Slashdot Mirror
Interim Response from Philip Zimmermann
Overreaction to Washington Post ArticleIt seems that my recent clarification of how I was represented in the 21 September Washington Post article has itself created a deluge of harsh criticism of the Washington Post and the reporter who wrote the article.
People seem to be assuming the Washington Post is part of some grand conspiracy to restrict the availability of strong cryptography. I would like to say that this is an overreaction and a misinterpretation on the part of these critics.
I believe this was an honest misunderstanding by the people at the Post, and I never meant to imply in my previous clarification that this was done on purpose or with any malicious intent. On the contrary, I believe the Post worked hard to be fair in the story and had the best of intentions when they ran it.
Further, I'd like to say that all the individual facts and quotes were reported correctly. But the Post connected the dots in a slightly different way to conclude that I was feeling guilty even though I was simply feeling grief and anger just like everyone else since the attacks occurred. Overall, I thought the article was fine except for that one line that says I was "overwhelmed with guilt."
My purpose for sending out my original clarification was not to criticize the Post but to assure everyone that I am still standing firm on my convictions that PGP and other strong encryption products should be available to the public, with no back doors.
Through the years of coverage the Post has given the issue of cryptography restrictions, I have never detected any bias at the Post to promote restrictions on crypto. In fact, if they have any bias at all, it seems to be in the other direction. They helped me when I needed to keep the Justice Department at bay in 1995. We will need them again in the coming weeks as we in the crypto community attempt to keep the freedoms we have, as legislators try to impose new restrictions on strong crypto.
I find this jihad of criticism of the Post to be inappropriate. I can easily tell from talking with the reporter that her intentions were good. It is grossly unfair to punish her with all this hate mail. It's embarrassing to me and damaging to her. If anyone in the world of journalism wants any further clarification from me on that reporter's competence or journalistic integrity, feel free to call me directly and I will explain it to you in more detail.
I am in London at a data security conference, without as much Internet access as I have at home, so I cannot keep writing about this matter for much longer. I hope this letter is enough to put this matter to rest.
Sincerely,
Philip Zimmermann-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3iQA/AwUBO7ILqcdGNjmy13leEQLryACfffYuStFXNTC0aWnJStMEAWsbQSgAn0ID d2bqoxnEbABk+1V/edlzC84A =uBHG
-----END PGP SIGNATURE-----
i think the whole idea of purposly misinterpeting the interview had to do with the line that went something along this -> "I asked her to repeat the interview back to me and i told her that i was not feeling guilty for making PGP ect., but when it got to print, the editors decided to change it around ...". If that's not purposly changing his words around, i dunno what is.
I am very glad to read a sane reaction to something which could easily have become a huge anti- WPost flame. Now let's hope that this influences all the other people who are discussing encryption at the moment (read government), to get a somewhat more sensible discussion about privacy and encryption instead of a fear-driven hype against terrorism.
I intend to live forever, so far so good.
It's good to see that many people have a sound head on their shoulders and are not engaging in over-reaching knee-jerk reactions.
Find the time to write your congresscritter, but do it when you are not emotional. Tell them that security research is not cracking, that cracking is not terrorism (if you don't take the time to properly secure your systems, you need to take some liability!), tell them that crypto is free speech, it is the ability of people to have a private conversation! A conversation without big ears, between a limited group of people. Then let the letter sit overnight and read it in fresh light.
If you really want them to listen, take the time to print out your letter, after you have sent it online, address some envelopes and send them hard copy!
If you really wan to stir some feathers, then remind them of the declaration of independence - "But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security"
Chris
-- I need more coffee. It's Monday. There is no such thing as enough coffee on a Monday.
I am an avid PGP user under three diffrent Operating Systems. To me there is no better product on the market. I have used it both for personal use and for professional use. I personally can see where a group of people could easily use this product for malitious intent. However, it has saved me quite a bit of heartache as a system administrator in the past and strong encryption in general has made the life of the security minded professional a little bit easier to deal with. I will stand behind not only PGP, but every kind of strong encription that is available on the open market and consider it to be a serious invasion of my privacy to not be able to use it.
