afraid of being misquoted before, but this quite well takes the cake. The individual writing the article wanted to write ONE THING smacking about the crypto community and perhaps even programmers in general, and took the quotes WAY out of context AND pretty much just took sentences and cut out all the words that he needed.
This is like me saying
"So, if I get my girlfriend a cat, this is what she wants for Christmas?"
and being quoted as
"My girlfriend" "is" "a cat."
Also, I would like to thank you for PGP. Indeed, it is making the world a better place, and to me it is even more apparent in light of recent events.
Kjetil (Keyid: 6A6A0BBC)
Employee of Inrupt, Project Release Manager and Community Manager for Solid
The secret keyring in practically every implementation of PGP leaks information off the secret key ring.
Not the messages, but something that can comprimise the existance of the user.
The identities on the keyring can be listed without a passphrase.
This means that if you have a standard keyring with your personal ID and you are also "Chairman X" of the local committee for doing things the State does not like, if they obtain your keyring, they can show that you and "Chairman X" are most likely the same person.
All it takes is "pgp -kvv secring.pgp" and I can tell you all of the aliases and alternate identities that you use.
Currently, using multiple secret key rings is a pain. Most implemenations of PGP do not have the ability to add a master passphrase on the keyring.
BTW, people have been linked to their nyms by just this method. (Ask Carl Johnson. He was a canadian who spent time in an American jail because he said something through a nym that the government found threatening.)
"Trademarks are the heraldry of the new feudalism."
Although it is too early to tell, do you support any form of civil disobedience to new laws that restrict cyryptography usage? In essence, if the government orders that the next version of PGP include back doors, do you plan to disregard the law for personal or political reasons? Furthermore, do you believe that the liberty to use encryption is threatened enough that users of PGP should refuse to accept back doors and continue using the current version?
-- Solaris Central - http://w
-----BEGIN PGP SIGNED MESSAGE-----
e Li NX+WKIYnsAn2Yw
Hash: SHA1
You were, of course, correct 10 years ago when you guessed that PGP
would become a tool of the oppressed. But even huge, lumbering
totalitarian governments are not so slow as to miss the fact that
people are avoiding their censors. My guess is that in many of these
oppressive countries, the use of encryption products like PGP has
become, in itself, an offense.
Have you looked into developing steganographic or other concealment
tools so that such users can veil even the existence of a message?
Has NAI?
I understand that with an open, published steganographic method, any
government could still detect messages, but this would at least
massively increase their censorship workloads, forcing them to
process every image, or possibly every text message, looking for a
palimpsest. What's more, if such a method were designed to forego
the usual identification headers, so that only the enciphered message
itself was included, would you not end up with a hidden message
difficult to detect even when 'looking right at it', so to speak?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use
iQA/AwUBO69zC5Tq1bXoStsJEQI6GgCgnKR4q9qo9gB8Oht
/AlFZz2I0GqIhYkUpFk1XRx/
=fpit
-----END PGP SIGNATURE-----
Phil,
It seems that anti-encryption/anti-strong-encryption legislation is coming, whether we want it or not.
In the emotional need to do *something, anything*, Congressmen are drafting and voting on legislation without review or testimony from folks like yourself who happen to know the technology rather than just want to give Law Enforcement broad powers.
Do you agree that we're about to be railroaded into a bad spot as far as secure communications/transactions are concerned?
Will you continue to use PGP or other strong encryption after it's existence is outlawed?
Given the worst possible future outlook with regard to strong encryption, what will you do/encourage others to do, and what is our best option for securing our communications in this case?
Are the proposed backdoors simply blanket weaknesses in the allowed crypto standards, or does this have something to do with how the final encrypted message is constructed? I can see some ways that the users decryption key could be incorporated into the resulting message (as an encrypted sub-message using the government's key) so that the government could recover the user's private key from any message. I'm much less certain of how you would construct an encryption algorithm that would ensure that all messages could be decrypted by both the user's private key and the government's private key.
Is there some description of how these backdoors are supposed to work?
"as the inventor of PGP, I was 'overwhelmed with feelings of guilt'." - Phillip Zimmerman
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Phil, as you know I've been rallying to get support for my take on what it would take to get privacy through encryption into the hands of everyone in the world (regardless of sophistication level).
I've been in the software and systems world for 12 years, but you have a whole lot on me when it comes to security through crypto. What do you think will be the major hurdles for getting ma-and-pa-average to use crypto?
Thanks!
I believe that outlawing strong cryptography is foolish since "the genie is out of the bottle"; i.e., anyone can write their own strong cryptography system. Here's a purely academic question: Do you think the world would be a better place if strong cryptography did not exist?
