Full Text of *Guardian* PGP Article
James A. Campbell
The following article was published in The Guardian, November 25, 1993,
Features Page, Page 17, and is Copyright 1993 Guardian Newspapers Ltd.
-------------------------------------------------------------------------
ENTER THE CRYPTO FACTOR:
How Computers Could Give Us Back the Privacy
That Computerisation Has Taken Away
By Wendy Grossman
THE NEWS came, appropriately enough, over the electronic networks:
Phil Zimmermann needs help. The details followed: the US Customs
Department is investigating him to determine whether he was responsible
for exporting full-strength encryption from the US. Under US law, strong
encryption is classified as a munitions.
Zimmermann is the author of the first version of PGP, which
stands for "Pretty Good Privacy". The program runs on a variety of
microcomputers and is widely available as freeware on online services
all over the world, including Cix and CompuServe. In fact, the program
is probably "exported" many times every day. Anyone can use it to make
sure that their electronic communications are secure.
Zimmermann seems to have become interested in cryptography as early
as junior school. Computers came into it later: after taking a computer
science degree in Florida he became a computer consultant specialising
in cryptography. It wasn't until 1991 that PGP 1.0, a DOS program, was
released: one of the technical difficulties was learning how to get
computers to do calculations involving 300-digit numbers. Since then
others have built on Zimmermann's work; there are versions of the
program for DEC VAX VMS, Unix and even Microsoft Windows. There have
also been improved DOS versions: we are now up to 2.3.
PGP is based on the RSA encryption algorithm, named for its
developers, Rivest, Shamir and Adelman. RSA relies on a system called
public-key cryptography. The program starts by generating two keys, a
public and a private one. Your private key is just that: private. You
keep it safe and share it with no one. Your public key, however, you get
digitally signed by people who know you and can attest that it's yours.
After that you can distribute it as widely as you like by any method you
like. There are already "key servers" - one of them at Demon Internet
Limited in London - where public keys are available for downloading by
anyone who wants them. But you will, of course, keep a "key ring" of
your correspondents' public keys, which you will use to decrypt their
messages.
Public-key cryptography has several elegant features. First,
the encryption really is "industrial strength". Second, the keys
authenticate messages as well as protect them from prying eyes: if a
message can be decrypted using your public key, that's a guarantee that
the message came from you - and you can't later disavow it.
Enter the cypherpunks, to whom Zimmermann is a hero. Instead of
relying on data protection legislation and the goodwill of systems
administrators, they argue, use the computer to give us back the privacy
that computerised systems have taken away. Think of encryption as an
envelope: you wouldn't want to send all your private mail on postcards,
would you? The private nature of the act of writing electronic mail and
messages makes it easy to forget how public they really are.
Protecting the privacy of correspondence is only the beginning.
Other proposed uses for encryption include digital cash, which would
allow you to pay for goods and services electronically and anonymously,
and selective smart cards, which would only tell authorities the
information they need and no more. For example, you could have a card
that told the DSS you were entitled to benefit, but gave staff none of
your personal details.
The fact that it's illegal to export strong encryption from the US
does not make it illegal to use PGP in the UK. However, it has been
technically illegal to use PGP inside the US, because the RSA algorithm
is patented by RSA Data Security, a company set up to exploit RSA, which
was developed at MIT with public funding.
Ironically this patent is not valid in the UK and other countries,
because of prior publication in Scientific American. This situation may
be changing: a commercial version of PGP is being released in the US,
and the GATT talks may uphold such US patents. (Of course many
cypherpunks argue that it should not be possible to patent an algorithm,
any more than you should be allowed to patent the human genome or a
compound's molecular structure.)
The present US Customs investigation doesn't deal with the patent
issues, only the export question. But it's come at the same time as
Clinton's Clipper Chip proposals and the Digital Telephony bill, both of
which seek to limit the strength of encryption available within the US.
This has a certain irony: encryption is too dangerous to be given to the
American public, but anyone can have a gun.
The result has been to give Zimmermann some of the gloss of a folk
hero: he is regarded as being the man who gave strong encryption to the
masses.
Zimmermann contends that he did not export PGP. But win or lose, he
will face the usual astronomical American legal bills, so a defense fund
has been set up by his attorney (email: dub...@csn.org). And win or
lose, the technology is out there now. No amount of scouring of the
world's hard discs will ever bring it back under control.
-------------------------------------------------------------------------
Pat Myrto
have been redirected to talk.politics.crypto ... adjust as you see
fit.
In article <1993Nov27.0...@msuvx2.memst.edu> jacam...@msuvx2.memst.edu (James A. Campbell) writes:
>And now, due to popular demand...
>
>The following article was published in The Guardian, November 25, 1993,
>Features Page, Page 17, and is Copyright 1993 Guardian Newspapers Ltd.
