Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Encryption Security

Philip Zimmermann and 'Guilt' Over PGP 837

Philip R. Zimmermann, creator of PGP, was quoted in a recent Washington Post article as saying he has been "overwhelmed with feelings of guilt" about the use of PGP by suspected terrorists. Zimmermann says the story was not entirely accurate, and has written a response to it (below) that he hopes will clear things up. He has also consented to a Slashdot interview, so please post any questions you have for him. As usual, we'll send 10 of the highest-moderated ones to Zimmermann by email, and post his replies verbatim as soon as we get them back.

No Regrets About Developing PGP

The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case, and made her repeat back to me this point so that she would not get it wrong in the article. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.

Because of the political sensitivity of how my views were to be expressed, Ms. Cha read to me most of the article by phone before she submitted it to her editors, and the article had no such statement or implication when she read it to me. The article that appeared in the Post was significantly shorter than the original, and had the abovementioned crucial change in wording. I can only speculate that her editors must have taken some inappropriate liberties in abbreviating my feelings to such an inaccurate soundbite.

In the interview six days after the attack, we talked about the fact that I had cried over the heartbreaking tragedy, as everyone else did. But the tears were not because of guilt over the fact that I developed PGP, they were over the human tragedy of it all. I also told her about some hate mail I received that blamed me for developing a technology that could be used by terrorists. I told her that I felt bad about the possibility of terrorists using PGP, but that I also felt that this was outweighed by the fact that PGP was a tool for human rights around the world, which was my original intent in developing it ten years ago. It appears that this nuance of reasoning was lost on someone at the Washington Post. I imagine this may be caused by this newspaper's staff being stretched to their limits last week.

In these emotional times, we in the crypto community find ourselves having to defend our technology from well-intentioned but misguided efforts by politicians to impose new regulations on the use of strong cryptography. I do not want to give ammunition to these efforts by appearing to cave in on my principles. I think the article correctly showed that I'm not an ideologue when faced with a tragedy of this magnitude. Did I re-examine my principles in the wake of this tragedy? Of course I did. But the outcome of this re-examination was the same as it was during the years of public debate, that strong cryptography does more good for a democratic society than harm, even if it can be used by terrorists. Read my lips: I have no regrets about developing PGP.

The question of whether strong cryptography should be restricted by the government was debated all through the 1990's. This debate had the participation of the White House, the NSA, the FBI, the courts, the Congress, the computer industry, civilian academia, and the press. This debate fully took into account the question of terrorists using strong crypto, and in fact, that was one of the core issues of the debate. Nonetheless, society's collective decision (over the FBI's objections) was that on the whole, we would be better off with strong crypto, unencumbered with government back doors. The export controls were lifted and no domestic controls were imposed. I feel this was a good decision, because we took the time and had such broad expert participation. Under the present emotional pressure, if we make a rash decision to reverse such a careful decision, it will only lead to terrible mistakes that will not only hurt our democracy, but will also increase the vulnerability of our national information infrastructure.

PGP users should rest assured that I would still not acquiesce to any back doors in PGP.

It is noteworthy that I had only received a single piece of hate mail on this subject. Because of all the press interviews I was dealing with, I did not have time to quietly compose a carefully worded reply to the hate mail, so I did not send a reply at all. After the article appeared, I received hundreds of supportive emails, flooding in at two or three per minute on the day of the article.

I have always enjoyed good relations with the press over the past decade, especially with the Washington Post. I'm sure they will get it right next time.

The article in question appears at

-Philip Zimmermann
24 September 2001

(This letter may be widely circulated)

Version: PGP 7.0.3

iQA/AwUBO69F2sdGNjmy13leEQIn+QCg2DjDeyibtRe61tUSplSAobdzAqEAoOMF ir3lRc4c1D/0Mmmv/JtP/E73 =HmRO

This discussion has been archived. No new comments can be posted.