He had the reporter read the article back to him over the phone, and had her make sure that was exactly the way it'd be printed. It was changed by someone to make it clear that Zimmerman somehow had changed his views on encryption; this is a pretty egregious error, don't you think? A noted encryption expert, and creator of a technology that probably *was* used to mask terrorists' communication, suddenly changes his mind in a national interview...
Hmm, idono about you, but it sounds to me like someone's got an agenda at the Washington Post.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Are you afraid this might be done to you? If so, would you consider this risk higher than the one you suffered diring the last decade?
BTW, thanks to PGP's digital signature I got rid of an extremely annoying impersonator that pestered me in Usenet a few years ago. Thank you for that.
"Trust me - I know what I'm doing."
- Sledge Hammer
Much of the encryption restriction/key-escrow debate has focused on how it will affect society if we restrict or alter the use of strong encryption. I haven't heard much debate on whether it would even be possible to enforce the use of key escrow systems or to prevent people such as terrorsts from using strong encryption.
What are your views on this, and do you think such proposed systems could ever be enforced?
There seems to be a lot of doubt about the "good" uses of strong encryption, e.g. to save lifes, create freedom, right a wrong, etc. Most people seem to adopt a "I have nothing to hide" attitude, seeing encryption as a danger rather than an opportunity. What is your favourite success story in this regard, i.e. a story where strong encryption lead to something "obviously" good (in an "American" sense of the word)?
Signed, Dr. Mabusa
He should write the ditor about this. Given their mis-representation they owe him at least that.
I strongly agree with Phil's idea of publically available "strong crypto". Of course, this means that anyone can have it including terrorists (and other criminals).
The question: Since most of us believe that restricting strong, public crypto is the wrong way for dealing with problems such as terrorists, what would you suggest as an alternative solution for the government to use in the age of technology where crypto has made traditional wiretapping obsolete?
To Phil or anyone who knows:
If the governments make use of strong encryption illegal they need to enforce it by checking users' mail for signs of encryption. I know of some computationally easy tests that allow you to get a pretty good idea if a number is prime(ie Fermat). So my question is: do such tests exist for PGP-encrypted documents?
axiom: A idea is weak if it
1) Applies well to a specialized and often overly simplified set of circomstance.
2) Does not continue to apply well to a more universal consideration.
Proof: Moral relativism is a weak and wrong idea
Good is the set of all actions that enhance other peoples lives.
Evil is the set of all actions that detracts or degrades other peoples lives.
Assume that for the sake of contradiction that Morality is relative, where it is okay to do evil in certain circumstances becuase it is required to degrade peoples lives who do evil to limit their ability to do evil.
This satisfies condition 1 of a weak idea since it shows validity in a subset of circumstance.
This is a contradiction since by definition limiting their ability to do evil enhances other peoples lives by not allowing them to degrade it and therefore is good. This satisfies condition 2 of the weak idea axiom, and shows it to be a wrong idea.[]
note: this is a first draft.
Today in the shower, I was thinking about the original article.
:)
I remembered a quote from Einstein about the development of the bomb: "Had I but known, I would have been a locksmith." So, had he but known and been born 50 years later, maybe he would have been Phil Zimmerman
Become a FSF associate member before the low #s are used
The genie of encryption is out of the bottle and the only thing laws can do is to make criminals of even more of us.
Aha. Now you're getting near it. If the incarceration rate in the USA becomes about 90%, all corporations will have FREE LABOR! Good for the nomenklatura^H^H^H^H^H^H^H^H^H^H^H^Heconomy!
Vintage computer games and RPG books available. Email me if you're interested.
I'm a linux sysadmin and I use PGP to encrypt root passwords when I change them on some Army machines that I remotely admin. The weird thing was that the Army personel (at 6 different sites around the US) didn't know how to even USE PGP when I sent them things. I had to hold their hands over the phone and show them how to decrypt the information.
It seems to me that only people who REQUIRE encryption (terrorists, and your basic bad guys) and highly-technical people (anyone reading this e-mail) even bothers to encrypt their e-mail or their data (not counting commercial SSL in web browsers, since that's automatic). Shouldn't our government FORCE all of their communications to be encrypted and give all military personel training in this sort of thing? I'm sure that the bad guys (whomever they are) are all sitting around a table learning how to encrypt data, but in our country it seems that even the people who SHOULD be encrypting their data don't even know how to.
Just an observation.
You also stated that you could only guarantee that version 7.slightly_lower_version_than_above was free of backdoors - in fact, you sign your open letter with version 7.0.3.