I have read the article in the post and agree that it is a well written article with the exception of how Phil feels. Rather the reported was doing it intentionally or not is up for grabs but because of Phil's integrity, I am willing to accept that this was probably just as he has said, the editor changed a few things before it hit the presses. No that is not fair and if he did not say it then there should be a retraction. But I have worked with reporters who have screwed up and retractions are not as easy to get as the story itself.
Phil, keep up the fight and dont give up on your morals. I couldnt agree more that strong encryption is a right of every person on this earth. I couldnt agree more that it will be used for ill-intent. But it does so much more good than bad.
Carl G. Jung
--
"With one breath, with one flow, You will know Synchronicity" -La Policia
Another illustration of mob mentality - reaction without thinking.
If people continue to react impulsively with arguments based on second, third (nth) hand information - what sort of precedence for electronic communication, are we the technologically minded setting?
We are always told as children to listen to both sides of the argument before reacting - hmmm look where we have arrived in adulthood react to someone else's comment about an argument.
Like the saying goes "Never underestimate the stupidity of people in large numbers"
"Things that you own end up owning you" - Tyler Durden (via Diogenes of Sinope).
Our government is about to embark on the largest and longest lasting witchhunt known to mankind. this will make McCarthyism look like a christmas party. Zimmerman has nothing to fear at the moment but there is no reason to expect sanity from the government in the future. /do something/. That does not give me the warm and fuzzies.
Our current government seems ignorant of the issues, unconcerned with Constitutional conflicts, angry, have a burning desire to
Although, given that we usually don't read articles before going totally non-linear, it's probably unrealistic to expect people to read the howto.
Best Slashdot Co
But...
The Washington Post DOES deserve critism. Phil is very polite to assure that there were good intentions and that facts were presented properly. Unfortunately, good intentions aren't always enough and the facts reported were not entirely correct.
The issue at hand is the reported guilt that Phil felt. By his own account, he had gone to great lengths to ensure that mistake was not made. And yet the mistake was made and Phil's apparent guilt was reported as fact. Why? Because someone at The Post drew their own incorrect conclusion.
I'm all for reporters putting elements togeather to ferret out the truth of a story. Its part of what makes a good investigative reporter. However, in this case someone put 2 and 2 togeather, got 5... and went ahead with it without any fact checking. Surely Phil wouldn't have been THAT hard to contact for a followup (be it in person, voice, or email).
The Washington Post is a professional, world-class organization. Their reporters are professionals with a great deal of power to direct the attention and impressions of issues held by average citizens. Some of which happen to be in our law enforcement agencies, Congress, and other positions of power and policy. Because of this, the Post and its reporters should be held to a high standard.
The Washington Post failed to meet this standard. They should feel ashamed and are entirely worthy of harsh critism.
Even if they're not deserving of hate mail.
After all of this explosion about crypto and backdoors and limiting the civil liberties of Americans and anyone else we can cause trouble for, it is somewhat ironic (and more than a little tragic) to find that a tremendous amount of information has been gathered through understanding relationships and actions of the perpetrators. This according to the butthead press corps in the US.
This has been pointed out elsewhere, possibly by a congressperson even, but what would our law enforcement agencies do with the tremendous amount of information they are asking to have access to, when they can't properly connect the dots that they already have in plain text right in front of them?
When something like 20 foreign nationals from the same general region of the world get truck driver licenses and apply for hazardous materials hauling permits all within a couple of months of each other, somebody in some FBI office somewhere should ask some questions. There was nothing encrypted in that transaction, and they are only now putting that together.
Besides all of this, bin Laden doesn't even use technology to communicate anymore, having resorted to no-tech messangers to avoid CIA/NSA listening posts. At least that's what our news media is telling us...
Although I completely agree with the the "free speech" approach to justifying crypto, I fear that at a time like this, it isn't convincing enough to many people ("So what about some crumbly paper that's 200+ years old - People are dying NOW!"). If that's all that's stopping a clampdown on crypto, you can kiss it goodbye. And worst case, once the "free speech" argument has had holes poked in it, there's no telling where else that precedent will be used.