Philip Zimmermann and 'Guilt' Over PGP

Comments Filter:
  • by mnordstr ( 472213 ) on Monday September 24, 2001 @01:00PM (#2341756) Homepage Journal
    What do you think about the idea of having government backdoors in crypto standards?
  • Future of pgp (Score:5, Interesting)

    by Darkstorm ( 6880 ) <> on Monday September 24, 2001 @01:01PM (#2341762)
    Although I don't use pgp on a daily basis I do occasionally use it and wish that more businesses supported it for use in email. I would much rather encrypt personal information being sent to a company but they don't support it.

    Is there any plans for improving pgp's ability to incorporate itself into email programs and other forms of internet communications that will make it easier for companies and end users to use?
  • by Bruce Perens ( 3872 ) <> on Monday September 24, 2001 @01:06PM (#2341776) Homepage Journal
    PGP empowers people to exchange secrets. Computers empower people to run flight simulators and much else. The internet empowers people to meet each other, organize, and exchange data. All are used for great good, and some evil. One of the things that threaten government and large industry the most is the fact that these technologies empower the individual in a way that only government and industry were empowered before. They would like to use the excuse that these technologies can be used for crime to remove them from everybody's hands.

    What strikes me about this tragic disaster is the way government is targeting technologies that are not connected with the crime, simply because the implication that they could be used is there, using the need to protect the people as a hollow justification to remove our rights.


  • by shomon2 ( 71232 ) on Monday September 24, 2001 @01:10PM (#2341787) Journal
    I'm sorry to hear about the misrepresentation. I'm sure as well that they will do better next time. It's very important that your reaction to this mistake wasn't anger, which is what I'd have expected of a lot of people. Anyway, here's my question:

    To what point would you go with PGP? For example, if it were outlawed, or you considered your life to be threatened through some government's outlawing of it, would you stop working with it, or supporting strong crypto? And if you would actually "go underground" if you sincerely believed that it would help people's freedom, do you think it would matter?

    What I mean is... do you think the internet(email, freenet, www, etc) could still be seen as a place where people can somehow communicate and share information, even under a regime that tried hard to stop that information being shared?
  • by JPMH ( 100614 ) on Monday September 24, 2001 @01:12PM (#2341798)
    The idea is seriously being canvassed in the UK, of making it a criminal offence to send strongly encrypted material by email, or to put it up on a web page. Could such a law be enforced ?
  • I'll admit I'm not extremely knowledgable about government regulation of encryption. But it seemed to me that previous US Governement crypto was basically focusing on controlling the exportation of 'strong' (large key?) encryption, not on the internal (by US citizens) use of encryption.

    My question is, will export regulations help at all? By 'help', I mean 'accomplish what the US Government wants to happen', which I assume would be reducing the strength of encryption available outside the US. The only way I can see export regulations helping is if the large majority of R&D into encryption is done inside the US. Do you know how much work is done inside and/or outside the US in the field of encryption, and would cutting off US encryption research from the outside world (assuming that is possible via regulation) have a major impact on encryption available out of the US, or an impact on the field of encryption itself?

  • A Related Question (Score:5, Interesting)

    by jalefkowit ( 101585 ) <.moc.ztiwokfelnosaj. .ta. .nosaj.> on Monday September 24, 2001 @01:16PM (#2341824) Homepage

    I wonder why the reporter didn't think to ask the CEO of Boeing [] if he is tormented by feelings of guilt? After all, the attacks showed us that he makes his living selling giant flying bombs that Very Bad People can use to kill thousands of our people in one fell swoop. Surely he must agree that he and his company have blood on their hands, right?

    Of course not. Boeing isn't responsible for this tragedy, and neither is Phil Zimmerman (and kudos to Phil for standing up and saying so). Boeing's aircraft have contributed immensely to our national economy by helping make easy commercial air travel possible. Strong crypto has contributed immensely to the economy by helping make the online world a safe, secure place to do business. Both have been misused by evil men to do a great wrong; but they are just tools, with no moral implications beyond those transferred to them through the hands of those who wield them. To place the blame anywhere else is to absolve the monsters behind the attack of the full weight of their crimes.