1. How do you reconcile these two, somewhat differing, views?
2. Which version(s) do you regard as "safe".
3. Why don't you run the latest version?
All the relevant versions and statements can be found in stories on
This sig left unintentionally blank.
I keep hearing that the terrorists "might" have used encryption. Is there any evidence that they actually did?
Krispy Cream is people
Encryption is among the least of a great many modern technologies by which those who are determined and intelligent and lucky can do great evil. At a time when our government admits it doesn't have nearly enough people who can even understand the languages those who've committed the most recent evil speak, concern with encryption seems particularly misplaced.
Greater individual power for evil requires greater individual conscience for good as counterbalance. Nuturing individual consciences on a vast scale requires analysis of what defeats individual conscience. The main threat to individual conscience is totalitarian ideology. The main method of totalitarian ideologies is to convince those who surrender their natural judgment to them that they are the straight and narrow path to some sort of heaven or utopia, and that their formulas must be adopted because the individual's own native sense of rightness and beauty is fundamentally flawed and cannot be trusted, so the first-hand knowledge of, for instance, the goodness of the female form should be renounced as delusional, while the evil of suicide bombing should be accepted as on the side of heaven.
The evil manifests in political and religious ideologies which (1) provide specific pseudo-rational formulas to replace individual thought while (2) providing images of some over-the-horizon heaven or worker's paradise to replace vision and the evidence of the eyes in the world.
In general, the tools of individual empowerment correlate with the development of individual conscience. What was shocking in the WTC case was that totalitarian drones were able to use some of those tools without shaking their totalitarian mindset. Despite that, if we limit the tools, we also limit the further advance and development of individual conscience, whose development in the larger picture is our only hope.
Rather, we might consider directly attacking what enables evil on this scale: the promulagation of simplistic formulas for and unreal images of heaven. Fundamentalist religion is the main reservoire of such conscience-obliterating evil, particularly since Communist ideology has lost most of its force, and the Thousand Year Reich been vanquished. Fundamentalism consists entirely of simplistic formulas meant to supplant the individual's own native sensibility, which it views as being corrupt by nature, coupled with patently absurd images of rewards beyond, which make up for the removal of motivation by the real rewards we naturally seek in this world - which are incompatible with atrocity.
Much of religion is quite compatible with conscience - but the problem is people of conscience generally hold to the formula of never criticizing other religions, even those variations whose leaders openly preach suicide bombing, as does, for instance, the highest-ranking Muslim cleric on the Gaza Strip.
Religion is finally a technology of social control, a way of subverting our natural coding. Our natural coding, as response to the WTC tragedy demonstrates, is strongly altrustic. Religion is a virus evolved and designed to override nature, and the more virulent forms can be identified by their explicit rejection and vilification of nature.
It is precisely to oppose the potential of religious totalitarianism - which is not a distant prospect when Falwell is a close friend of Bush - that encrption, among other technologies of individual empowerment, is most needed. And we must suspect that this, not the occassional convenience of encryption to terrorists who in any case can communicate in dialects we can barely translate, is the main motivation of those who'd remove such a tool.
"with their freedom lost all virtue lose" - Milton
In a related story, Gutenberg was "overwhelmed by guilt" when he witnessed recent blatant fabrication of news by manipulative corporate editors. "It caused me to re-evaluate the whole idea....and cry over the heartbreaking tragedy," said the inventor of the surreptitious movable type technology that allowed the evil men to further their aims. "I was sent hate mail
Like the "war" on drugs? I don't see that as a battle that can even be won. (See prohibition)
Enigma
Why isn't the informed crowd playing up the fact that encrytion is key to computer security? That is, putting it into words that Congressional-types can understand and fear. "Such and such incident where that hacker (technically cracker, but they fear the word hacker.) stole a zillion credit card numbers from SomewhereImportant.com could have been prevented if they ONLY used encryption." "That break in where those hacker defaced SuchAndSuch.gov wouldn't have happened if they ONLY used encryption." ...maybe even something is absurd as "That email virus could have been prevented if they ONLY used encryption."
-Steve
-- Making computers see, hear, and think... http://www.componica.com/
Frankly, in my not-so-humble opinion, they used you to further a statist agenda. By lying about your commitment to liberty in the face of a terrorist act, they clearly are trying to convince their readers that everyone, even (Phil Zimmerman!) now wants big brother to protect us from the terrorists.
What they did to you was nothing short of sleazy, and to a person who believes in liberty, it rather smacks of treason.
