Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interim Response from Philip Zimmermann

Posted by Roblimo on from the getting-out-of-hand dept.

The little No Regrets about PGP piece from Philip Zimmermann and the associated interview "call for questions" we ran on Sept. 24 seems to have stirred up quite a ruckus. Apparently online crypto has become such a hot button issue that it is impossible to hold a rational conversation on the topic right now. Because of this, instead of answering the interview questions, Philip sent us a brief statement. We'll try to interview him (and other crypto experts) later, after passions die down a bit.

Overreaction to Washington Post Article

It seems that my recent clarification of how I was represented in the 21 September Washington Post article has itself created a deluge of harsh criticism of the Washington Post and the reporter who wrote the article.

People seem to be assuming the Washington Post is part of some grand conspiracy to restrict the availability of strong cryptography. I would like to say that this is an overreaction and a misinterpretation on the part of these critics.

I believe this was an honest misunderstanding by the people at the Post, and I never meant to imply in my previous clarification that this was done on purpose or with any malicious intent. On the contrary, I believe the Post worked hard to be fair in the story and had the best of intentions when they ran it.

Further, I'd like to say that all the individual facts and quotes were reported correctly. But the Post connected the dots in a slightly different way to conclude that I was feeling guilty even though I was simply feeling grief and anger just like everyone else since the attacks occurred. Overall, I thought the article was fine except for that one line that says I was "overwhelmed with guilt."

My purpose for sending out my original clarification was not to criticize the Post but to assure everyone that I am still standing firm on my convictions that PGP and other strong encryption products should be available to the public, with no back doors.

Through the years of coverage the Post has given the issue of cryptography restrictions, I have never detected any bias at the Post to promote restrictions on crypto. In fact, if they have any bias at all, it seems to be in the other direction. They helped me when I needed to keep the Justice Department at bay in 1995. We will need them again in the coming weeks as we in the crypto community attempt to keep the freedoms we have, as legislators try to impose new restrictions on strong crypto.

I find this jihad of criticism of the Post to be inappropriate. I can easily tell from talking with the reporter that her intentions were good. It is grossly unfair to punish her with all this hate mail. It's embarrassing to me and damaging to her. If anyone in the world of journalism wants any further clarification from me on that reporter's competence or journalistic integrity, feel free to call me directly and I will explain it to you in more detail.

I am in London at a data security conference, without as much Internet access as I have at home, so I cannot keep writing about this matter for much longer. I hope this letter is enough to put this matter to rest.

Sincerely,
Philip Zimmermann

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQA/AwUBO7ILqcdGNjmy13leEQLryACfffYuStFXNTC0aWnJStMEAWsbQSgAn0ID d2bqoxnEbABk+1V/edlzC84A =uBHG
-----END PGP SIGNATURE-----

17 of 305 comments (clear)

  1. hmm. by hypergreatthing · · Score: 4, Insightful

    i think the whole idea of purposly misinterpeting the interview had to do with the line that went something along this -> "I asked her to repeat the interview back to me and i told her that i was not feeling guilty for making PGP ect., but when it got to print, the editors decided to change it around ...". If that's not purposly changing his words around, i dunno what is.

    1. Re:hmm. by nlvp · · Score: 5, Insightful
      He also made it very clear that he thought the mistake was due to overwork, and the general tone of his article was not critical to the Washington Post, but rather trying to clear up a misunderstanding.

      Zimmerman comes across as constructive and considered precisely because he spends more time trying to clear up the facts rather than point the finger at everyone in sight, blame the establishment and cry conspiracy at the top of his voice. It's precisely because his contributions to discussions are so considered that he has reached a position where his opinions carry a lot of weight.

      Anyone who was expecting a similarly considered reaction from Slashdot (as a whole, not individuals), was obviously being a little optimistic. Most of the posts seemed to indicate that the most people got out of Zimmerman's letter was that the Washington Post had misrepresented him - they then went on their (somewhat predictable) anti-WP crusade as they perceived one of their heroes to have been slighted.

      Thank goodness the hero himself has the presence of mind to calm things down before they get out of hand. But I doubt the reaction did much to endear the Slashdot crowd to him. At least he knows where to go if he needs to rally some unconsidered fanatical support.

      Disclaimer: I am not making comments directed at any individual post, but at a theme that ran through a number of posts in the other thread, so don't take it personally.

      --
      Salocin.com
    2. Re:hmm. by Roblimo · · Score: 5, Insightful

      The reason for most editorial cuts in newspaper stories is not to give them a "slant" but to make them fit into available space on the page.