    -- Jason Lefkowitz

  • Some other bad guys! (Score:3, Interesting)

    by twitter ( 104583 ) on Monday September 24, 2001 @01:17PM (#2341832) Homepage Journal
    Agreed! I'm sure that the Wright brothers [], Diesel [], Sir Whittle [], and others feel no guilt for the actions of criminals.
  • by Derek S ( 19004 ) on Monday September 24, 2001 @01:25PM (#2341888)
    It would appear, then, that there are no good or evil people in the world.
  • by Anonymous Coward on Monday September 24, 2001 @01:30PM (#2341925)
    Good and evil are not relative. Human perception of them is.
  • by Darkstorm ( 6880 ) <> on Monday September 24, 2001 @01:38PM (#2341986)
    If in fact tools such as PGP are used by terrorists, how do governments protect against this?

    I think they must come up with better ways of finding terrorists than looking through everyones email, or listening to everyones phone calls. In reality if it wasn't for the fact that computers can parse and match words very fast the government wouldn't even bother. Since there is no way they could possibly listen to millions of phone calls a day they don't try. Who is to say that they are even using email? I can still write anything I want on paper and for some change can send it anywhere in the country. Although not as fast no one will open it and read it. PGP just keeps the government from mass looking for keywords in email and other internet traffic. Why should they have the right to do something just because it is possible? I agree that terrorism is a problem, but by putting a backdoor in legitimate software does not stop them from hiring someone to create illegal software that will do the same thing. Might not be as good, but by the time someone figures it out it would probably be too late.

    I don't use pgp allot, but if I wish to send information to a friend it is nice to know I can make it private if I want. Its not that I NEED pgp everyday, but I want the choice. Same as I want a choice of whether I want to buy a gun to protect my home. I don't own a gun, but I would like to have that choice. If we don't protect the rights we have, even if we are not using them, they will take them away.
  • by CamelTrader ( 311519 ) on Monday September 24, 2001 @01:38PM (#2341988) Homepage
    Do you have any wish or intent to have the Post make a correction to their article? I don't know any of the numbers, but it seems to me that a lot more people read the Post than Slashdot. Personally I would want the Post readers to know what I really said, and I also think that the Post would be obligated to make such a statement, to maintain their own 'integrity' and accuracy.
  • by Zwack ( 27039 ) on Monday September 24, 2001 @01:44PM (#2342043) Homepage Journal
    Thank you Phil for producing PGP, for standing up for what you really believe, and for re-evaluating your beliefs after this tragic event.
    Given the use of techniques like steganography and Chaffing and Winnowing to hide messages with or without encryption, and the many ways of communicating without openly passing a message (codes, one time pads,...) laws on cryptography are obviously pointless as far as stopping terrorism is concerned.
    So, What would you like to see being done? What measures do you think might be effective against terrorism?
    I don't have any answers, but I haven't seen any that seem effective to me either.

  • by David Greene ( 463 ) on Monday September 24, 2001 @01:46PM (#2342054)
    Except maybe war... but only if its a just war

    No, not even then. The Just War Theory states pretty explicitly that attacking civilians is a no-no. "Collateral damage" must be minimized. There is recognition that innocent people will likely be hurt or killed but they cannot be targets. This includes civilians who might "just happen" to get killed in an attack on a military objective in a densely poulated area. Such an attack would not be just.

    A Just War is also a war with an explicitly stated and achievable goal. The current effort certainly lacks both.

    Was the US nuking Japan "evil?" Were the Allies bombing of Dresden "evil?" Were the Germans bombing of London "evil?"

    "Evil" is a loaded term, but yes, you could describe all of these as such. Note that while individual acts can be unjust, an overall campaign can still be considered just.

    I guess it depends on which side you are on.

    I don't think so. beagle is right. Good and evil are not relative.

    Don't get me wrong. I think 9/11 was pretty damn "evil." But the key words there are "I think."

    It's this moral relativism that continually gets us into trouble. If we as a country would more carefully consider the justness of our policies, there'd be a lot more peace in this world. Even so, this does not, not, not justify what was done on Sep. 11 and those responsible should be brought to justice.