A better approach, it seems to me, is to point out the mind-boggling arrogance of the assumption that strong crypto can ONLY originate in the USA. Sure, we're clever, but it's not like there aren't any clever people anywhere else in the world! Outlawing crypto HERE will NOT prevent the bad guys from using it THERE!
"That's the BEST time to interview someone, sure the answers you get might not make sense sometimes, but it really shows how a person feels, which is the point of the interview! And plus, you'd think someone with the smarts of Zimmerman would be able to articulate himself in any situation! Is he scared of what might happen to him if he says what he really thinks?? Labeled as a terrorist?"
I can see that your many years as a professional journalist qualifies you to make this statement, but I digress even before I begin. About the quickest way I can think of to announce to the world that you have absolutely no idea what you are talking about is to even suggest that Phil Zimmerman is afraid to stand up for his convictions in the face of any adversity. Apparently you didn't read anything he ever wrote, including both Slashdot articles, as he came right out in both cases and stated emphatically that he supports public crypto and will continue to do so regardless of what anyone thinks. He realizes that people who want to outlaw it seak to outlaw the first and fourth amendments of the constitution of the United States of America. For now, I will assume you just completely misunderstood everything he ever said, because I would hate to think that you posted without even reading the links. We all no Slashdot readers never do that 8^}
Cheers!
Zero__Kelvin
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
What’s the point of posting the PGP signature if you don't also post the text exactly as signed, including the “begin signed” and “end signed” delimiters. The signature is unverifiable without the precise text that was signed.
No point. Except to look cool.
--
“Doh!”
Terrorists are not going to use encryption with backdoors when non-backdoor encryption is already available. The only people that are going to use it are the law abiding people, the same people who are not going to be terrorists.
And besides, all of Osama's communications weren't through high-tech means but also low-tech. When the someone figures out how to trace one of Osamas high tech communications, he will just switch to a low tech form.
Outdoor digital photography, mostly in New Engl
This is not redundant. It is frighteningly close to the truth. Dubya is gun happy. And now he needs absolutely no excuse to continue his fathers idiotic star wars programme. He can shoot planes out of the sky and claim that they were being hijacked. He can arrest anyone and claim they were terrorists. He can read your email, have you followed, have you shot, on the suspicion of terrorism. And how do you define terrorism now? Anyone who speaks out against America.
The name of 'Osama Bin Laden' (is that even a real person?) is being used a propoganda target, just as Milosovic before him, Hussein, Gaddafi, and on and on....
Dubya never actually started a war with China (despite how much he wanted to), because they have nukes now. But now he's found a new target. A small country without a UN recognised government. A country with thousands of innocent civilians who will be killed when the US sends in their bombs. A country with a volunteer army and no major weaponry. And no hope of defence from the slaughter that America will bring. It will be another Vietnam, except the US will be even more ruthless, killing innocents from afar with laser-guided weaponry.
Think about this for a moment. Number of people killed on September 11th : 6000+
Number of people killed by the US in Iran, Iraq, Cuba, Serbia, Bosnia, Vietnam : Millions.
America is the new Ingsoc. Dubya is Big Brother. Afghanistan is the Enemy. Osama Bin Laden is Emanuel Goldstein.
War is Peace
Freedom is Slavery
Ignorance is Strength
"I think he was truly surprised at how little I cared about how big a market the Mac had" - Linus on Jobs
For better or worse, Mr. Zimmermann's comments were in American English, where jihad has come to imply a struggle with more fanatical implications. Our dictionaries are based on common usage and common misusage...
Entry number 2 from its definition at dictionary.com:
A crusade or struggle: "The war against smoking is turning into a jihad against people who smoke" (Fortune).
I would suggest, though, that PZ use something like enduring squabble in place of that other word.
The article builds up to the end of the first paragraph to the "overwhelming feeling of guilt" part (the sad thing is, that a lot of people won't read any further, jumping to the conclusion, that even a reknown cryptanalyst is now against the use of strong cryptogrtaphy). This 'setting' overshadows the whole article.