      Newspapers lay out pages by putting in the ads first, then filling the remaining white space (called the "news hole") with stories. Often there are more stories the boss editors feel are important than there is space to run all of them full length, so some or all of the stories get trimmed to fit. Decisions on what words to cut out of which stories are not made by a group of cackling [liberal; conservative; Zionist; law enforcement] conspirators in a back room, but by overworked (and usually underpaid) wordsmiths watching the clock tick toward the moment when the presses are scheduled to run. These people do not have the power to decide which stories get covered and which do not. They are the hands-on people responsible for getting the paper put together on time every day; the sergeants of the newspaper business, you might say.

      Deadline pressure combined with the necessity to make the paper fit as much information as possible onto each (expensive) square inch of newsprint is to blame for at least 99% of all perceived newspaper copyediting errors.

      The copyeditor who is making the cuts is also, in most cases, proofreading the stories, checking facts, and writing headlines. It is a brutal job, and out of the hundreds of stories a big newspaper like The Post runs in every edition, chances are approximately 100% that at least a few cuts will be made that are less than perfect.

      A big advantage Internet news purveyors have over print news sources, and over broadcast sources too, who have "X" minutes of time to fill, and that's it, is that it costs effectively nothing to run 5 extra paragraphs of text on the WWW if those paragraphs will add more depth or accuracy to a story.

      Hands-on, daily deadline copyediting is a brutal job carried out not by "anonymous cowards" but by people who do their best to make stories as accurate and readable as possible in too little time, usually on a copy desk that is a few people short not only because of recent media layoffs, but because competent copyeditors are always in short supply. The job takes an immense range of knowledge, powerful research skills, and a willingness to accept attacks for every mistake made while foregoing public credit when everything goes "just right."

      - Robin

  2. Thank you by Chris_Pugrud · · Score: 5, Insightful

    It's good to see that many people have a sound head on their shoulders and are not engaging in over-reaching knee-jerk reactions.

    Find the time to write your congresscritter, but do it when you are not emotional. Tell them that security research is not cracking, that cracking is not terrorism (if you don't take the time to properly secure your systems, you need to take some liability!), tell them that crypto is free speech, it is the ability of people to have a private conversation! A conversation without big ears, between a limited group of people. Then let the letter sit overnight and read it in fresh light.

    If you really want them to listen, take the time to print out your letter, after you have sent it online, address some envelopes and send them hard copy!

    If you really wan to stir some feathers, then remind them of the declaration of independence - "But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security"

    Chris

    --
    -- I need more coffee. It's Monday. There is no such thing as enough coffee on a Monday.
  3. Thank you by Anonymous Coward · · Score: 4, Insightful

    I am an avid PGP user under three diffrent Operating Systems. To me there is no better product on the market. I have used it both for personal use and for professional use. I personally can see where a group of people could easily use this product for malitious intent. However, it has saved me quite a bit of heartache as a system administrator in the past and strong encryption in general has made the life of the security minded professional a little bit easier to deal with. I will stand behind not only PGP, but every kind of strong encription that is available on the open market and consider it to be a serious invasion of my privacy to not be able to use it.

    I have read the article in the post and agree that it is a well written article with the exception of how Phil feels. Rather the reported was doing it intentionally or not is up for grabs but because of Phil's integrity, I am willing to accept that this was probably just as he has said, the editor changed a few things before it hit the presses. No that is not fair and if he did not say it then there should be a retraction. But I have worked with reporters who have screwed up and retractions are not as easy to get as the story itself.

    Phil, keep up the fight and dont give up on your morals. I couldnt agree more that strong encryption is a right of every person on this earth. I couldnt agree more that it will be used for ill-intent. But it does so much more good than bad.

  4. Conundrum by well_jung · · Score: 5, Insightful
    Tis very unfortunate that so many of us are so secluded from the greater society that we help run that we can't stop ourselves from from partaking in venemous "activism". Phil put it nicely when he referred to it as a Jihad. For too many of us, our passions and self-confidence get in the way of being responsible members of a larger community.

    --
    Carl G. Jung
    --
    "With one breath, with one flow, You will know Synchronicity" -La Policia
  5. What we need is by wiredog · · Score: 5, Insightful
    A link to the advocacy howto at the top of the page.

    Although, given that we usually don't read articles before going totally non-linear, it's probably unrealistic to expect people to read the howto.

    --

    Best Slashdot Co
  6. Professional Criticism by _Sprocket_ · · Score: 5, Insightful
    I can only imagine what the Washington Post and their reporter had waiting for them in their collective Inbox. And from what I've seen online (and not just Slashdot), I'm sure Phil is completely correct in saying that it was undeserved. I feel bad that Phil should have to feel ashamed over the incident.


    But...


    The Washington Post DOES deserve critism. Phil is very polite to assure that there were good intentions and that facts were presented properly. Unfortunately, good intentions aren't always enough and the facts reported were not entirely correct.


    The issue at hand is the reported guilt that Phil felt. By his own account, he had gone to great lengths to ensure that mistake was not made. And yet the mistake was made and Phil's apparent guilt was reported as fact. Why? Because someone at The Post drew their own incorrect conclusion.