  • by Frizzled ( 123910 ) on Monday September 24, 2001 @01:48PM (#2342073) Homepage
    what, would you say, is the flaw to backdoor'd crypto and how would you explain this defect to someone who lacks a wide knowledge of computers, especially in light of recent events?

    thanks, _f
  • Wow (Score:3, Interesting)

    by NitsujTPU ( 19263 ) on Monday September 24, 2001 @01:50PM (#2342096)
    This misquoting is absolutely incredible in scope. I've been afraid of being misquoted before, but this quite well takes the cake. The individual writing the article wanted to write ONE THING smacking about the crypto community and perhaps even programmers in general, and took the quotes WAY out of context AND pretty much just took sentences and cut out all the words that he needed.

    This is like me saying

    "So, if I get my girlfriend a cat, this is what she wants for Christmas?"

    and being quoted as

    "My girlfriend" "is" "a cat."
  • Quantum Cryptography (Score:5, Interesting)

    by KjetilK ( 186133 ) <kjetil@kjernsm[ ]et ['o.n' in gap]> on Monday September 24, 2001 @01:52PM (#2342114) Homepage Journal
    We all know that a working quantum computer will make the current algorithms obsolete. Thus, the following questions:
    1. Do you think a quantum computer can be developed in secrecy?
    2. If yes, how can we tell if our encryption needs to be changed?
    3. What are your ideas for a "quantum PGP"?

    Also, I would like to thank you for PGP. Indeed, it is making the world a better place, and to me it is even more apparent in light of recent events.

    Kjetil (Keyid: 6A6A0BBC)

  • by Bonker ( 243350 ) on Monday September 24, 2001 @01:52PM (#2342120)
    Okay, I posted the above as a mental excerise and then switched over to Wired News where I read the following:,1283,47074,00 .html []

    ISLAMABAD, Pakistan -- The Taliban have threatened to execute any U.N. worker who uses computers and communications equipment in Afghanistan, forcing a near halt to the remaining relief work in the country, U.N. officials said Monday.

    The militia raided U.N. offices in Kabul, the capital, and Kandahar, where the Taliban leadership is based, during the weekend and sealed their satellite telephones, walkie-talkies, computers and vehicles to bar them from use, according to U.N. spokeswoman Stephanie Bunker.
  • by Black Art ( 3335 ) on Monday September 24, 2001 @01:53PM (#2342127)
    The secret keyring in practically every implementation of PGP leaks information off the secret key ring.

    Not the messages, but something that can comprimise the existance of the user.

    The identities on the keyring can be listed without a passphrase.

    This means that if you have a standard keyring with your personal ID and you are also "Chairman X" of the local committee for doing things the State does not like, if they obtain your keyring, they can show that you and "Chairman X" are most likely the same person.

    All it takes is "pgp -kvv secring.pgp" and I can tell you all of the aliases and alternate identities that you use.

    Currently, using multiple secret key rings is a pain. Most implemenations of PGP do not have the ability to add a master passphrase on the keyring.

    BTW, people have been linked to their nyms by just this method. (Ask Carl Johnson. He was a canadian who spent time in an American jail because he said something through a nym that the government found threatening.)
  • by TheNut ( 203385 ) <> on Monday September 24, 2001 @02:06PM (#2342251) Homepage

    I have to agree here. Even in the case of guns (I am British and I agree with our gun laws). Guns themselves are not evil. The person behind the trigger is. (Why I agree with the laws is a seperate issue. If you really must know why, email me)

    I do not want to be associated in even the most indirect way the the bombings simply because I use GPG. There is nothing wrong with using encryption, and I want nothing to do with a government that outlaws it (which mine is in grave danger of doing).