At the very least, they owe you a front-page retraction. At the most, about eight figures in punitive damages. The first amendment does not confer a right to slander.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
How do you feel about NAI not releasing anything but the crypto code, as opposed to the whole shebang like when you were in charge? Do you have anything comforting to say to us who look back through a nostalgic fog at the days when you personally signed every binary copy and assured your users that every relase was backdoor-free, or is it time to revive the age-old myth about the gaping hole that allows the NSA or whoever it is to read everything you try to keep them from gleaning at?
"If you think education is expensive, try ignorance" - Derek Bok
If they did it right, we'll never know.
- Michael T. Babcock (Yes, I blog)
The problem is that with currently available systems only the intended recipient can open the envelope. Of course, that's also the main selling point. What we need is a mechanism whereby no third party can open the envelope without a court order. Unfortunately, backdoors and key escrow don't work. There is nothing to prevent unauthorized use of that back door, including use by the cops without a warrant. Key escrow is the equivalent of requiring everyone to leave a copy of their housekey at the local Police Station. We don't need that in the physical world because, with a court order, the cops don't need your key. Email changes everything. They can't open your encrypted email without a key -- your key, and even with a search warrant they can't compel you to reveal it (there's that sticky Bill of Rights thing again).
So if anyone reading this wants to make a ton of money, design an email envelope such that the only way for the government to open it is with a court order. Of course, you'd better make that ton of money fast, because someone will figure out a way around it faster than you can say "Osama bin Laden."
If all this should have a reason, we would be the last to know.
As a journalist, I've seen editors similarly change my copy to create an incorrect inference. When I worked as an editor, I saw fellow editors make similar shoddy errors. It might be laziness. It might be too many distractions. But the common thread is always that someone is doing something without thinking about its implications.
For those of you who work as programmers, think of it as someone butchering your code by adding a "fix" that creates a bug. It springs from the same source: inattention to details.
Considering the political implications here, however, this is almost as egregious as blindly adding a bug to a nuclear power plant's software that brings on a meltdown.
- Chris
my dad is a brick mason. last week i went to work with him since i am having a problem finding a job. on the way home, we were listening to npr and talking about the news. when encryption came up, my dad didn't have any idea what this encryption thing was and the lady from the eff that was interviewed didn't help to explain it since she was spouting off jargon left and right.
i used the analagy of a house, since that is what he deals with every day. everyone has locks on their doors. i told him to imagine a house where the only way you could break in was by trying different keys on the lock until one worked. the rest of the building was solid and unbreakable. i told him to suppose that if you were just trying random keys one after another on this house, it would take 10,000 years. (worse than some weak crypto, but 10k was big enough).
i told him to suppose that the government was asking for a copy of your key and a copy of everyone else's key. the government promised they would guard the keys and only use them lawfully. we all know that at a convenient time, the lines of "lawful" would be blurred. and we also know that the place where these keys are kept would be a prime target for terrorist groups and organized crime.
he said, "well, who would fall for that? i wouldn't give them my key?"
Do we need to come up with new analogies to explain the civil and privacy rights justification for encryption to politicians and the lay public?
In the past we've used envelopes and locks, but I think these fall short because the reason for encryption is to create a time delay to access sufficient to dissuade the smart and lazy opponent AND allow detection of the stupid but industrious ones.
In the wake of 9-11-2001, how, specifically, would you make the case that strong, unregulated encryption is a net gain for society? For example, is it possible to balance deaths caused by PGP-using terrorists, against, for example, millions of investors performing financial transactions without fear of governmental snooping? My sense is that lots of Americans favor privacy as an ideal, but see it as just that- an ideal that can and should be given up if it hinders addressing the new reality of terrorist threats. I'm not saying I buy this argument, but how do we make the case in concrete terms (e.g. lived saved, cost to consumers and taxpayers) to our legislators, employers, and ultimately ourselves that strong encryption is a net societal good? What we you say to people that ask whether more deaths are worth it?
#!
I don't think it's Phil Zimmerman's personal responsibility to address a very large problem that's not easily solved. Phil has already done more than most individuals ever do to promote freedom and liberty on a global scale. So rather ask the question "What, if anything, can be done to bridge this gap?"
True, but three out of the four you quoted share one trait: they're heavily regulated and access-controlled, precisely because of the damage they're capable of doing. Any force multiplier in the domain of potentially lethal tools should be equally regulated. The hammer, bottle, door etc. that you go on listing later on, don't significantly magnify the killing power of a single individual. But a gun--especially an automatic weapon--can give one individual the killing power of many more. I'm not anti-gun, but I'm for gun regulation, access control, and accountability.
I wonder why the Washington Post felt this point was worth tarnishing their image over? It appearantly wasn't a simple mistake. That's not the kind of error that can be made with a typo. Were they bought out in the last decade or so?
