Slashdot Mirror
Interim Response from Philip Zimmermann
Overreaction to Washington Post ArticleIt seems that my recent clarification of how I was represented in the 21 September Washington Post article has itself created a deluge of harsh criticism of the Washington Post and the reporter who wrote the article.
People seem to be assuming the Washington Post is part of some grand conspiracy to restrict the availability of strong cryptography. I would like to say that this is an overreaction and a misinterpretation on the part of these critics.
I believe this was an honest misunderstanding by the people at the Post, and I never meant to imply in my previous clarification that this was done on purpose or with any malicious intent. On the contrary, I believe the Post worked hard to be fair in the story and had the best of intentions when they ran it.
Further, I'd like to say that all the individual facts and quotes were reported correctly. But the Post connected the dots in a slightly different way to conclude that I was feeling guilty even though I was simply feeling grief and anger just like everyone else since the attacks occurred. Overall, I thought the article was fine except for that one line that says I was "overwhelmed with guilt."
My purpose for sending out my original clarification was not to criticize the Post but to assure everyone that I am still standing firm on my convictions that PGP and other strong encryption products should be available to the public, with no back doors.
Through the years of coverage the Post has given the issue of cryptography restrictions, I have never detected any bias at the Post to promote restrictions on crypto. In fact, if they have any bias at all, it seems to be in the other direction. They helped me when I needed to keep the Justice Department at bay in 1995. We will need them again in the coming weeks as we in the crypto community attempt to keep the freedoms we have, as legislators try to impose new restrictions on strong crypto.
I find this jihad of criticism of the Post to be inappropriate. I can easily tell from talking with the reporter that her intentions were good. It is grossly unfair to punish her with all this hate mail. It's embarrassing to me and damaging to her. If anyone in the world of journalism wants any further clarification from me on that reporter's competence or journalistic integrity, feel free to call me directly and I will explain it to you in more detail.
I am in London at a data security conference, without as much Internet access as I have at home, so I cannot keep writing about this matter for much longer. I hope this letter is enough to put this matter to rest.
Sincerely,
Philip Zimmermann-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3iQA/AwUBO7ILqcdGNjmy13leEQLryACfffYuStFXNTC0aWnJStMEAWsbQSgAn0ID d2bqoxnEbABk+1V/edlzC84A =uBHG
-----END PGP SIGNATURE-----
It's good to see that many people have a sound head on their shoulders and are not engaging in over-reaching knee-jerk reactions.
Find the time to write your congresscritter, but do it when you are not emotional. Tell them that security research is not cracking, that cracking is not terrorism (if you don't take the time to properly secure your systems, you need to take some liability!), tell them that crypto is free speech, it is the ability of people to have a private conversation! A conversation without big ears, between a limited group of people. Then let the letter sit overnight and read it in fresh light.
If you really want them to listen, take the time to print out your letter, after you have sent it online, address some envelopes and send them hard copy!
If you really wan to stir some feathers, then remind them of the declaration of independence - "But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security"
Chris
-- I need more coffee. It's Monday. There is no such thing as enough coffee on a Monday.
Carl G. Jung
--
"With one breath, with one flow, You will know Synchronicity" -La Policia
Zimmerman comes across as constructive and considered precisely because he spends more time trying to clear up the facts rather than point the finger at everyone in sight, blame the establishment and cry conspiracy at the top of his voice. It's precisely because his contributions to discussions are so considered that he has reached a position where his opinions carry a lot of weight.
Anyone who was expecting a similarly considered reaction from Slashdot (as a whole, not individuals), was obviously being a little optimistic. Most of the posts seemed to indicate that the most people got out of Zimmerman's letter was that the Washington Post had misrepresented him - they then went on their (somewhat predictable) anti-WP crusade as they perceived one of their heroes to have been slighted.
Thank goodness the hero himself has the presence of mind to calm things down before they get out of hand. But I doubt the reaction did much to endear the Slashdot crowd to him. At least he knows where to go if he needs to rally some unconsidered fanatical support.
Disclaimer: I am not making comments directed at any individual post, but at a theme that ran through a number of posts in the other thread, so don't take it personally.
Salocin.com
Although, given that we usually don't read articles before going totally non-linear, it's probably unrealistic to expect people to read the howto.
Best Slashdot Co
But...
The Washington Post DOES deserve critism. Phil is very polite to assure that there were good intentions and that facts were presented properly. Unfortunately, good intentions aren't always enough and the facts reported were not entirely correct.
The issue at hand is the reported guilt that Phil felt. By his own account, he had gone to great lengths to ensure that mistake was not made. And yet the mistake was made and Phil's apparent guilt was reported as fact. Why? Because someone at The Post drew their own incorrect conclusion.