  • by dr.mabusa ( 75834 ) on Monday September 24, 2001 @02:15PM (#2342323)
    There seems to be a lot of doubt about the "good" uses of strong encryption, e.g. to save lifes, create freedom, right a wrong, etc. Most people seem to adopt a "I have nothing to hide" attitude, seeing encryption as a danger rather than an opportunity. What is your favourite success story in this regard, i.e. a story where strong encryption lead to something "obviously" good (in an "American" sense of the word)?
  • by ajs ( 35943 ) <ajs AT ajs DOT com> on Monday September 24, 2001 @02:17PM (#2342340) Homepage Journal
    If in fact tools such as PGP are used by terrorists, how do governments protect against this?

    Ignoring the Tom Clancy-esque view of our intelligence service as a jewel of freedom, what you describe is not a desirable goal. "Protecting" the government from the privacy of its citizens (and those of other nations) is about as awful as protecting them from my freedom to vote.

    It's a disturbing reality that when you give people privacy, some will discuss how to blow up your cities. Revoking their freedom to discuss such things is called law enforcement, and it happens by punishing them for committing acts of agression, not for having privacy.

    If my mother had been in the WTC, and it were CLEAR that PGP had been used to communicate how to attack, I would still fight to MY death to protect our right to use it. Terrorism can be stopped, but if we give up our freedom to do it, we've defended nothing.

  • PGP Test (Score:2, Interesting)

    by marvin tph ( 462349 ) on Monday September 24, 2001 @02:21PM (#2342380) Homepage
    To Phil or anyone who knows:

    If the governments make use of strong encryption illegal they need to enforce it by checking users' mail for signs of encryption. I know of some computationally easy tests that allow you to get a pretty good idea if a number is prime(ie Fermat). So my question is: do such tests exist for PGP-encrypted documents?
  • Re:But there is (Score:2, Interesting)

    by NullAndVoid ( 181397 ) on Monday September 24, 2001 @02:46PM (#2342571)
    Constantinople was sacked by Catholic Crusaders who had originally planned to fight the infidels in the Holy Lands, but couldn't afford the fare so decided WTF, these guys are handy and rich. Just goes to show that the main point of the Crusades wasn't really advancing Christianity (certainly not anything Christ would've been proud of). The Crusades were just the old fashioned plundering of the current center of civilization/learning/wealth, which happened to be the Muslems at that point.
  • I'm a linux sysadmin and I use PGP to encrypt root passwords when I change them on some Army machines that I remotely admin. The weird thing was that the Army personel (at 6 different sites around the US) didn't know how to even USE PGP when I sent them things. I had to hold their hands over the phone and show them how to decrypt the information.

    It seems to me that only people who REQUIRE encryption (terrorists, and your basic bad guys) and highly-technical people (anyone reading this e-mail) even bothers to encrypt their e-mail or their data (not counting commercial SSL in web browsers, since that's automatic). Shouldn't our government FORCE all of their communications to be encrypted and give all military personel training in this sort of thing? I'm sure that the bad guys (whomever they are) are all sitting around a table learning how to encrypt data, but in our country it seems that even the people who SHOULD be encrypting their data don't even know how to.

    Just an observation.
  • by gweihir ( 88907 ) on Monday September 24, 2001 @02:57PM (#2342643)
    You're right about one thing - tools are never evil, but their uses can be.
    You're not right about the other - good and evil are not relative.

    That is not the point. Good uses of a tool have to balanced against evil uses. This world is not a friendly place. And the slight (if at all) possibility of these 6000+ people not being killed is outweighted by the positive uses of PGP.

    Face it, technology always kills people. Here is another angle: These people where definitely killed by airplanes. Banning airplanes would have saved these people.

    What is the answer? Ban airplanes?

    Certainly not! Airplanes have saved counless lifes, certainly more than they took. Especially if you compare the risks of going by plane with the risks of traveling the same distance with any other means.

    There is never any justification for the murder of innocents.

    But who is innocent? What about collateral damage? I have recently been to Belgrade, there was a lot of "collateral damage". Like people in the television building that where just technicians and not political at all. Now was that US bombing justified? It killed about 20 people that qualify as innocent by any sane standard. Or was stopping the propaganda television more important? Maybe because it was felt that not killing these innocents would lead to the killing of a lot more other innocents? Did this bombing indeed save others?