I know the local San Francisco papers have been bought out. The quality of new has gone a long way downhill, and it's become much more biased, and less locally relevant, in nearly all of the local papers. This puts a few people in the position to shape the news for much of the nation.
OTOH, it was pretty bad before. If one was at the site of a news event, and checked it against the coverage, the match was usually quite bad. So I guess that the real difference is that there is less that is checkable.
What do you call a story that doesn't touch checkable reality very often, and when it does touch, the check fails? I prefer to call it fiction rather than calling it news, but some might call it propaganda.
I think we've pushed this "anyone can grow up to be president" thing too far.
As far as firearms deaths, there is no 'large number of accidental deaths' that occur each year. The accidental firearms death rate in the USA decreases every year, between 1960 and 1990 the accidental death rate from firearms fell almost 150%. In 1998, we had 866 'accidental' firearms deaths, this number is considered to be artificially inflated by mis-classified suicides.
Also, 'if all legal owners of guns are registered', then within a decade or so, those same registration lists will be used to implement bans and confiscation.
Sounds like unrealistic paranoia?
Consider this: Every single US city or state that has firearms registration laws has, within two decades, used those same laws to implement a 'freeze' on ownership, bans on types of weapons, or outright confiscation. Every single time.
Do we expect anything different from crypto registration?
I do not deploy Linux. Ever.
Not only did Catholics support the Crusades, they enthusiastically supported them. That outbreak of mental illness lasted from 1095 A.D. to 1291; it was not an isolated circumstance. During that time Europeans traveled to Arab lands to kill them. At that time almost all Christians were Catholic.
Many people don't understand the significance of the Crusades, which happened a long time ago. The significance is that the moral teaching of the Christians did not prevent them from designing and participating in a killing rampage.
The Crusades were not the only Christian killing rampage. The Spanish Inquisition was another outbreak of craziness.
The moral teachings of the Christians have not changed significantly since the Crusades. Arabs ask themselves, "What would prevent Christians from being part of another killing rampage?" That's why the crusades have significance in modern thinking. It is easy to understand that when President Bush talked about a crusade in a speech to the entire nation of the U.S., while at the same time declaring "war", Arabs became anxious.
It is remarkable how quickly the discussion of terrorism became off-topic. People are blaming PGP!!! Do you have a right to speak to your wife in private, with no interference or listening from the government? If you do have this right, then you have a right to use PGP. Your wife may be in another country, and PGP is a way of being sure you speak only to her. If you don't have this right, then the government can legally force its way into anything you say to your wife.
The primary reason for the violence seems to be corruption in secret agencies of the U.S. government like the CIA. For example, the CIA trained Osama bin Laden. If there is more trouble, the CIA receives more funding. So the CIA, at least unconsciously, wants more trouble.
Israel receives an astounding $905 per year from the U.S. government for every man, woman and child who lives there. A large part of that money is spent on weapons bought from the United States. Senators in the U.S. who represent the states with weapons manufacturers have lobbied to continue giving money to Israel. The U.S. weapons manufacturers also sell weapons to the Arabs.
I've tried to pull together information about these issues: What should be the Response to Violence? .
The U.S. has bombed 14 countries in the last 30 years, killing about 3,000,000 people. Yet Phil Zimmermann gets hassled for causing problems!!! Duh!
Bush's education improvements were
As any computer security expert knows, security is always balanced by convenience. A perfectly secure computer is inconvenient to the point of unusability. This truth applies to most things in life. The more secure the airport, the less convenient it is to travel.
What are your opinions on balancing the ultra-high security available with PGP, with the convenience of using it? Should secret keys be kept on a floppy (or USB memory stick), or is the home directory "safe" enough? How strict should we be in assigning trust to others? I'm interested in your opinions for both users at home and at work.
A Government Is a Body of People, Usually Notably Ungoverned
[That would be the "Phil's Pretty Good Software" hat.]
Questions:
Do you see any reasonable chances for success for a truly free and open system of certification authorities that would enable large numbers of people to exchange ideas and money in a way they would trust and yet simultaneously permit them privacy and anonymity?
What is your opinion of Hailstorm?
"Provided by the management for your protection."
Part of freedom involves testing your rights to freedom against the rights of others. I have the freedom to kill other people, but society has the freedom to condemn me because of this. Your right to perform something is tempered by the rights of others.
How do you justify this in the light of cryptography? Clearly the freedom of a few, in using one of your programs, may have endangered the rights of thousands of others. At what point should the balance tilt the other way?
