Feeds

Zimmermann defends strong crypto against govt assault

Backdoors are 'worse than futile'

  • alert
  • submit to reddit

Remote control for virtualized desktops

Strong cryptography does more good for society than harm and placing backdoors in encryption products to allow law enforcement access to plain text messages would be "worse than futile", encryption guru Phil Zimmermann told The Register today.

Zimmermann, the creator of the popular email encryption package PGP, told us that reversing the policy of allowing strong cryptography "under the terrible emotional pressure" created by the September 11 atrocities would be a "mistake".

The possibility that terrorists might use potentially unbreakable encryption was considered when legislation on ecommerce was formulated in the 1990s, and it recognised that the need to protect ecommerce came before law enforcement concerns. Encryption products with backdoor access are inherently less secure.

"I'm not insensitive to the downside of the technology" said Zimmermann. "But if you impose controls on encryption, the bad guys won't use products featuring backdoor cryptographic access."

Like Bruce Schneier, chief technology officer of Counterpane Internet Security, Zimmermann argues that the ability of law enforcement to read anyone's email is unlikely to help the authorities to prevent terrorism. For one thing, Zimmermann (or us for that matter) haven't seen any evidence that the September 11 hijackers used encryption.

Zimmermann thought that investigative tools, conventional policing and (not least) the ability to translate documents in Arabic would be a better focus for counter-terrorism efforts. Mass surveillance through the ability to tap anyone's email isn't the answer.

"Governments are not making a case for encryption controls, because they are not making use of the intelligence they already have," said Zimmermann, who said a convincing case that encryption control would have averted disaster is yet to be made.

Last month, the Washington Post carried at article which incorrectly reported Zimmermann was "overwhelmed with feelings of guilt" over the use of PGP by suspected terrorists. Zimmermann has written a response to this article, which you can read in full here. He believes the misrepresentation of his views in the Washington Post article was the result of an "honest misunderstanding" by the paper. ®

Related Stories

Bruce Schneier on crypto, the FBI, privacy and more
Americans want Uncryption
Broader surveillance won't prevent terrorism -Schneier

External Links

Philip Zimmermann's home page

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.