|
ASCII NO QUESTIONS, TELL YE NO SPIES by Norman French From MONDO 2000 #5 What if you saw Congress trying to pass some invasive, repressive laws? And what if, single handedly, you could nullify these laws, forever? Would you do it? Senate bills S266 and S618 posed just those questions to Philip Zimmerman, a Boulder software engineer. Because Philip specializes in privacy protection for his clients, he was acutely aware of the implications they posed. MONDO readers will recognize these bills before Congress as designed to fight "terrorism" and "violent crime." They both have language, however, requiring government-accessible 'Back doors" in all encryption software produced or sold in the United States. What that means, in practical terms, is that the government could read your private, encrypted messages and files at will. Or anyone else with the necessary know-how. Sort of like requiring you to give copies of your house keys to the cops. Theoretically, court authority would be required, but the actual potential for abuse is obvious. So how did Philip choose to challenge the power structure's brazen attempt to invade our privacy? Bid he complain to his representatives in Washington? Organize a protest march? Send a letter to the editor of The New York Times? Grouse volubly on the BBSs? Nope-Philip Zimmerman took direct action. Taking several months off from his regular paying customers, he wrote the definitive encryption program for the masses. PGP-Pretty Good Privacy-it's called. It's a textbook example of guerrilla activism based on the Rivest-Shamir-Adelman public key cryptosystem. Currently, RSA-based systems are the most advanced cryptographic technology available. Though it's extremely sophisticated technically, it's quick and convenient to use. And, barring some unlikely breakthrough in the mathematics of factoring very large numbers, they are the ultimate in unbreakable codes. How unbreakable? With PGP and your personal computer, you could create a code that would take a Cray super computer centuries to break. Now, that's Pretty Good Privacy! The U.S. and other governments have paid millions to achieve similar levels of encryption security. So how much will you have to pay to get a copy of Pretty Good Privacy? Approximately nothing. Philip decided the best way to counter legislative threats to privacy was to give his program away. By releasing PGP as freeware, he made sure it would have the widest possible distribution-too wide for the FBI, MI5, MI6, DIA, NSA, KGB, or any other alphabet agencies to suppress. PGP was released on June 5 (D-Day minus 1) onto scores of networks and BBSs. Since then, it has been copied onto countless systems in North America and around the world. Now, even if S266, S618 or similar laws are passed, it's too late. The secret is out. The PGP genie can never be put back in the bottle. With PGP, you and your friends can have Mil Spec quality encryption for your messages and records. Affordable privacy is at your command, without back doors and without permission from Uncle Sam or anyone else. Being a techno-activist isn't all fun and games, however. As mentioned, Philip Zimmerman took time away from his business to get PGP out the door. The income lost during that period has been a real financial hardship for him and his family. In addition, a company called Public Key Partners (PKP) has threatened to sue Philip. PKP controls licensing of the RSA algorithm he incorporated into the PGP program. Whether he will be sued has not been determined as of this writing. Nevertheless, that very real threat hangs over Mr. Zimmerman's head. Though Philip hasn't asked to be rewarded for his labors, you might consider sending an appropriate donation if you find PGP to be of value to you. $50 sounds like a reasonable number, but you might revise that up or down depending on how much you value your privacy. To get your own copy of Pretty Good Privacy from an anonymous FTP site on Internet or elsewhere, you will need two files: pgpl0.zip for the binary executable and the user documentation, and pgp10scr.zip for the source files. These files are compressed, but you can decompress them using the MS-DOS shareware archive utility, PKUNZIP.EXE. Be sure to print out the "PGP User's Guide" in pgp10.zip. (Remember to set mode to binary or image when doing an FTP transfer.) In the U.S. or Canada, PGP files are available on Internet at FTP sites uunet. uu. net in the /tmp directory and at host gatekeeper. dec. com, directory /pub/micro/msdos/pgp. They are also available in North America and overseas on Fidonet and innumerable BBSs. One such BBS is in Boulder, Colorado at (303) 443-8292. If you would like to contact Philip Zimmerman, his address is: Boulder Software Engineering, 3021 Eleventh St. Boulder, CO 80304; phone: (303) 444-4541; Internet:prz@sage. cgd. ucar.edu.