Mr. Zimmerman, there has been a lot of debate about restricting PGP, but do you believe that it is even possible anymore? I mean, the code is already widely circulated on the Internet, in both binarie files and source code, so couldn't people who have been using it simply continue to use the same versions or find it online somewhere? Plus, if data is perfectly encrypted, would the government even be able to distinguish it from random data? These possibilities make me question who new laws against encryption will actually stop, as they would be useless if law abiding citizens followed new laws but terrorists had the means to disobey them.
"I have not failed. I've simply found 10,000 ways that won't work." --Thomas Edison
We have not gained eight hour work days... by the grace of our employers or of the government.
I agree with the general sentiment of your post, but I don't really see how this is related. The 8 hour work day came about as a result of rising living standards and rising wages, which in turn was the result of the market process in action. While unions like to take credit for it, it's not like we'd all be working 12 hour days had the unions not stepped in. The reason is simple-- if one employer tried to make its employees work 12-hour days, other employees would quickly lure away their best people with offers of a shorter work day. Unions simply made a big deal out of it and then took credit for it. The "bitter struggle" of the union movement was largely wasted effort-- wages would have risen and working hours would have shortened with our without union activism.
Not to start a flame-war, but can we stick the subject at hand? Crypto controls are bad-- no argument there. But I don't see how that necessarily implies anything about labor relations or workplace rules.
Well, yes, but you have to open the envelope using brute force. The same is possible with PGP protected messages. It's not my fault if the goverment doesn't have enough force :-)
Sig (appended to the end of comments I post, 54 chars)
First off, hats off to a career that has been inspiring to us all. I know that I, for one, cried for joy on the day that cryptographic export was opened up.
Now, the question:
It is hard for the public to hear the message "crypto backdoors are bad" without associating it with an anarchist anti-gov't message.
First off, do you believe it is possible for the gov't to implement a crypto backdoor without "Bad Guys" getting into the backdoor and thereby compromising security?
Secondly, do you have any positive examples or anecdotes of why strong crypto is good for gov't, or at least not detrimental?
Thanks, and once again congrats.
I am disrespectful to dirt! Can you see that I am serious?!
I haven't figured out how to explain that in 120 characters, including tags and URL. I'd forget about the whole thing except I think this picture is the single most interesting item in all the news coverage. None of the experts holding forth on "Why they hate us!" has said anything that begins to describe the love/hate mentality in this photo.
So, if you'd like to thoroughly argue anti-americanism into the ground, please proceed to do so, but kindly use reasonable arguments, in context, with citations.
I'm reading the responses to my post and wondering if "Any arguments you make about either being good, bad, or anything in between, is dogshit." deserves a rebuttal and you're complaining about the absence of citations in my sig!?!
We can talk all we like about how useful encryption is as a tool for terrorism.
The reality dose not seem to match this fact.
Techno terrorism is more likely to come in the form of cracking leading to website defacement. Such terrorism has been done under the lable "Hactivism"... Thow I'd much prefer Hactivism to a bombing anyday.
Or in the form of blackmail.. Reading other peoples e-mail is amazingly simple. From this you can derive all kind of things. Personal habbits, who's replaced a crazed cyber stalking ex, or any blackmail useful information.
The reality is terrorists only use the Internet for recruting. They don't do any real terrorist work on-line.
PGP is useless for modern day terrorism...
I don't actually exist.
First, even if your proof shows that moral relativism is a weak idea, your final clause is the first place where you even mention 'wrong,'
Not sure what you mean here. Care to help out a little more? I do think I need to alter the axiom's second clause to state that it is "wrong" when applied more universaly. Not in an inductive way mind you where it would be false if it didn't actually work on all in the domain. It would be weak if the requisites to show a workable range->domain relationship were a 'stretch'. I simply don't know how to describe that in a way to withstand mathematical rigor. Its a kind of functional requirement calculus that I simply have no idea how to express. In fact it probably doesn't exist since mathematical expression has no room for such manipulation while in any particularly defined algebra or laws.
Second, your two 'givens'...presuppose your conclusion.
Heh, I was addressing this fact before Slashdot ate my post (honest!) The two givens, have a strength and weakness in that they apply an absolute condition to a very complex action. The strength is that something can be considered good, absolutely even if it isn't absolutely good.
Some might argue that very point is its weakness, but I don't. For example you ask what scale I would measure it out with. On the other hand if there was a scale then it wouldn't be absolute anymore would it? In that way it does presuppose the conclusion, or means there is a more simple way to express it.
The weakness is that the absolution is impracticle in a deterministic sence, as the state of too many peoples lives are involved. (You also pointed this out.) If there was one effect to actions it would be possible, but their are many effects to an action.
