'Trust, but encrypt' is new theme for Internet
It's a yearly gathering of those who don't trust the Internet folks who say "trust me."
The Eleventh Conference on Computers, Freedom and Privacy was held earlier this month in Cambridge, Mass. Items discussed included Carnivore, the FBI e-mail filtering software that has raised serious questions about the integrity of e-mail examined during FBI searches; UCITA, (the Uniform Computer Information Transaction Act), a law proposed for enactment in all 50 states that would standardize the licensing of software and, if its critics are correct, possibly jeopardize consumer rights; and gadgets that "sky" - new consumer devices that phone home automatically, sending information via phone or wireless to the companies that build the devices.
Yet for all the good sessions offered, one of the best was Phil Zimmermann's. In the online privacy community, Mr. Zimmermann is a legitimate hero, an individual who literally took on the US government and some of its most shadowy intelligence operations ... and won.
Zimmermann is the creator of PGP, or Pretty Good Software. And what PGP does is allow two people (or more) to have truly private conversations, via e-mail, on the Internet. And that's why the government went after him.
"Before PGP, there was no way for two ordinary people to communicate over long distances without the risk of interception," Zimmermann told a magazine last year. "Not by phone, not by FedEx, not by fax."
Released for free on the Internet in 1991, PGP was a dramatic development in Internet security. And it immediately attracted the attention of the Justice Department, which considered the software a "munition." If it fell into the hands of criminals, the department argued, it could have disastrous consequences.
Zimmermann countered: But what if it fell into the hands of dissidents in a totalitarian state, who could use it as a way to communicate with the outside world?
The Justice Department apparently didn't agree with Zimmermann's line of thinking. With scarce resources, he fought an intense legal battle that lasted for years. Justice finally gave up trying to put Zimmermann behind bars, but refused to allow him to export PGP.
Then, after the efforts of many Zimmermann-like sympathizers, the government recently backed off, and now allows encryption software to be exported outside the US.
Zimmermann didn't bother to give a lecture. Instead, as we approach the 10th anniversary of the release of PGP, he told stories about his adventures with the Justice Department, what happened after he sold his company to Network Associates, and his efforts to improve on older software that would allow people to talk securely on the Internet.
He admitted he had run out of money on that project, and asked if any one in the room knew of code writers who would be interested in helping. Immediately, a representative of a human
mit.edu/network/pgp.html. Or you can use a Web version of public key encryption by going to Hushmail at www.hush.com.
Tom Regan is the associate editor of csmonitor.com, the electronic edition of The Christian Science Monitor. You can e-mail him at firstname.lastname@example.org.
(c) Copyright 2001. The Christian Science Monitor