    Face it, the world is not black and white, just shades of grey.
  • by Anonymous Coward on Monday September 24, 2001 @03:16PM (#2342773)
    > I'm pretty sure the US government was convinced that A-bombing Japan was justified. Or rather, I hope they did and do believe that it was justified, it would be far worse if they themselves think of that action as evil.

    Uhm, why does it matter whether someone thinks they are doing good or evil? It's actions that count.

    Not to say that nuking Japan was good or evil, I don't know enough about it to have an opinion.

    But if I go out and murder a bunch of crack dealers, maybe I think I'm doing a good thing, doing the world a favor. It's still murder, no matter what I think about it. The law says I get a lethal injection or something... all law really is is an attempt to turn a society's subjective perceptions of good and evil into something objective, that can be judged according to rules. In law (and in common morality as defined by the people whose attitudes shaped that law), there is no justification for killing 6,000 people civilians (rules are different for killing military personnel in formally declared wars)

    But the guys who actually did the killing? Of course it's justified in their minds. Else they wouldn't have done it.
    This doesn't mean it's objectively justified, in some mathematically provable way (what human actions really ever are? Humans aren't numbers).

    So these killers (and I'm speaking of the co-ordinators, the masterminds, not the actual suicide terrorists, who are obviously dead and can't be punished by human law), these guys deserve punishment, whether or not they themselves thought they were doing something good or something evil.

    Sorry, that's more of a random rant than I meant it to be.

    BTW, I'm pretty new at posting on /. (been reading
    for a while), has anyone else had this problem: When replying, I have this form where I can enter my username/password, and what I want to post.. However, every time I hit `preview', I get logged out. I checked to make sure I've got cookies enabled in my browser, this keeps happening. So, if this post says it's anonymous, I apologize. My /. username is Urchlay. I'm using Mozilla 0.9.4, I hope that's not what's causing the problem...
  • by Sandlund ( 226344 ) <> on Monday September 24, 2001 @03:17PM (#2342783)
    As a journalist, I've seen editors similarly change my copy to create an incorrect inference. When I worked as an editor, I saw fellow editors make similar shoddy errors. It might be laziness. It might be too many distractions. But the common thread is always that someone is doing something without thinking about its implications.

    For those of you who work as programmers, think of it as someone butchering your code by adding a "fix" that creates a bug. It springs from the same source: inattention to details.

    Considering the political implications here, however, this is almost as egregious as blindly adding a bug to a nuclear power plant's software that brings on a meltdown.

    - Chris
  • Re:Future of pgp (Score:3, Interesting)

    by tim_maroney ( 239442 ) on Monday September 24, 2001 @03:20PM (#2342811) Homepage
    Is there any plans for improving pgp's ability to incorporate itself into email programs and other forms of internet communications that will make it easier for companies and end users to use?

    Take a look at this usability study on PGP []. The design hasn't moved forward much since the study was done. PGP is so difficult to use that it may have created a new category: "insecurity through obscurity."

  • by David Greene ( 463 ) on Monday September 24, 2001 @03:29PM (#2342882)
    In your orig text, in which you were arguing the absoluteness of morality, you said:

    There is never any justification for the murder of innocents.

    While I agree with the statement, I did not write it. I have to credit beagle for that particular insight.

    just what "murder" defines is a whole other arguement

    Actually, it's central to the argument. Murder implies intent.

    To argue that something is absolute then turn around and say "well, in some cases its not quite as bad as others" does not do your cause justice.

    Does JWT fall short of the ideal? Yes! No one, not even Church leaders, will disagree with that. But there is a recognition that intent plays a large role in what we do. I'm not arguing that JWT gets us off scot free. On the contrary, it must be invoked only as a last resort and implies some very specific restrictions on what is allowed. Even then, still, we must face the consequences.

    Now, as for the arguement that there are moral absolutes, we are going to come to a standstill (since I now realize this argument is based on faith, something that is unprovable).

    No argument there.