In that way I suppose you imply a scale act as the judge, where I would start introducing ways to root out the effects by applying razors like "was this result intended?" or "was this reasonably expected?" etc...
In which case its the heart of the person acting that is more in focus rather than the act itself. With a few more razors along the lines of "was this a detriment to anothers life that didn't accept the sacrifice?" and "is the detriment critical or permanent to requiring more that they can apply to overcome it?" we could come up with a more absolute range of effects to judge the action with.
Again, that involves the manipulations that are not "mathematical".
However the idea is workable, and I think the proof stands on merits other than mathematics. Definately if an absolute criteria is reached, then being relativistic would be by definition weak.
In any case it was a fun armchair excersize that is helping me explore the matter in greater depth. I hope it is for you also.
I think this whole thread is basically a disagreement over how "absolute" is being applied. Reality Master seems to be using the term "absolute" to refer to right and wrong within the current set of western morals. From this point of view, slavery is absolutely wrong. There are no exceptions within modern American morality that allow slavery. So, within this realm, the morals are absolute.
The other side of the argument is using the term "absolute" when comparing different sets of cultural morals. It's clear that slavery was not an absolute wrong at previous times in American history. Hence, this moral "law" is not absolute because at times it has been true, and at times it has been false. It is this truism which leads to moral relativism.
So whose right? I guess everyone. It's all a matter of context. I don't think anyone here disagrees that a given system of morality can have "absolute" rights and wrongs within it. I also don't think anyone will disagree that different systems of morality often have different and incompatable "absolute" rights and wrongs. It's this last truth which is all that moral relativism is really about.
There is a lot of talk about technology and religion...
Shouldn't we all be mailing the washington post to request a retraction if we feel this strongly about the issues?
I mailed them and I clicked on the link so they'd know I knew they were publishing inaccurate information...
The research that created the nuclear bomb will one day produce a safe, cheap, earth-friendly source of abundant energy. Once this occurs, not only will we have vast amounts of energy without destroying our environment, but oil will become useless and we (U.S.) will have less reason to meddle in the Middle East.
True, many lives have been lost in truly sad ways, but the bomb didn't get up on its own and jump out of a plane over Nagasaki. It took an American president to make the decision that it was okay to kill thousands of civilians to achieve our political goals. That, by the way, was the *same* conclusion the terrorists came to.
Encryption technology has enabled many benefits. Besides, it's really just a more advanced form of whispering. If you're going to blame cryptologists for the actions of terrorists, then you need to blame airplane manufactures, oil companies, flight attendants, travel agencies, car rental agencies, airport security personnel, et al.
If you *really* feel a strong need to blame someone for what happened last week, you can pretty safely point your finger at the U.S. State Department. It's been discussed here ad nauseum, but to sum up the majority of the population in the Middle East hates America *not* because we have more freedom but because our government takes action that directly impacts their access to freedom.
If you ban encryption thinking it will keep you safe, they'll turn to other methods. If you outlaw box cutters, they'll smuggle on letter openers. The only real solution is to find the root cause of the problem and solve that. Until then you're merely patching holes in the hopes that the dam won't burst.
Freedom to fear. Freedom from thought. Freedom to kill.
I guess the War on Terror really is about freedom!
I dunno man, that's not so good. Most key escrow schemes allow for the key to split among several agencies (and if they don't, you can use secret-sharing techniques to do it), which would mean that the information would be worthless unless the terrorists or organized criminals compromised *all* of the key stores. Sounds unlikely.
A better argument is that it just doesn't work; it is easy to use standard encryption on top of the escrow scheme, and the government won't be able to read your communication. The best solution I know of is to make sure that most people don't actually use encryption, which, well.. that's how it is now, isn't it?
The Washington post needs to be hit with a wet herring a few times. Then their reporter needs to be sent back to school.
Not ONLY did she misrepresent him but her whoel poitnis rediculous. It only takes the NSA slightly longer to crack a message encoded with PGP then a message econded with ROT13. Thats why its called "Pretty Good Privacy." It will stand up to casual cracking attempts but not serious professionals with serious equiptment.
How can she walk into an inertveiw knowning that LITTLE about her subject matter? Sheesh.
Journalism is dead, so it goes.
Yes, it is unbreakable, as long as your pad is truly random.