I'm all for reporters putting elements togeather to ferret out the truth of a story. Its part of what makes a good investigative reporter. However, in this case someone put 2 and 2 togeather, got 5... and went ahead with it without any fact checking. Surely Phil wouldn't have been THAT hard to contact for a followup (be it in person, voice, or email).
The Washington Post is a professional, world-class organization. Their reporters are professionals with a great deal of power to direct the attention and impressions of issues held by average citizens. Some of which happen to be in our law enforcement agencies, Congress, and other positions of power and policy. Because of this, the Post and its reporters should be held to a high standard.
The Washington Post failed to meet this standard. They should feel ashamed and are entirely worthy of harsh critism.
Even if they're not deserving of hate mail.
After all of this explosion about crypto and backdoors and limiting the civil liberties of Americans and anyone else we can cause trouble for, it is somewhat ironic (and more than a little tragic) to find that a tremendous amount of information has been gathered through understanding relationships and actions of the perpetrators. This according to the butthead press corps in the US.
This has been pointed out elsewhere, possibly by a congressperson even, but what would our law enforcement agencies do with the tremendous amount of information they are asking to have access to, when they can't properly connect the dots that they already have in plain text right in front of them?
When something like 20 foreign nationals from the same general region of the world get truck driver licenses and apply for hazardous materials hauling permits all within a couple of months of each other, somebody in some FBI office somewhere should ask some questions. There was nothing encrypted in that transaction, and they are only now putting that together.
Besides all of this, bin Laden doesn't even use technology to communicate anymore, having resorted to no-tech messangers to avoid CIA/NSA listening posts. At least that's what our news media is telling us...
What’s the point of posting the PGP signature if you don't also post the text exactly as signed, including the “begin signed” and “end signed” delimiters. The signature is unverifiable without the precise text that was signed.
No point. Except to look cool.
--
“Doh!”
The reason for most editorial cuts in newspaper stories is not to give them a "slant" but to make them fit into available space on the page.
Newspapers lay out pages by putting in the ads first, then filling the remaining white space (called the "news hole") with stories. Often there are more stories the boss editors feel are important than there is space to run all of them full length, so some or all of the stories get trimmed to fit. Decisions on what words to cut out of which stories are not made by a group of cackling [liberal; conservative; Zionist; law enforcement] conspirators in a back room, but by overworked (and usually underpaid) wordsmiths watching the clock tick toward the moment when the presses are scheduled to run. These people do not have the power to decide which stories get covered and which do not. They are the hands-on people responsible for getting the paper put together on time every day; the sergeants of the newspaper business, you might say.
Deadline pressure combined with the necessity to make the paper fit as much information as possible onto each (expensive) square inch of newsprint is to blame for at least 99% of all perceived newspaper copyediting errors.
The copyeditor who is making the cuts is also, in most cases, proofreading the stories, checking facts, and writing headlines. It is a brutal job, and out of the hundreds of stories a big newspaper like The Post runs in every edition, chances are approximately 100% that at least a few cuts will be made that are less than perfect.
A big advantage Internet news purveyors have over print news sources, and over broadcast sources too, who have "X" minutes of time to fill, and that's it, is that it costs effectively nothing to run 5 extra paragraphs of text on the WWW if those paragraphs will add more depth or accuracy to a story.
Hands-on, daily deadline copyediting is a brutal job carried out not by "anonymous cowards" but by people who do their best to make stories as accurate and readable as possible in too little time, usually on a copy desk that is a few people short not only because of recent media layoffs, but because competent copyeditors are always in short supply. The job takes an immense range of knowledge, powerful research skills, and a willingness to accept attacks for every mistake made while foregoing public credit when everything goes "just right."
- Robin
(This was done with the intention of allowing eavesdroping of all comunications in France by the French authorities)
Since then they totally reversed their positions, up to the point of actually promoting the use of Open Source products because they can be checked for the existence of backdoors.
Why?
Or puting things in a different way:
Any nation that adopts a ban on cryptography runs the risk of placing their own companies at a competitive disadvantage to companies in other countries (the US is not the only country doing electronic surveilance) and scaring off foreign companies. Even the mandatory use of back doors in cryptography products has the same risk (eventualy somebody will discover the key that opens the back door, and from there onwards it's the same as if the comunications are unencrypted).
Plus, even if the US adopted laws against the use of cryptograpy or mandating back doors in cryptography products, i doubt very much that the French government would adopt it (specially after having sufered the efects of such a decision in the past). If in such situation the US tried a Trade Embargo against France, it would have to do so against the whole of the EC. You DON'T do a Trade Embargo against the second largest world market (it would be as idiotic as a Trade Embargo against the US)