Meeting Phil Zimmermann, the Godfather of Online Privacy

View on Substack

I recently got back from Nashville, where I was incredibly fortunate to host a fireside chat with the one and only Phil Zimmermann.

Phil invented PGP — the most widely used email encryption software in the world — and the federal government fought him for 3 years for doing so.

The battle, known as the first Crypto Wars, wasn't against cryptocurrency but encryption. It was waged by Cypherpunks and privacy advocates worldwide, united by the belief that privacy is a fundamental right.

Phil published PGP source code in books with MIT, fought for code to be recognized as freedom of speech, and eventually the federal government dropped their case. It’s thanks to his efforts and those who joined this battle that we have the ability to protect our privacy today.

But once again we find ourselves in another crypto war, with governments around the world trying to destroy privacy.

The discussion between Phil and me will be published soon on NBTV, but in the meantime I wanted to share this essay that Phil wrote a few years ago, about the importance of private communications, and this new war on privacy.

Enjoy!

PGP Marks 30th Anniversary

6 June 2021

Written by Philip Zimmermann

Today marks the 30th anniversary of the release of PGP 1.0.

It was on this day in 1991 that Pretty Good Privacy was uploaded to the Internet. I had sent it to a couple of my friends for distribution the day before. This set in motion a decade of struggle to end the US export controls on strong cryptographic software. After PGP version 1.0 was released, a number of volunteer engineers came forward and we made many improvements. In September 1992 we released PGP 2.0 in ten foreign languages, running on several different platforms, upgraded with much better cryptography and new functionality, including the distributed trust model that helped PGP become the most widely used method of email encryption.

I became the target of a criminal investigation for violating the Arms Export Control Act by allowing PGP to spread around the world. This further propelled PGP's popularity. The government dropped the investigation in early 1996, but the policy debate raged on, until the US export restrictions finally collapsed in 2000. PGP ignited the decade of the Crypto Wars, resulting in all the western democracies dropping their restrictions on the use of strong cryptography. It was a storied and thrilling decade, and a triumph of activism for the right to have a private conversation.

I wanted PGP to be used for human rights applications. I wanted it to spread all over the world, especially to places where people needed protection from their own governments. But I couldn't say that out loud during the criminal investigation, because it would help the prosecutor prove intent.

The most dramatic PGP stories came from outside the US. PGP helped enable the safe evacuation of 8000 civilians from mortal danger during the Kosovo conflict. While attending the 2014 National Cybersecurity Hall of Fame ceremony, a guy from the HUMINT community approached me to thank me because he said he had some colleagues who were alive today because of PGP. Human rights groups documenting war crimes in Guatemala, protecting witnesses from reprisals from the military. Human rights workers in the Balkans. Political resistance in Burma in the 1990s. There were so many stories like that over the years.

In 2004, Robert Morris Sr., who had retired from NSA, told me that when PGP first appeared on the scene along with its source code, the NSA was particularly worried that the source code would show a lot of people how to develop strong public key crypto software, and the skills would proliferate.

Here we are, three decades later, and strong crypto is everywhere. What was glamorous in the 1990s is now mundane. So much has changed in those decades. That's a long time in dog years and technology years. My own work shifted to end-to-end secure telephony and text messaging. We now have ubiquitous strong crypto in our browsers, in VPNs, in e-commerce and banking apps, in IoT products, in disk encryption, in the TOR network, in cryptocurrencies. And in a resurgence of implementations of the OpenPGP protocol. It would seem impossible to put this toothpaste back in the tube.

Yet, we now see a number of governments trying to do exactly that. Pushing back against end-to-end encryption. We see it in Australia, the UK, the US, and other liberal democracies. Twenty years after we all thought we won the Crypto Wars. Do we have to mobilize again? Veterans of the Crypto Wars may have trouble fitting into their old uniforms. Remember that scene in Pixar's The Incredibles when Mr. Incredible tries to squeeze into his old costume? We are going to need fresh troops.

The need for protecting our right to a private conversation has never been stronger. Democracies everywhere are sliding into populist autocracies. Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can. If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China. Secure communication is necessary for grassroots political opposition in those societies.

It's not only personal freedom at stake. It's also national security. The reckless deployment of Huawei 5G infrastructure across Europe has created easy opportunities for Chinese SIGINT. End-to-end encryption products are essential for European national security, to counter a hostile SIGINT environment controlled by China. We must push back hard in policy space to preserve the right to end-to-end encryption.

-Philip Zimmermann
6 June 2021
The Hague, Netherlands
https://www.philzimmermann.com

If you found this information helpful, consider supporting our channel by donating to NBTV. Your support helps us create free educational content that teaches people how to reclaim control over their digital lives. Visit NBTV.media/support to set up a monthly, tax-deductible donation to our non-profit.

Yours in privacy,
Naomi

NBTV. Because Privacy Matters.

Subscribe to Substack 

Previous
Previous

Advice from DEFCON: Turn off Bluetooth and WiFi

Next
Next

A Secure Vault For Your Data: Do You Need One?