Interim Response from Philip Zimmermann 305
Overreaction to Washington Post ArticleIt seems that my recent clarification of how I was represented in the 21 September Washington Post article has itself created a deluge of harsh criticism of the Washington Post and the reporter who wrote the article.
People seem to be assuming the Washington Post is part of some grand conspiracy to restrict the availability of strong cryptography. I would like to say that this is an overreaction and a misinterpretation on the part of these critics.
I believe this was an honest misunderstanding by the people at the Post, and I never meant to imply in my previous clarification that this was done on purpose or with any malicious intent. On the contrary, I believe the Post worked hard to be fair in the story and had the best of intentions when they ran it.
Further, I'd like to say that all the individual facts and quotes were reported correctly. But the Post connected the dots in a slightly different way to conclude that I was feeling guilty even though I was simply feeling grief and anger just like everyone else since the attacks occurred. Overall, I thought the article was fine except for that one line that says I was "overwhelmed with guilt."
My purpose for sending out my original clarification was not to criticize the Post but to assure everyone that I am still standing firm on my convictions that PGP and other strong encryption products should be available to the public, with no back doors.
Through the years of coverage the Post has given the issue of cryptography restrictions, I have never detected any bias at the Post to promote restrictions on crypto. In fact, if they have any bias at all, it seems to be in the other direction. They helped me when I needed to keep the Justice Department at bay in 1995. We will need them again in the coming weeks as we in the crypto community attempt to keep the freedoms we have, as legislators try to impose new restrictions on strong crypto.
I find this jihad of criticism of the Post to be inappropriate. I can easily tell from talking with the reporter that her intentions were good. It is grossly unfair to punish her with all this hate mail. It's embarrassing to me and damaging to her. If anyone in the world of journalism wants any further clarification from me on that reporter's competence or journalistic integrity, feel free to call me directly and I will explain it to you in more detail.
I am in London at a data security conference, without as much Internet access as I have at home, so I cannot keep writing about this matter for much longer. I hope this letter is enough to put this matter to rest.
Sincerely,
Philip Zimmermann-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3iQA/AwUBO7ILqcdGNjmy13leEQLryACfffYuStFXNTC0aWnJStMEAWsbQSgAn0ID d2bqoxnEbABk+1V/edlzC84A =uBHG
-----END PGP SIGNATURE-----
Bad Frontpage Link (Score:0, Informative)
Measuring media dishonesty (Score:2, Informative)
In general i think most press dishonesty is in pursuit of the aim to be more interesting. That's the main selling value. Political agendas are much less important to press than most people think.
Useful moderation system for Slashdot? Very valuable, yes. Question is how. Too heavy for full use.
Slashdot and Crypto (Score:5, Informative)
Do you think you could give the Slashdot crew a quick lesson in using crypto? From the way they've posted the last two missives from you, it's obvious they don't actually use PGP or GnuPG and have no clue how to transfer information in such a way that the digital signature remains valid.
I mean, providing a link to the original text file seems to be too hard for them, so maybe you could walk them through the procedure for verifying a document and then ask them to try and do that on their own postings, to see what they are doing to those of us who verify signatures when we see them?
I mean, what's the point of signing a message if no one can verify it? Not that I think Slashdot would lie, but for all we know they've been duped into posting something that isn't from the real Phil Zimmerman. Or maybe their stories are being tampered with-- it's happened to bigger fish recently (and Slashdot itself has been hacked before).
Thanks!
was crypto even used? (Score:5, Informative)
"FBI investigators had been able to locate hundreds of email communications, sent 30 to 45 days before the attack. Records had been obtained from internet service providers and from public libraries. The messages, in both English and Arabic, were sent within the US and internationally. They had been sent from personal computers or from public sites such as libraries. They used a variety of ISPs, including accounts on Hotmail.
According to the FBI, the conspirators had not used encryption or concealment methods. Once found, the emails could be openly read."
PGP is not to blame (Score:1, Informative)
Re:use of word jihad (Score:3, Informative)
But just 'cos its written don't make it right, so I may be wrong.
Guardian: How the plotters slipped US net (Score:4, Informative)
Guardian: How the plotters slipped US net [guardian.co.uk]
Re:use of word jihad (Score:1, Informative)
While there may well be no direct translation of "holy war" into Arabic to be found in the Koran, it doesn't take too many steps to translate it into that. Just like any other group and language, Arabic and Islam have their own euphamisms. While it may be that the literal translation of Jihad into English is "troubled times", and that generally that is the semantic sense of the word, like most other groups, words like "these are troubled times" are almost always followed by "it is time for us to take action and right the evil things that have put us in these Troubled Times".
Just look at the English-Irish conflict in N. Ireland. Sure, they are called "The Troubles", but the English do have a fine ear for euphamisms. We know it really has been quite a long period of guerrila warfare, not only between peoples of two countries, but peoples of two religions.
So when we hear a call for a "jihad" by some mullah or imam thrown into the same paragraph or sentence as "overthrow the Great Satan", along with a huge crowd of fired up Amway distributors... wait... wrong analogy... er, fellow citizens burning flags, trying to conduct voodoo ceremonies with world leaders, and firing off AK-47s, well... It is hard, very hard
If it walks like a duck, quacks like a duck, has feathers, small beady eyes, wings, feathers, webbed feet and a flat bill, it probably is a duck.
Help fight anti-crypography legislations (Score:4, Informative)
Also, elsewhere on Slashdot, again I can't find the link again, there is a very well-written letter that the author said he would allow for use provided it was modified a little bit.
If we don't want something to happen, we need to make sure to tell our government about it. They are there to represent US, and if we don't want something, it shouldn't happen.
Re:A better approach (Score:3, Informative)
Re:Media and conspiracy (Score:2, Informative)
Without rambling further, I will introduce all of you who found these ideas +5 interesting to the disturbing world of Noam Chomsky. Suggested reading here [amazon.com] and here [amazon.com] and here [amazon.com].
Senator Judd Gregg (R - NH) wants crypto backdoors (Score:1, Informative)
Phone: (202) 224-3324
Fax: (202) 224-4952
(Taken from http://politics.yahoo.com/politics/congress/senat
Dan
Some common /. fallacies on crypto (Score:3, Informative)
1) Arguments equating unbreakable encryption with various tools or envelopes for private mail are specious. Envelopes are easily opened - and can be opened under a court order. Hammers, pants, airliners, and crypto do all have uses beyond terrorism - but the vast majority of the value of crypto could *theoretically* be retained with well managed (i.e. privately owned and run, paid for by crypto users) key escrow.
2) Terrorists using alternative unbreakable crypto is NOT an argument against key escrow. Requiring all communication using strong encryption to use key escrow has the flip side of making other forms of encrypted communication illegal. Discovery that a suspect is using illegal/unbreakable encryption would be enough to arrest them and detain them indefinitely for contempt of court if they failed to turn over the keys to their crypto.
To defeat any particular "government backdoor crypto scheme", you must
(a) show it damages recognized constitutional rights;
(b) show it could not work because...(?);
(c) get enough people using it and emotionally attached to the protection it provides, that they irrationally tell their law makers to buzz off - or engage in widespread civil disobedience once key escrow is mandated.