    To you, the absolutes are framed by your beliefs. To me (and many, many others) their morals are framed by thier beliefs (or lack thereof). To you, you are right and they are wrong. To them, they are right and you are wrong. Which is precicely why I say how the concepts of "right" and "wrong" are relative.

    I would say, rather, that what we believe or what we wish to believe is relative. There is Good and there is Evil. Much Evil exists because of our own ignorance. I'm not claiming to hold the answers to what is right and wrong. I am a flawed human being struggling to understand the world, just like everyone else. But I do believe there is an ideal we strive for.

    Then again, maybe there is an absolute "right" and "wrong." Whatever I say is "right" is "right." Whatever I say is "wrong" is "wrong." Anyone who thinks differently than I is deluding themselves :)

    I know you say this in jest, but I have seen too many comments that use this caricature of religion and/or faith to discredit those with whom some disagree. Unfortunately, as a wise man once told me, religion often gets in the way of faith and such caricatures unfortunately all too often ring true. But please understand that the majority of faithful people don't hold such nacissistic views. They arrive at their conclusions through much education, thought, prayer, humilty and even anguish.

    God does.

    Which God? (a loaded question I know...I'm not trying to be glib here... I assume you mean the one true God who is very real to you).

    Just to set the record straight, I am a member of the Roman (ugh, I can't stand that qualifier!) Catholic Church.

    Regardless of whether we come to a shared conclusion or not, the exercise is very useful and I thank you and all the others who have helped me think things through a little more and come to some better understanding, however small that may be.

  • Question for Phil (Score:2, Interesting)

    by sharp-bang ( 311928 ) <> on Monday September 24, 2001 @03:30PM (#2342887) Homepage
    In the wake of 9-11-2001, how, specifically, would you make the case that strong, unregulated encryption is a net gain for society? For example, is it possible to balance deaths caused by PGP-using terrorists, against, for example, millions of investors performing financial transactions without fear of governmental snooping? My sense is that lots of Americans favor privacy as an ideal, but see it as just that- an ideal that can and should be given up if it hinders addressing the new reality of terrorist threats. I'm not saying I buy this argument, but how do we make the case in concrete terms (e.g. lived saved, cost to consumers and taxpayers) to our legislators, employers, and ultimately ourselves that strong encryption is a net societal good? What we you say to people that ask whether more deaths are worth it?
  • I Like Your Hat! (Score:4, Interesting)

    by 4of12 ( 97621 ) on Monday September 24, 2001 @04:36PM (#2343065) Homepage Journal

    [That would be the "Phil's Pretty Good Software" hat.]


    Do you see any reasonable chances for success for a truly free and open system of certification authorities that would enable large numbers of people to exchange ideas and money in a way they would trust and yet simultaneously permit them privacy and anonymity?

    What is your opinion of Hailstorm?

  • by Mike1024 ( 184871 ) on Monday September 24, 2001 @05:15PM (#2343334)

    What are the uses of cryptography as a "Human Rights Tool"?

    On Phil Zimmerman's website, he has some letters from human rights groups []. You might consider looking at them.

    If in fact tools such as PGP are used by terrorists, how do governments protect against this?

    They don't, to put it simply. There would be no beneift - I don't think the terrorists would send e-mails saying "Ready for the WTC attack on 09/11, I have brought knives and plane tickets". They would use a code of some sort, or maybe even phone calls, postal mail or even face-to-face meetings.

  • Question for Phil (Score:4, Interesting)

    by merlin_jim ( 302773 ) <James.McCracken@ ... m ['pul' in gap]> on Monday September 24, 2001 @05:18PM (#2343349)
    First off, hats off to a career that has been inspiring to us all. I know that I, for one, cried for joy on the day that cryptographic export was opened up.

    Now, the question:

    It is hard for the public to hear the message "crypto backdoors are bad" without associating it with an anarchist anti-gov't message.

    First off, do you believe it is possible for the gov't to implement a crypto backdoor without "Bad Guys" getting into the backdoor and thereby compromising security?

