Forgot your password?
typodupeerror
Encryption Security

Philip Zimmermann and 'Guilt' Over PGP 837

Posted by Roblimo
from the freedom-is-still-the-goal dept.
Philip R. Zimmermann, creator of PGP, was quoted in a recent Washington Post article as saying he has been "overwhelmed with feelings of guilt" about the use of PGP by suspected terrorists. Zimmermann says the story was not entirely accurate, and has written a response to it (below) that he hopes will clear things up. He has also consented to a Slashdot interview, so please post any questions you have for him. As usual, we'll send 10 of the highest-moderated ones to Zimmermann by email, and post his replies verbatim as soon as we get them back.

No Regrets About Developing PGP

The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case, and made her repeat back to me this point so that she would not get it wrong in the article. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.

Because of the political sensitivity of how my views were to be expressed, Ms. Cha read to me most of the article by phone before she submitted it to her editors, and the article had no such statement or implication when she read it to me. The article that appeared in the Post was significantly shorter than the original, and had the abovementioned crucial change in wording. I can only speculate that her editors must have taken some inappropriate liberties in abbreviating my feelings to such an inaccurate soundbite.

In the interview six days after the attack, we talked about the fact that I had cried over the heartbreaking tragedy, as everyone else did. But the tears were not because of guilt over the fact that I developed PGP, they were over the human tragedy of it all. I also told her about some hate mail I received that blamed me for developing a technology that could be used by terrorists. I told her that I felt bad about the possibility of terrorists using PGP, but that I also felt that this was outweighed by the fact that PGP was a tool for human rights around the world, which was my original intent in developing it ten years ago. It appears that this nuance of reasoning was lost on someone at the Washington Post. I imagine this may be caused by this newspaper's staff being stretched to their limits last week.

In these emotional times, we in the crypto community find ourselves having to defend our technology from well-intentioned but misguided efforts by politicians to impose new regulations on the use of strong cryptography. I do not want to give ammunition to these efforts by appearing to cave in on my principles. I think the article correctly showed that I'm not an ideologue when faced with a tragedy of this magnitude. Did I re-examine my principles in the wake of this tragedy? Of course I did. But the outcome of this re-examination was the same as it was during the years of public debate, that strong cryptography does more good for a democratic society than harm, even if it can be used by terrorists. Read my lips: I have no regrets about developing PGP.

The question of whether strong cryptography should be restricted by the government was debated all through the 1990's. This debate had the participation of the White House, the NSA, the FBI, the courts, the Congress, the computer industry, civilian academia, and the press. This debate fully took into account the question of terrorists using strong crypto, and in fact, that was one of the core issues of the debate. Nonetheless, society's collective decision (over the FBI's objections) was that on the whole, we would be better off with strong crypto, unencumbered with government back doors. The export controls were lifted and no domestic controls were imposed. I feel this was a good decision, because we took the time and had such broad expert participation. Under the present emotional pressure, if we make a rash decision to reverse such a careful decision, it will only lead to terrible mistakes that will not only hurt our democracy, but will also increase the vulnerability of our national information infrastructure.

PGP users should rest assured that I would still not acquiesce to any back doors in PGP.

It is noteworthy that I had only received a single piece of hate mail on this subject. Because of all the press interviews I was dealing with, I did not have time to quietly compose a carefully worded reply to the hate mail, so I did not send a reply at all. After the article appeared, I received hundreds of supportive emails, flooding in at two or three per minute on the day of the article.

I have always enjoyed good relations with the press over the past decade, especially with the Washington Post. I'm sure they will get it right next time.

The article in question appears at http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html

-Philip Zimmermann
24 September 2001

(This letter may be widely circulated)

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQA/AwUBO69F2sdGNjmy13leEQIn+QCg2DjDeyibtRe61tUSplSAobdzAqEAoOMF ir3lRc4c1D/0Mmmv/JtP/E73 =HmRO
-----END PGP SIGNATURE-----

This discussion has been archived. No new comments can be posted.

Philip Zimmermann and 'Guilt' Over PGP

Comments Filter:
  • guilt? (Score:0, Informative)

    by wobblie (191824) on Monday September 24, 2001 @12:55PM (#2341712)
    I wonder if Bush Sr or Clinton are overwhelmed with feeling of guilt over tens of thousands of East Timorese being slaughtered with US weapons.
  • by Anonymous Coward on Monday September 24, 2001 @01:15PM (#2341818)
    As I understand it, with limited cryptographic knowledge, the use of a one time key for encryption is the ideal situation. Why is there such a fuss over these tools when someone could simply XOR their message with say the data from a known music CD or the like. Wouldn't this almost completely protect the information ?
  • by regexp (302904) on Monday September 24, 2001 @01:29PM (#2341918)
    Rather than just clarifying his views for the Slashdot audience, Zimmermann should bring this up with the Washington Post's ombudsman. [washingtonpost.com]

    Situations like this are pretty much the reason the Post has an ombudsman.