By the way, I commend you for quitting NAI when they started closing source and talking about putting back doors in PGP. It can't have been an easy decision. Thanks for standing up to corporate as well as government attacks on freedom for so many years.
hmmm... so "good" people do nothing but help fellow people, and "evil" people do nothing but "prey" upon them (no definition of what you mean by prey)...
apart from being incredibly busy, these people have no grey areas...
for a shade of grey... if "good" people do nothing but help others, could it be possible that they reduce the ability of people to be self sufficient? are those helpers now evil? or still good?
an extreme grey... if the evolution of humanity controls it's survival, and helpers assist weaker elements in surviving... and then on the flipside if those who prey eliminate the weaker elements, and thereby increasing the strength of humanity... who is good and who is evil?
forget good and evil... all humans want the same two things in life...
-
Increase happiness
-
Avoid suffering
sometimes we just can't see how and why... or see the other person's point of view... or we just don't care...While it is indeed true that private individuals can now kill 6,000 people at a stroke, which was the preserve of government beforehand, I someohow have a problem regarding this as progress.
-- the most controversial site on the Web
As to the "he doesn't regret PGP, he must be evil!" arguments, I don't think he has any more reason to regret PGP than Boeing has to regret the 767 -- and civil design boeing airframes (like the 767) have been sold for (sometimes very deadly) Military uses.
BTW: Even though the change is apparently small (the addition of a single sentence), This makes it no less agregious. I remember one time whan changing a single word got me into deep trouble. I was transcribing articles for a minority newspaper. One article, in question, was by a pro-comunist writer, who was writing about the events surrounding the US invasion of Grenada. In the article, he was talking about the group that ended up overthroing Maurice Bishow -- which overthrow led directly to the US invasion.
In one paragraph of his article, he described the group as "a study group". Unfortunately, he failed to cross the 't' in study, and when I came to read the article, the only word that I could come up with was "shady". This seemed rather inconsistent with the general tone of the article, and my knowledge of his position (we'd had a few brisk discussions about political issues), but after a second opinion, and unsucessful attempts to reach him, I wrote what I read. When he got a copy of the paper, he would have lynched me if he could have. That one word -- two letters, really, had a big shift on the general feel of the article.
A more extreme case of minor changes making a big difference, was a case where Napoleon was about to release 1000 prisoners of war.. When his aide came to him for instructions, Napoleon, in the middle of a coughing fit, didn't hear the query and muttered to himself: "Ah, Ma Sacre Toux" (my damned cough). His aide heard "Massacrez Tous" (murder them all), and carried out the grizly (if erroneous) order.
Free Software: Like love, it grows best when given away.
Big,
Thanks for the thanks.
Bush's education improvements were
But, using crypto is a clear indication that you have something to hide. That, in oppressive regime, could be enough to put yourself in trouble (they don't have to proof anything, suspect is enough).
Steganography(sp?) (toghethere with crypto) may be a better tool in such cases.
Cripto alone is useful in _democratic_ regimes, e.g. to protect your business agains corrupted government 'surveillance' officials that could sell your secrets to competition. Or agains being tagged as 'communist' or 'gay' or 'lover of pink fluffy things' in some government database, and thus being illegally discriminated on your job.
And not only the government: without crypto, anyone with enough means could know everithyng you do on-line.
Ciao
----
FB
In the case of terrorists, they are twisted by lack of proper education, and being indoctrinated in schools that interpret Islam in such a way that killing people seems like a good idea. They end up in these schools because they get fed there, and wouldn't eat otherwise, most of the time. (this was very well reported in an article by Ian Goldstein in the globe and mail, IIRC.)
That explanation might apply to Palestinian bombmen or Afghan mujahedins, but, if the media are right, Al-Qaeda men are of a different kind. The planes suspects and the fake journalists that bombed Massoud were educated, some with degrees, others students, they didn't live poorly unless as a disguise, they traveled and lived in Occident, they talked several languages yet they spent all that in one act of suicide.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
The Dark Ages in Europe are testimony to that. >10,000 years of nearly constant and rigidly imposed religious orthodoxy.
Might want to dust of those history books...
ReadThe ReflectionEngine, a cyberpunk style n
"As I said, it's tremendously naive to think that our current working conditions are a result of kind bosses and the benevolence of the free market."
Did you even *read* my comment? I didn't say that it was due to kind bosses. I said it was due to the competition between the bosses. I see no evidence in the documents you showed me that this wasn't the case. Yes, in the short term a strike can raise wages moderately above the market level. But if those workers in 1912 had demanded modern working conditions and pay, they would have simply been fired. In the long run, economic growth and the accululation of capital are the primary drivers of improved conditions and better pay, not unions. All the unions in the nation could be disbanded tomorrow and conditions would remain far better than they were 100 years ago. Employers maintain good conditions because they don't want to lose their best workers to the competition, not out of the goodness of their hearts.