>
> [ ... much of article deleted ... ]
>
> The present US Customs investigation doesn't deal with the patent
>issues, only the export question. But it's come at the same time as
>Clinton's Clipper Chip proposals and the Digital Telephony bill, both of
>which seek to limit the strength of encryption available within the US.
>This has a certain irony: encryption is too dangerous to be given to the
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>American public, but anyone can have a gun.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
No irony at all:
You should be aware that Herr Clinton and Fellow Travellers are doing
their damndest to fix the above apparant inconsistancy: The Brady Bill
has language that make it so officials can deny a purchase for no good
reason, and they are immune from being sued for discrimination, negligence,
or any other reason or abuse, no matter WHAT they do. The applicant
also has NO avenue of recourse or appeal. Since Clinton, etc have
publically ADMITTED that the Brady Bill will have NO impact on crime or
violence, all that is left is harassment of the law-abiding gunowner,
and providing the hooks for a back-door ban to disarm the law-abiding,
without passing a direct law saying so. As usual, impact on the criminal
element remains zero.
And Clinton's crime bill will outlaw the possession of any modern design
firearms - especially militia type weapons - initially 19 are specified,
but UNELECTED bureaucrats can add any others they feel like to the list.
Again, as usual, no appeal, no recourse, and criminals will not be
affected (the weapons described account for something like under 2
percent of gun crimes overall). The goal is to disarm the PEOPLE, not
control or affect crime. That was always the goal (you don't control
crime by attacking their VICTIMS). Big Brother not only wants to
eliminate easy access to strong encryption, he wants to eliminate access
to guns, ALSO. He wants to eliminate access to BOTH (and curtail a
bunch of other rights we take for granted in the process). All to
"Protect you from yourself", or from 'terrorists' or 'drug dealers'.
Problem is, 'terrorist' can easily mean "Anybody who is an annoyance to
Big Brother..."
Start reading all the fine print. Smell the stench of the weeds. The
name of the game in town is CONTROL. PEOPLE control. The knee-capped
Bill of Rights will be but a dim memory if Clinton's "Crime Bill" passes
intact. Look at all the end-runs around the Constitutional protections
so far. And notice that Clinton has embraced EVERY onerous practice
from past administrations, and instead of reducing them, has EXPANDED
on them, and is adding a bunch of his own. Hebeas Corpus 'reform' (it
is too much hassle to show a crime was actually committed, I guess),
Bail 'reform' (one gets to defend themselves from jail- probably with
their assets taken from them, too?), loosening of the Exclusionary rule
(coreced evidence will now be OK?). When viewd in light of all this,
and more 'goodies' that haven't been mentioned (such as the 100,000 man
FEDERALLY CONTROLLED National State Police), the Clinton plans for
ones ability to maintain privacy, and his obvious contempt for the
Constitution he swore to uphold and defend become very scary, indeed.
His definiton of a 'free country' seems to be very different than
mine and others who feel the Constitution meant what it said, not what
some self-serving politician or bureaucrat says it means this week.
> The result has been to give Zimmermann some of the gloss of a folk
>hero: he is regarded as being the man who gave strong encryption to the
>masses.
> Zimmermann contends that he did not export PGP. But win or lose, he
>will face the usual astronomical American legal bills, so a defense fund
>has been set up by his attorney (email: dub...@csn.org). And win or
>lose, the technology is out there now. No amount of scouring of the
>world's hard discs will ever bring it back under control.
And what affect does the action against Zimmerman have on anyone else
that might have been considering making some improved PGP like package
generally available? Unless one is independently wealthy, one would be
nuts to make a freeware package, with source code generally available
in this climate. Nobody will be feel safe making available source so
one can check it out for oneself, as via FTP, or posting to the net, at
least not in the 'free' USA, if doing this will bring all this heat and
expense down on one's back (which I suspect is the general idea). One
has to wonder what the plans are for dealing with stuff accessed from
sites from outside the US. Probably well-addressed in the NII plan.
Wake up, folks. It ain't ALL imaginary.
Better to plan and act as if ones freedom is in grave danger, and be
wrong, than to not do so, and find one has virtually no rights or freedoms
left in a couple of years. If this trend isn't stopped, and SOON, what
things will be like in, oh, say 2 to 4 years is not very pretty. My
childhood nightmare of the East and West switching roles may still come
true.. All that will be lacking is the border fences with machineguns
pointing INWARD.. :-(
--
p...@rwing.uucp [Without prejudice UCC 1-207] (Pat Myrto) Seattle, WA
If all else fails, try: ...!uunet!pilchuck!rwing!pat
WISDOM: "Travelling unarmed is like boating without a lifejacket".
[Stop the Clipper/Capstone assault on privacy]