Feeds

PGP creator: Net is like 'downtown Bagdad'

The internet depends on strong crypto, Zimmerman says

The Power of One eBook: Top reasons to choose HP BladeSystem

Interview PGP (Pretty Good Privacy), the encryption software package created by privacy advocate Phil Zimmermann, celebrated its fifteenth birthday last week.

Developed to help human rights activists to communicate safely via the net, Zimmermann’s software is deployed by more than 35,000 businesses and millions of individuals. In the last 15 years encryption has grow from a product of questionable legal status to a government-mandated approach to protecting sensitive ecommerce transactions.

Strong encryption used to be viewed as something 'dodgy', prompting the question: "what are you trying to hide". Now firms are legally required to encrypt data or risk falling foul of information disclosure laws and corporate governance regulations,

Zimmermann says PGP has been "more successful than I first envisioned", even though email encryption technology is less commonplace than many pundits predicted in the late 1990s.

The internet has moved on a great deal in the last 15 years and not always been for the best, he says. "The internet has gone from been a gentleman's club for academics to something fiendishly hostile. It's changed from something like a university campus to downtown Bagdad," he told The Register.

The use of PGP remains politically-charged. "PGP is used by agents of major governments and has become a tool in the war on terror. Unfortunately, and I wish this wasn't true, it's also used by the bad guys. Like any computer technology, encryption can be used for both good or ill," Zimmermann said.

The original cypherpunk

Phil Zimmerman pictureZimmermann was the first developer to make public key encryption software easily available to the public. After he released PGP's source code - a step he took to make sure the code could be checked by independent experts for backdoors - the technology became available of the then fledgling internet through Usenet. Zimmermann said he had no part in distributing the software outside the US, but its availability overseas still brought the unwelcome attentions of the US government.

A licensing dispute over the use of the RSA algorithm in PGP escalated when the US Customs Service began a criminal investigation of Zimmermann in February 1993 over allegations of "munitions export without a license". At the time encryption products stronger than 40bits (PGP was a 128bit product) were considered a munition.

For three years, Zimmermann lived under the shadow of this investigation until the case was dropped in early 1996. Zimmermann said this difficult period brought some benefits.

"The criminal investigation alerted public to existence of PGP and increased its credibility. People like to root for the underdog," he said.

The closure of the case left Zimmermann free to establish a company (PGP Inc.) and to market updated versions of his software and related products. Unfortunately, Zimmermann, tells us this original firm was infected by the dotcom madness of the time and soon collapsed under debt. "This was the '90s and firms thought you had to spend quickly in order to make money. Unfortunately it didn't work," he said.

PGP Inc. was acquired by Network Associates (NAI) in December 1997, and Zimmermann stayed on for three years as a senior fellow despite his view, in retrospect, that PGP "languished" under the custody of NAI.

Network Associates dropped development of the software when it was faced by its own financial problems, four years or so ago. But the technology was revived after it was acquired by a new firm, PGP Corporation, in 2002. Zimmermann continues as a special advisor and consultant to PGP Corporation while working on a number of other projects.

Dial Z for Zfone

Chief among these is Zfone, a software package designed to encrypt VoIP calls, which is in beta test. Zimmermann said technology of this type guards against the possibility of organised criminals placing spyware on machines as a way to monitor conversations. The software adds encryption features to VoIP programs such as Gizmo and SIPphone. But it does not interoperate with Skype, which utilises a separate (and proprietary) encryption algorithm.

"Details on how Skype works haven't been publically released so I've been unable to accommodate it," Zimmermann explained.

The priorities for Zfone's future development include OEM deals with VoIP phone manufacturers and embedding the technology in VoIP clients, he added.

Zimmermann said he'd never experience government harassment over Zfone, in contrast to his experiences in developing PGP. "The world has changed. The internet depends on strong crypto. I hope governments understand that," he said. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.