Then the rest aof the article slowly comes around to Phils opinion, that strong crypto is still necessary, and that backdoors severely weaken security protocols including them (they just open up more possibilities of attack). The clear reasoning in that part of the article is inconsistent with the first paragraph, someone applying such reasoning is not "overwhelmed" with guilt.
Also anyone who jumped to aforementioned conclusion is in for a rollercoaster ride, when he reads on and is taken through a whole 180 before being let out of the article. So the whole piece isn't consistent in itself, and someone proofreading, let alone writing it should spot that with a little narrative experience.
I still think that the writer somehow let his own opinions on the matter guide his hand, maybe not even consciously. But i really wonder what picture of Phil Zimmerman that reporter must have created in his mind, to come up with someone overwhelmed with guilt and yet reasoning it all away.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
newspapers tend to "correct" reality a bit in order to make their articles sound more "strong".
So, shouldn't media be required to publish a little disclaimer somewhere, "The events in these reports have been dramatized for theatrical purposes." I've long been wary of the media's attemps to blur the line between reality and fantasy, particularly in a democracy, and even more so during a crisis. Sure it makes big bucks for Hollywood to get people to suspend disbelief, but that's not appropriate for an organ that claims to be some journal of record.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Robin, your defense of copy editors and headline writers is eloquent, but way-off IMO.
I have seen, too many times, bias creep its way into copy editing and (ESPECIALLY!) headline
writing decisions. Occasionally (see Slashdot's unfortunate coverage of Wired's "coverage" of the supposed "raid on e-gold" -- which would have been a fine story except that not only did it not happen, both Wired's headline writer and Slashdot's either didn't read the text of their own story or purposely chose to distort that text to make up a better headline) -- the facts be damned. I'm sure that competent copyeditors are always in short supply, but I'd think that even the INcompetent ones might read stories before slapping a headline on 'em and inviting my withering sarcasm.
What I'm disputing here is your "99%" estimate above. I'd say that AT LEAST 5% of mistakes are due to bias (not gonna get into whether there's media bias, or how various media outlets are biased, but we'd probably disagree on that, too). I have seen and informally studied headline & copy-editing errors for DECADES, and over the years the pattern of distortion has been more indicative of agendas than honest accidents in WAY more than 1% of cases. The mistakes AREN'T random (analysts at www.mrc.org and www.fair.org would probably both agree with me on that point, and they disagree on just-about everything).
Again, your eloquence is appreciated (especially by any copy-editors who are reading all this, and I'm sure their job sucks sometimes -- like all jobs can suck!) but your estimate is orders of magnitude off, IMO. Also, if incompetent headline writers really AREN'T anonymous cowards, then there's one over at Wired whose actual name I'd appreciate knowing -- so far all I've got is 'not Declan,' which (even with media-layoffs) doesn't really narrow things down too much, does it?
JMR
(Speaking ONLY for myself!)
Try e-gold - (contact me). I'm NOT e-
The difference is terminology implies that the terrorist's actions were targeted at innocent people, whereas the military actions will be targeted at the terrorists and their sponsors. Since this happens to be the truth (unless you can show some reason to believe that we're planning to attack civilian populations), I fail to see the problem.
/. If the government wants us to respect the law, it should set a better example.
Robin, anyone could think of a lot better ways to cut "feelings of anger and grief" than "overwhelmed by guilt".
I don't think this was a deliberate attempt to slant the story, but it sure looks like an unconscious one. That is, the editor was in a hurry when reading the story, and interpreted it according to his expectations -- as guilt, not grief...
"We had no idea. If we had, we would have stuck to the bicycle trade, and saved countless lives!" declared Orville.
"Oh, get a life!" replied Wilbur, "We never said any of that. Typical yellow journalism."
[ReidNews]
Are there better things for the United States government to be doing than restricting crypto, spending lots of money on planes or anything else they are doing post NY.
A few statistics
A NY death toll figure 5,500 - CNN (maybe not the current one, but close enough)
Firearms deaths for 1997 10,369 - pcvp (again sorry for the old figures, newer ones have probably gone up)
now, twice as bad. why hasn't anything been done? As I see it its far easier to ban handguns than it is to ban crop dusters, put security guards on Aeroplanes, monitor trucks or declare war on a hidden man.