    I'm all for reporters putting elements togeather to ferret out the truth of a story. Its part of what makes a good investigative reporter. However, in this case someone put 2 and 2 togeather, got 5... and went ahead with it without any fact checking. Surely Phil wouldn't have been THAT hard to contact for a followup (be it in person, voice, or email).


    The Washington Post is a professional, world-class organization. Their reporters are professionals with a great deal of power to direct the attention and impressions of issues held by average citizens. Some of which happen to be in our law enforcement agencies, Congress, and other positions of power and policy. Because of this, the Post and its reporters should be held to a high standard.


    The Washington Post failed to meet this standard. They should feel ashamed and are entirely worthy of harsh critism.


    Even if they're not deserving of hate mail.

  7. FBIrony by philipsblows · · Score: 5, Insightful

    After all of this explosion about crypto and backdoors and limiting the civil liberties of Americans and anyone else we can cause trouble for, it is somewhat ironic (and more than a little tragic) to find that a tremendous amount of information has been gathered through understanding relationships and actions of the perpetrators. This according to the butthead press corps in the US.

    This has been pointed out elsewhere, possibly by a congressperson even, but what would our law enforcement agencies do with the tremendous amount of information they are asking to have access to, when they can't properly connect the dots that they already have in plain text right in front of them?

    When something like 20 foreign nationals from the same general region of the world get truck driver licenses and apply for hazardous materials hauling permits all within a couple of months of each other, somebody in some FBI office somewhere should ask some questions. There was nothing encrypted in that transaction, and they are only now putting that together.

    Besides all of this, bin Laden doesn't even use technology to communicate anymore, having resorted to no-tech messangers to avoid CIA/NSA listening posts. At least that's what our news media is telling us...

  8. A better approach by Anonymous Coward · · Score: 4, Insightful

    Although I completely agree with the the "free speech" approach to justifying crypto, I fear that at a time like this, it isn't convincing enough to many people ("So what about some crumbly paper that's 200+ years old - People are dying NOW!"). If that's all that's stopping a clampdown on crypto, you can kiss it goodbye. And worst case, once the "free speech" argument has had holes poked in it, there's no telling where else that precedent will be used.

    A better approach, it seems to me, is to point out the mind-boggling arrogance of the assumption that strong crypto can ONLY originate in the USA. Sure, we're clever, but it's not like there aren't any clever people anywhere else in the world! Outlawing crypto HERE will NOT prevent the bad guys from using it THERE!

  9. Re:what!!? by Zero__Kelvin · · Score: 4, Insightful


    "That's the BEST time to interview someone, sure the answers you get might not make sense sometimes, but it really shows how a person feels, which is the point of the interview! And plus, you'd think someone with the smarts of Zimmerman would be able to articulate himself in any situation! Is he scared of what might happen to him if he says what he really thinks?? Labeled as a terrorist?"

    I can see that your many years as a professional journalist qualifies you to make this statement, but I digress even before I begin. About the quickest way I can think of to announce to the world that you have absolutely no idea what you are talking about is to even suggest that Phil Zimmerman is afraid to stand up for his convictions in the face of any adversity. Apparently you didn't read anything he ever wrote, including both Slashdot articles, as he came right out in both cases and stated emphatically that he supports public crypto and will continue to do so regardless of what anyone thinks. He realizes that people who want to outlaw it seak to outlaw the first and fourth amendments of the constitution of the United States of America. For now, I will assume you just completely misunderstood everything he ever said, because I would hate to think that you posted without even reading the links. We all no Slashdot readers never do that 8^}

    Cheers!

    Zero__Kelvin

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  10. What's the point of the DS? by Coot · · Score: 5, Insightful

    What’s the point of posting the PGP signature if you don't also post the text exactly as signed, including the “begin signed” and “end signed” delimiters. The signature is unverifiable without the precise text that was signed.

    No point. Except to look cool.

    --

    --
    “Doh!”

  11. Re:Reaction without thinking by Eloquence · · Score: 4, Insightful
    The original article begins with:

    The tears have come in the kitchen, the car and the shower, too. Like many Americans, Phil Zimmermann, a stocky, 47-year-old computer programmer, has been crying every day since last week's terrorist attacks. He has been overwhelmed with feelings of guilt.

    Phil is right that "overwhelmed with feelings of guilt" is the critical passage, however, it becomes even more manipulative because of the context in which it is placed. It suggests that Phil's grief was not caused by the attacks themselves, but by his belief that he was somehow responsible for the death of ~7000 people. What Phil is doing now seems more to me like a "Clarify that I don't regret doing it, while not pissing off the WP" strategy (in order to avoid hurting his business). But the truth is, the WP article was extremely manipulative (whether because of sensationalism or malicious intent is irrelevant), and Slashdot was right in pointing that out.