    Secondly, do you have any positive examples or anecdotes of why strong crypto is good for gov't, or at least not detrimental?

    Thanks, and once again congrats.
  • by Anonymous Coward on Monday September 24, 2001 @05:34PM (#2343438)
    >It's the same as *strict* gun control - criminals already won't follow the law, so they aren't going to suddenly turn in their guns if they become illegal. Oh, guess I'll have to find a new way to break the law, now that guns are illegal.

    I just heard on NPR this morning that one of the things that the Taleban (sp?) did to Afganistan was to confiscate the people's guns. Now there is a large faction of the Afganistan people who disagree with the Talaban (there is no actual government to speak of) and they have no way to fight back or to fight for their own human rights.

    If we continue the analogy of guns and encryption then we have a pretty good case study here. The very people who we need to fight have decided that it's a good idea to take tools (encryption, guns, internet, television etc) out of the hands of the people in order to make them easier to control. If the American government decides to remove this tool (encryption) from law abiding people then we are doing exactly the thing that we're going to be fighting to end.

    We have an amazing set of rights in this country. A lot of people have already died fighting for those rights in the past 225 years. As terrible as this attack has been let's not make the mistake of using this to limit our rights further.

    Ben Franklin's oft quoted comment about "Rights and security" has never been more appropriate.

  • Don't argue, act! (Score:2, Interesting)

    by infractor ( 152926 ) on Monday September 24, 2001 @05:49PM (#2343529)
    There is a lot of talk about technology and religion...

    Shouldn't we all be mailing the washington post to request a retraction if we feel this strongly about the issues?

    I mailed them and I clicked on the link so they'd know I knew they were publishing inaccurate information...

  • PGP has lots of uses (Score:1, Interesting)

    by Anonymous Coward on Monday September 24, 2001 @06:03PM (#2343683)
    I happen to know that several small groups in countries controlled by dictator(s) are using PGP to communicate human rights attrocities to outsiders without the fear of their governments persecuting them for it. PGP is just a tool, as mentioned before, it can be of tremendous use to people who are struggling for freedom as a method to protect themselves.
  • by Anonymous Coward on Monday September 24, 2001 @07:32PM (#2344340)
    I downloaded Philip's public keys from , ran it against the Key in the letter's signature. Here was my result:

    gpg: Signature made Mon 24 Sep 2001 09:40:26 AM CDT using DSA key ID B2D7795E

    gpg: BAD signature from "Philip R. Zimmermann "

    Was that really him?

  • Re:But there is (Score:1, Interesting)

    by Anonymous Coward on Tuesday September 25, 2001 @02:59PM (#2348657)
    First of all despite the fact that the news likes to use the words "islamic fundamentalist" in the place of "terrorist" let's get one thing straight, these people are not Islamic no matter what they claim to be. They are terrorists plain and simple. Islam is a very peaceful religion overall. Calling a holy war, or jihad, against another country is not acceptable under Muslim tennants. Jihad can be declared against an opressive ruling body, to defend ones country and people, or to rid oneself of personal vices. Thats it! And during a Jihad the rules are equally simple: Never destroy personal property, never harm innocents not involved in the conflict, never harm a soldier who is surrendering, never kill livestock except as neccessary, and never cut down trees that aren't already dead. Mohammed himself set down those rules. So it should be obvious to everyone that these people are using their religion as a convienent way to justify the bloodshed. After all when a Catholic nut blows up an abortion clinic do we call him a "Catholic fundamentalist"? No! We call him a wacko.

    Secondly, the justification for any action will come primarily from the morals of the culture that the individual performing the action was raised in. In other words, if the persons culture says something is permissible, then it is. If you were raised in China, you might believe that it was ok to let female infants die in favor of males. If you were raised in Syria you might think it is ok for a man to have several wives. If you were born in remote parts of India you might think it was ok for wives to be burned alive on their dead husbands funeral pyre. Being born in the "western world" however you are unlikely to think any of those are morally permissible actions. It's all a matter of perception.

If you want to put yourself on the map, publish your own map.