After all, every one of those weapons has a legitimate purpose. What alternative use does a handgun have?
catches up with everyone here in the "Land of the Free"
I wish the Politicos would STOP the GrandStanding and start dealing with REALITY and the ISSUES. Ashcroft is one of the WORST REACTIONARIES. He fully realizes that the extraordinary powers he is requesting WILL NEVER BE REVOKED.
errr....umm...*whooosh* *whoosh* Is this thing on ?
(This was done with the intention of allowing eavesdroping of all comunications in France by the French authorities)
Since then they totally reversed their positions, up to the point of actually promoting the use of Open Source products because they can be checked for the existence of backdoors.
Why?
Or puting things in a different way:
Any nation that adopts a ban on cryptography runs the risk of placing their own companies at a competitive disadvantage to companies in other countries (the US is not the only country doing electronic surveilance) and scaring off foreign companies. Even the mandatory use of back doors in cryptography products has the same risk (eventualy somebody will discover the key that opens the back door, and from there onwards it's the same as if the comunications are unencrypted).
Plus, even if the US adopted laws against the use of cryptograpy or mandating back doors in cryptography products, i doubt very much that the French government would adopt it (specially after having sufered the efects of such a decision in the past). If in such situation the US tried a Trade Embargo against France, it would have to do so against the whole of the EC. You DON'T do a Trade Embargo against the second largest world market (it would be as idiotic as a Trade Embargo against the US)
It appears that after years of defending personal strong encryption and the rights of individuals to privacy, Mr Zimmerman has honed the ability to think through reasoned and balanced responses even under the most difficult of circumstances. My only hope is that governments do not use this terrible event to limit the privacy of individuals and clamp down on the freedoms of our society. We all know that the FBI, CIA, NSA, MI5 and others have always desired stronger snooping laws, ID card and all the other invasive powers. After all is said and done the attacks were a hideous example of mans violence against man - however we must remember that for 50+ years many countries from both east and west, have all invested vast sums to build and maintain stockpiles of nuclear weapons. We should be under no illusions, these are aimed at population centers across the globe and could be used without hesitation and without warning if our governments deem it necessary. Such is human nature.
What does a newspaper do? It sells news papers. And a successful newspaper sells a lot of them. So how would a newpaper sell more? Make them more interesting but making the stories have more conflict in them. If you think the newspaper is just about the news, you are sadly mistaken. They have to do what ever they can to sell newspapers, and if it is make a story seem to have more conflict than it actully has, they do it.
Crypto is also easily opened -- just use a key logger or an old-fashioned hidden camera aimed at the suspect's keyboard.
Of course, this is only practical against a reasonably small group of suspects. An attempt at dragnet fishing expeditions would be too difficult, and the risk of detection would increase more or less linearly with the number of targets.
Thus, any argument in favor of using a technology that lends itself to fishing expeditions (key escrow) rather than one that lends itself to specifically targeted surveillance (key loggers and bugs) raises a red flag that the former is on somebody's agenda.
the vast majority of the value of crypto could *theoretically* be retained with well managed (i.e. privately owned and run, paid for by crypto users) key escrow
One corrupted escrow agent, and an arbitrarily large number of people's communications are compromised.
If you say that your definition of "well managed" excludes that possibility, then you ought to admit that what you're really saying is: "the value of crypto could *theoretically* be retained with perfect key escrow".
Requiring all communication using strong encryption to use key escrow has the flip side of making other forms of encrypted communication illegal.
In general, this cannot be detected without fishing expeditions. In specific cases, see above re key loggers, etc.
/. If the government wants us to respect the law, it should set a better example.
You know what? Calling, writing a letter to, faxing or emailing your representatives really does have an impact. Call them (you can get the number at congress.org), and when the staffer picks up the phone, say, calmly, that you would like to register an opinion, give your info, and thank them.
Yes, it goes onto a whiteboard with a check mark in the appropriate column. But that is how democracy works. Be calm, tell them your issue (one per call is best), and then do it again the next day.
If you did this every time you posted to slashdot it would definitely have an impact.