PGP creator: Snooping must be curbed

Summary:Q&A Phil Zimmermann, the creator of the Pretty Good Privacy encryption tool, says that widespread surveillance is leading us into an Orwellian future.

Phil Zimmermann, creator of Pretty Good Privacy encryption--better known as PGP--was in Italy this week for the InfoSecurity conference. ZDNet Italy caught up with him to discuss the technical, social and politic implications of his encryption tool.

At 47 years old, Zimmermann is already a legend in the computing industry. As the inventor of the famous Pretty Good Privacy encryption tool, he faced a 3-year-long investigation by the U.S. government for illegal export of weapons. That investigation was launched because he released the software along with its source code to the public domain, allowing Internet users to protect the privacy of their electronic messages.

Q: When you initially developed PGP, did you imagine the effect it would have?
A: I imagined that it would change something, but I didn't foresee that it would have that kind of major political impact. I thought that it would become a useful piece of software, but I didn't realize that it would cause such a firestorm as the industry underwent in the ‘90s about cryptography.

When you first published PGP, were you aware that cyberspace had different borders to the real world?
I knew that PGP would spread around the world, because I knew the Internet was everywhere. But during the three years of criminal investigation (into it) my lawyers insisted that I never acknowledge that I wanted PGP to go outside the U.S. I had to be very careful, when I spoke in public, (to say) that I intended PGP for domestic use only.

The reality is that human rights was one of the primary motivations for developing PGP. I wanted it to be used by human rights workers around the world. But I couldn't say this during the criminal investigation, because an important part of the prosecutors' case focused on my motivation. If I had admitted that I wanted (PGP) to be exported, it would have made it easier for them to prosecute me. So I could not talk about this until the end of the investigation. Now it's too late for them to do anything about it--too many years have passed--so I can say whatever I want. I can say that I developed PGP for human rights applications.

What are your feelings about the fact that your tool can be used by people in a way that goes against your original idea?
I can't think of any way to make this technology available to everyone without also making it available to criminals. I thought about it a lot. This has been the focus of the debate in the '90s: Many cryptographers have tried to think of a way to make this technology available to good people without also making it available to bad people, but nobody was able to come up with a solution.

Like the telephone?
Yes. For example, after Sept. 11 there was some speculation that terrorists were using some kind of GPS technology. Well if they were, they were applying technology directly to kill people. You know, it's difficult to fly a plane: It's difficult even to fly it to an airport, it's even more difficult to fly it into the World Trade Center. It's not a normal path, it would help to have a GPS. This is just speculation. Anyway, manufacturers could stop making GPS receivers. But what about the rest of us? We benefit from GPS receivers.

From an economic standpoint, the success of PGP demonstrated a very important need in the market. What was this need?
I didn't have any market research to measure market demand. I just had my political instincts. And my political instincts told me that society will be transformed by communications technology, that we would lose our privacy if we did nothing.

We enjoyed a great level of privacy in the analog world, and we lose that as we move into the digital world. I wanted to preserve it, that's what PGP is for. It's a countermeasure to the lack of privacy created by the information age.

Can PGP also be used as a protection against Echelon?
A lot has been written about Echelon. It's amusing that everybody is so upset about Echelon, because the National Security Agency (NSA) had been listening to electronic communication in Europe for many years before anybody called it Echelon. It's nothing new. I think that now the NSA is focusing on searching for members of Al Qaeda, so we don't have to worry too much about the attention paid to the rest of us.

You've always been opposed to "key escrow" technology. But in some cases, for example in enterprises, it may be necessary to be able to open an encrypted communication.
This is exactly the reason why I developed the additional decryption key feature in PGP. In PGP now there is a mechanism that allows the encryption and decryption of a message with two public keys. So if, for example, the owner of the primary key is on vacation, the company he works for can decrypt the message with the second key.

Businesses have different issues to end-users. If you write a love letter, you want it to be decrypted only by one key. But if you write a piece of business correspondence, there's an institution involved, so it is in your interest to use an extra key to read the message.

What are the new risks caused by technological innovation?
It is not only digital communication that poses risks to our privacy, but also the widespread deployment of surveillance technology. For example, video cameras--in Great Britain especially, everybody knows that there are millions of video cameras. I'm sure that you have heard about face recognition software that has been applied recently in the United States.

If you have video cameras in every street corner, in every public place, together with face recognition software, then it becomes possible to track the movements of every human being as they walk down the street, identifying every person individually and keeping track of their movements all day long. This is an Orwellian future that is not in our interest. We should try to limit the spread of surveillance technology. We should not allow the fears that we have for the terrorism to stampede us into an Orwellian world.

In many places in the United States., it's a common habit not to lock house doors, because privacy is respected. But you suggest encrypting e-mail messages. Isn't that a contradiction?
In the U.S. in urban environments, we always lock the doors, and in rural environments we leave them open. It depends on where you are. In urban environments there are many people that you don't know. So we tend to be more protective. The Internet, because it allows people to do things anonymously--well, mostly anonymously--could encourage antisocial behavior like you would find in a large city.

So I think that we need to protect ourselves on the Internet. We need encrypted e-mail, we need firewalls, we need virtual private networks, we need intrusion detection systems.

The Internet is like an urban environment, where you meet people you'll never meet again. So they may behave as people sometimes behave when they know that they'll never meet you again. To put it in game theory terms, it's like the difference between 'prisoner dilemma' and the 'iterated prisoner dilemma'. People play the game differently when they play a single round or when they play in an iterated fashion with the same people.

Do you think that this kind of encryption technology will be also interesting for the wireless communications?
In the wireless world, it is essential that you use encryption, especially for the communication links. Because unlike wired communication, wireless communication is broadcast. Every little device is like a small portable radio station. Anybody can pick it up, if they are listening. You have to encrypt anything if you want to keep it private. So there is a greater urgency to apply encryption technology in the wireless world.

Is there some historically famous character who inspired you, or who you like in particular?
During the '80s I become active in the Peace Movement in the United States. And someone that I found particularly inspiring was Daniel Elsberg. He published some classified documents about the Vietnam War, during the war, and these papers became known as the Pentagon Papers. He published them in an effort to bring an end to the Vietnam War and he was prosecuted for this. He faced so many years in prison that it would be the rest of his life. He prevailed in the legal struggle and did not go to prison.

I've found this particularly inspiring. He took great risk, it was dangerous, but he published these documents, and he helped bring an end the Vietnam War. I don't think that the release of these documents had a directly influence on the end of the war, but he helped to create a political condition that eventually led to the end of the war. If I had to settle on one thing that inspired me to publish PGP, in some ways that did.

ZDNet Italy's Gaetano D'Elia and Alberto D'Ottavi reported from Milan.

Topics: Privacy, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.