    As Zimmermann says, the Washington Post usually takes accuracy very seriously. I'm sure they will give this the attention it deserves.

  • Re:Thanks Phil (Score:2, Informative)

    by reynaert (264437) on Monday September 24, 2001 @01:34PM (#2341956)
    Here in Belgium, if you're named in a newspaper article and feel misrepresented, the newspaper is required by law to publish your reply.

    Apparently, no such law exist in the U.S.
  • Re:But there is (Score:3, Informative)

    by carlos_benj (140796) on Monday September 24, 2001 @02:24PM (#2342411) Journal
    ...the Pope, who was at the time the world leader of Christianity...
    Although Catholics would probably agree with you, the fact is that Christianity has existed outside of the Catholic church since the beginning (of Christianity). Most folks labor under the mistaken notion that there was no Christianity outside of the Pope's jurisdiction until the reformation.
  • Re:But there is (Score:2, Informative)

    by jcast (461910) <jonathanccast.fastmail@fm> on Monday September 24, 2001 @02:40PM (#2342536) Journal
    In fact, the Pope even tried to call Crusades against the Greek Orthodox, and Constantinople was sacked by the Catholics at one point, I believe.

    The Albigenses (sp.?) (in France) also got a crusade launched against them at one point. The point is, Catholicism at that time was extreme. It was an extreme majority, but it was still pretty extreme. That, of course says nothing about the views of all those other Christians the Catholics persecuted.
  • by NullAndVoid (181397) on Monday September 24, 2001 @02:49PM (#2342585)
    Yep, the US gov thought bombing the Japanese was justified, otherwise if they had waited a month or two later for them to surrender (as intelligence indicated they were likely to do), the US would've had to share occupation of Japan with the Soviets just like in Germany.
  • by Tony (765) on Monday September 24, 2001 @03:24PM (#2342844) Journal
    The flaw to backdoor encryption? That's an easy one.

    Think of the term, "backdoor." What's the flaw with a backdoor in a webserver, or any server on the internet, for that matter?

    ANS: once the backdoor is compromised (READ: publicly known), *any*one can access that service, rendering security useless. You'd have to change the backdoor key.

    The other option is key escrow, in which, to use encryption, you must register your keys with the government. This option is certainly better, but still less-than-desirable.

    For instance:

    Imagine you are writing an expose' of the President, talking about his cocaine years and how he payed for his hookers by dealing crack. You are interviewing sources via the 'net (in addition to other methods), and you want to a: verify they are whom they say they are, and b: talk without worries of being overheard. Honestly, encrypted email is more secure than talking on the phone.

    Or, suppose you wish to bypass what you consider terrible laws, like those outlawing the use of Free/Open Source DVD players, or talking about encryption itself.

    People here have mentioned using cryptography to work within oppressive regimes; well, what if that oppressive regime is the grand ol' US of A, where it is becoming illegal to give bad reviews of software? Or where soon you may not be able to legally use Linux (if the SSSCA goes through)?

    I have seen arguments that the mythical founding fathers of the US didn't have weapons of mass destruction in mind when they wrote the Declaration of Independence, or the Constitution. What they layed down was a philosophy, and that philosophy covers a way of life, not the tools and weapons of that way of life. As our powers expand, our responsibilities also expand; but we must never allow our liberty to be compromised.
  • Re:Thanks Phil (Score:1, Informative)

    by Anonymous Coward on Tuesday September 25, 2001 @10:46AM (#2346642)
    Here's the response the reporter offered me via e-mail when I sent her this link:

    thanks for your note. here's an email that mr. zimmerman sent out before the other statement that you're referencing. i think this first statement is pretty fair. the new one seems to radically different.

    mr. zimmerman says in this particular note that he thought he made it clear that he had "no regrets about developing pgp." that's true and i state so explictly in the story in almost those very same words.

    what i did not realize was that some people would take the idea that he was feeling "guilty" would imply that he felt he did something wrong. that was not my intention and i apologize for any misunderstanding. the way we were thinking about "guilt" was simply in terms of people feeling bad or somehow responsible even though there may be no reason for that. i'm sure you've
    heard, as i've heard, people in the past few days saying they've been feeling "guilty" for things like smiling or laughing or even for simply surviving.

    in any case, here's what happened, in mr. zimmerman's own words: "She did not report any individual facts incorrectly in her article. But I think she connected the dots in a slightly different way."

The first Rotarian was the first man to call John the Baptist "Jack." -- H.L. Mencken

Working...