    Now, I don't know what kind of letters people have written, and I'm sure some of them were immature, but certainly harsh criticism was and remains warranted. The only thing that is worth emphasizing is that Ariana Eunjung Cha, the author of the piece, likely did not have any bad intentions -- it was the WP editors that made the critical change. As a journalist, I have often experienced that articles by me were manipulated in a way to fundamentally change their meaning, or downplay the importance of certain issues, without giving me any notice of it (in one case of an article dealing with child porn hysteria, the whole article was watered down). So the WP deserves much criticism for doing that -- perhaps just a little more focused on the real problem (editors taking liberties to manipulate the essential message of an article) than it likely was.

  12. What I don't understand is.. by MongooseCN · · Score: 4, Insightful

    Terrorists are not going to use encryption with backdoors when non-backdoor encryption is already available. The only people that are going to use it are the law abiding people, the same people who are not going to be terrorists.

    And besides, all of Osama's communications weren't through high-tech means but also low-tech. When the someone figures out how to trace one of Osamas high tech communications, he will just switch to a low tech form.

    --


    Outdoor digital photography, mostly in New Engl
  13. Your estimate is WAY too generous to the media by e-gold · · Score: 4, Insightful

    Robin, your defense of copy editors and headline writers is eloquent, but way-off IMO.

    I have seen, too many times, bias creep its way into copy editing and (ESPECIALLY!) headline
    writing decisions. Occasionally (see Slashdot's unfortunate coverage of Wired's "coverage" of the supposed "raid on e-gold" -- which would have been a fine story except that not only did it not happen, both Wired's headline writer and Slashdot's either didn't read the text of their own story or purposely chose to distort that text to make up a better headline) -- the facts be damned. I'm sure that competent copyeditors are always in short supply, but I'd think that even the INcompetent ones might read stories before slapping a headline on 'em and inviting my withering sarcasm.

    What I'm disputing here is your "99%" estimate above. I'd say that AT LEAST 5% of mistakes are due to bias (not gonna get into whether there's media bias, or how various media outlets are biased, but we'd probably disagree on that, too). I have seen and informally studied headline & copy-editing errors for DECADES, and over the years the pattern of distortion has been more indicative of agendas than honest accidents in WAY more than 1% of cases. The mistakes AREN'T random (analysts at www.mrc.org and www.fair.org would probably both agree with me on that point, and they disagree on just-about everything).

    Again, your eloquence is appreciated (especially by any copy-editors who are reading all this, and I'm sure their job sucks sometimes -- like all jobs can suck!) but your estimate is orders of magnitude off, IMO. Also, if incompetent headline writers really AREN'T anonymous cowards, then there's one over at Wired whose actual name I'd appreciate knowing -- so far all I've got is 'not Declan,' which (even with media-layoffs) doesn't really narrow things down too much, does it?
    JMR

    (Speaking ONLY for myself!)

    --
    Try e-gold - (contact me). I'm NOT e-
  14. Just D/L'd my PGP before the legislation by Archfeld · · Score: 4, Insightful

    catches up with everyone here in the "Land of the Free"
    I wish the Politicos would STOP the GrandStanding and start dealing with REALITY and the ISSUES. Ashcroft is one of the WORST REACTIONARIES. He fully realizes that the extraordinary powers he is requesting WILL NEVER BE REVOKED.

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
  15. France tried it. by Aceticon · · Score: 5, Insightful
    They banned all use of cryptography, except for properly registered institutions, which had to provide their keys to the French government.
    (This was done with the intention of allowing eavesdroping of all comunications in France by the French authorities)

    Since then they totally reversed their positions, up to the point of actually promoting the use of Open Source products because they can be checked for the existence of backdoors.

    Why?

    1. Foreign companies started avoiding doing business in France (they rather have their head-quarters or european head-quarters where they can protect their trade secrets)
    2. The French government sudenly discovered that the US Information Services were using electronic interception technologies (Echelon) to intercept business comunications of French companies. Any relevant business information so discovered was then provided to American companies thus giving them competitive advantage over French companies

    Or puting things in a different way:

    Any nation that adopts a ban on cryptography runs the risk of placing their own companies at a competitive disadvantage to companies in other countries (the US is not the only country doing electronic surveilance) and scaring off foreign companies. Even the mandatory use of back doors in cryptography products has the same risk (eventualy somebody will discover the key that opens the back door, and from there onwards it's the same as if the comunications are unencrypted).

    Plus, even if the US adopted laws against the use of cryptograpy or mandating back doors in cryptography products, i doubt very much that the French government would adopt it (specially after having sufered the efects of such a decision in the past). If in such situation the US tried a Trade Embargo against France, it would have to do so against the whole of the EC. You DON'T do a Trade Embargo against the second largest world market (it would be as idiotic as a Trade Embargo against the US)