Phil Zimmermann is a folk hero to many cyber-citizens but a bjte noir among politicians and law-enforcement brass. It's not difficult to understand why.
Cocking a snoot at the government's clampdown on encryption software, the cryptographer extraordinaire put a software program, Pretty Good Privacy, on the Internet, allowing everyone from Burmese dissidents to the Italian mafia to download it for free and use it to communicate in unbreakable codes.
Zimmerman, 42, who recently moved from Colorado to California to set up a company called Pretty Good Privacy Inc., is something of a maverick among Silicon Valley's high-tech, Ph.D. crowd. A longtime anti-nuclear activist, Zimmermann sees his knack for coding -- a talent he has been perfecting, he says, since he was 10 -- as just another political organizing tool.
Earlier this year, the U.S. government dropped a three-year criminal investigation against Zimmermann. But the Commerce Department still tightly restricts the export of encryption programs, and is attempting to push through a "key escrow" plan which would enable government agents to decode all cryptography. The plan, unveiled last October, has angered numerous computer executives (and of course, Zimmermann) who regard it as an attempt to snoop into electronic communications. Next week, U.S. officials are gathering in Paris to try to persuade their European counterparts to adopt similar measures.
Zimmerman, meanwhile, has a new trick up his sleeve which he plans to present Thursday at the Fall Internet World in Manhattan. Called PGPfone, the disk-based encryption software, which is available in beta from an MIT web site, is aimed at foiling government telephone wiretaps.
Salon spoke to Zimmerman at his Pretty Good Privacy, Inc. offices in Redwood Shores, Calif.
PGPFone isn't the only new encryption software you're working on.
Right. We're also developing PGPdisk which will protect your laptop computer or the desktop in the office. Every write is encrypted, every read is decrypted. Lawyers can use either PGPfone or PGPdisk to communicate with their clients. That's especially important when you're dealing with criminal law, where the government is the adversary.
Which is why governments can't stand the idea. It's understandable that federal agencies don't want this software in the hands of organized crime. There are reports that various drug cartels are using PGP software.
I do worry about criminals using PGP, but I can't see a way of making it available to the good guys only. In the early 20th century, there were criminals like Bonnie and Clyde who made use of cars more effectively than other criminals had done. The police had never seen that, and some said cars were perhaps a bad thing. They also pollute the air and increase our dependency on foreign oil. But most people are glad to have them.
Cryptography, like cars, will have a mixed effect on society, but most of it will be good. You have to have encryption to protect on-line commerce. Otherwise, criminals will have a field day intercepting credit cards and breaking into computers.
It's powerful software. Why do you give it away for free?
When I first started writing PGP, I thought I could sell it. But the Senate introduced legislation allowing the government a back door to read the code in plain text. It looked like PGP would soon be made illegal, and I felt it was important to get it propagated through society. So I abandoned plans to sell it, and began giving it away, even though the bill was ultimately defeated. President Clinton's new plan is very much like the old plan.
Who is going to win this battle? The government has taken its case to the European encryption meetings in Paris, and seems to be winning over governments there. How can you beat them?
I have a sign on my wall, which reads: "DEPLOYMENT WINS." If we can deploy a lot of encryption here ... We still give it away for free to keep propagating it as widely as possible. We've been tinkering with PGPfone quite a bit and are ready to come out with a new version. People are already encrypting their email. At the moment, you have to run a support program to encrypt email, but we're trying to make PGP integrate seamlessly. Also, many people worked on PGP voluntarily, and the understanding I have with them is that their work would always be available for free.
How did you get started on this road? You've been creating secret codes since you were a kid.
I was in fourth grade when I read a children's book on cryptography. It was called "Codes And Secret Writing" by Herbert S. Zimm. It taught me how to make invisible ink out of lemon juice, that kind of thing. Then there was this Saturday morning monster movie show in Miami where I grew up, and the guy who ran the show would show secret messages. You could send in a couple of bucks and he would decrypt the messages for you. Well, I never sent the money, I just decrypted all the messages myself. In the eighth grade, kids would give me messages to test me. I could break all of them.
How did you get into computers?
I wanted to be an astronomer, I thought perhaps I would go to the moon. I majored in physics but didn't do that well. So I succumbed to computers, and my grades went up tremendously. I took a lot of graduate courses, and started working as a software engineer.
Did you expect to become the encryption guru?
I'm surprised almost daily by it. It just amazes me. I get mail from around the world from people who are using PGP. That alone was enough to keep me going when I was under criminal investigation.
What's the government's attitude towards you now?
I recently asked if I could be on the U.S. delegation to the OECD [Organization of European Cooperation and Development in Paris, which is debating international encryption policies next week]. The U.S. is trying to pursue "key escrow" in Europe, and then come back here and say, they're doing it in Europe, we should do it here, too. It's a way of laundering failed domestic policies in countries with more complacent populations.
Scott Charney of the Justice Department, who heads the delegation, said no, I couldn't be on the delegation. I'm not too popular with the Justice Department. They don't like how pervasive PGP has become domestically.
Vivienne Walt is a columnist for the Wall Street Journal Interactive edition.
Jane of Arc
"My life is drama. You get great fantasies of this. It's the great speech in the third act. It would be easy for me to stand up and shout: 'I am an artist! How can you do this?' and let the agency go down in flames."
-- Jane Alexander, beginning her fourth year as chairwoman of the embattled National Endowment for the Arts, acknowledging she is sometimes tempted to simply storm out of her job. (From "Jane Alexander: Pragmatism to Preserve Arts Grants," in Tuesday's New York Times)
Shares