Get Proactive on Privacy!

Don't expect the tug-of-war between politicians and privacy
advocates to end any time soon — once a legislature gets your
rights in its hot little hands, it generally doesn't let go until
it's made confetti of them. Ever since it became apparent that
e-mail would be the communication medium of the 21st century,
the politicians have been foaming at the mouth, demanding that
we sacrifice our rights to their paranoia.

We have to catch the drug dealers, they say. The money launderers.
The child pornographers (yes, folks, even in cyberspace, it's all
"for the chilllllllllldren"). The politicians neglect to mention
that all of these usual suspects are already using strong encryption
and other techniques to foil surveillance — and that that means
that it's really innocent little you that they're after.

Fortunately, this is one area in which you, the computer user, have
an advantage. You may not be able to afford all of the paraphernalia
that the Cali Cartel uses to protect its drug traffic — airplanes,
speedboats, that kind of thing — but it's a level playing field
when it comes to protecting Internet traffic.

And using crypto makes a statement. The more people use strong
encryption, the less incentive that Louis Freeh has to go through
a bunch of e-mail that he can't read anyway. We don't have to kill
Carnivore — we can starve it.

This week, we're asking you to take a stand. Install an encryption
program on your computer, or sign up at one of the Web-based mail
encryption sites listed below. Then use it. Not for every message,
but however much is convenient for you.

~It all started with "Pretty Good Privacy" — the standard in
encryption. Author Phil Zimmermann spent time in jail for making PGP
available, but he's still at it. Freeware versions
<http://web.mit.edu/network/pgp.html> of the program are available
for several platforms, and Zimmerman's PGP.com <http://www.pgp.com/>
offers products for commercial use.

[CB: Outside the United States go also to http://www.pgpi.org or http://www.philzimmermann.com]

   ~Zero-Knowledge Systems <http://www.zeroknowledge.com/> offers
a product called "Freedom" (has a ring to it, doncha think?) that
does more than just encrypt: it anonymizes your system's location
and attributes and allows you to send and receive e-mail in an
untraceable manner, too. The company offers a limited trial download
of the product.

[CB: This company, unfortunately, on October 4, 2001, has largely discontinued its services, which did not succeed in reaching a mass market... :-(]

   ~Hushmail <http://www.hushmail.com/> and
MailVault <http://www.mailvault.com/> offer web-based encryption services,
which may be more convenient for those who use a computer at their
school or library.

This text is from Thomas L. Knapp and taken from the newsletter
"Free-Market.Net's F r e e d o m A c t i o n o f t h e W e e k"
he edits and which you can subscribe or unsubscribe to at
http://www.free-market.net/features/lists/.
The Freedom Action of the Week is a feature of Free-Market.Net
http://www.free-market.net/features/action/.
Opinions expressed are purely those of their writers and editors.
~~~
IMPORTANT REMARK: I would advise you to use no later version of PGP than
PGP for Personal Privacy 5.0
used by Phil Zimmermann himself...
More on this and the rest of the above on this site as soon as possible. Just one detail right away. What is said above about Carnivore applies of course also to Echelon.
C.B.

In the meantime Phil Zimmermann has also switched to a later version for his own use (7.0.3), which makes my above remark obsolete.
C.B.

Read what Phil Zimmermann wants you to know about PGP, terrorism and the events of September 11, 2001:
~~~

No Regrets About Developing PGP

The Friday September 21st Washington Post carried an article by
Ariana Cha that I feel misrepresents my views on the role of PGP
encryption software in the September 11th terrorist attacks.  She
interviewed me on Monday September 17th, and we talked about how I
felt about the possibility that the terrorists might have used PGP in
planning their attack.  The article states that as the inventor of
PGP, I was "overwhelmed with feelings of guilt".  I never implied
that in the interview, and specifically went out of my way to
emphasize to her that that was not the case, and made her repeat back
to me this point so that she would not get it wrong in the article.
This misrepresentation is serious, because it implies that
under the duress of terrorism I have changed my principles on the
importance of cryptography for protecting privacy and civil liberties
in the information age.

Because of the political sensitivity of how my views were to be
expressed, Ms. Cha read to me most of the article by phone before she
submitted it to her editors, and the article had no such statement or
implication when she read it to me.  The article that appeared in the
Post was significantly shorter than the original, and had the
abovementioned crucial change in wording.  I can only speculate that
her editors must have taken some inappropriate liberties in
abbreviating my feelings to such an inaccurate soundbite.

In the interview six days after the attack, we talked about the fact
that I had cried over the heartbreaking tragedy, as everyone else
did.  But the tears were not because of guilt over the fact that I
developed PGP, they were over the human tragedy of it all.  I also
told her about some hate mail I received that blamed me for
developing a technology that could be used by terrorists.  I told her
that I felt bad about the possibility of terrorists using PGP, but
that I also felt that this was outweighed by the fact that PGP was a
tool for human rights around the world, which was my original intent
in developing it ten years ago.  It appears that this nuance of
reasoning was lost on someone at the Washington Post.  I imagine this
may be caused by this newspaper's staff being stretched to their
limits last week.

In these emotional times, we in the crypto community find ourselves
having to defend our technology from well-intentioned but misguided
efforts by politicians to impose new regulations on the use of strong
cryptography.  I do not want to give ammunition to these efforts by
appearing to cave in on my principles.  I think the article correctly
showed that I'm not an ideologue when faced with a tragedy of this
magnitude.  Did I re-examine my principles in the wake of this
tragedy?  Of course I did.  But the outcome of this re-examination
was the same as it was during the years of public debate, that strong
cryptography does more good for a democratic society than harm, even
if it can be used by terrorists.  Read my lips: I have no regrets
about developing PGP.

The question of whether strong cryptography should be restricted by
the government was debated all through the 1990's.  This debate had
the participation of the White House, the NSA, the FBI, the courts,
the Congress, the computer industry, civilian academia, and the
press.  This debate fully took into account the question of
terrorists using strong crypto, and in fact, that was one of the core
issues of the debate.  Nonetheless, society's collective decision
(over the FBI's objections) was that on the whole, we would be better
off with strong crypto, unencumbered with government back doors.  The
export controls were lifted and no domestic controls were imposed.  I
feel this was a good decision, because we took the time and had such
broad expert participation.  Under the present emotional pressure, if
we make a rash decision to reverse such a careful decision, it will
only lead to terrible mistakes that will not only hurt our democracy,
but will also increase the vulnerability of our national information
infrastructure.

PGP users should rest assured that I would still not acquiesce to any
back doors in PGP.

It is noteworthy that I had only received a single piece of hate mail
on this subject.  Because of all the press interviews I was dealing
with, I did not have time to quietly compose a carefully worded reply
to the hate mail, so I did not send a reply at all.  After the
article appeared, I received hundreds of supportive emails, flooding
in at two or three per minute on the day of the article.

I have always enjoyed good relations with the press over the past
decade, especially with the Washington Post.  I'm sure they will get
it right next time.

The article in question appears at
http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html
 

 -Philip Zimmermann
 24 September 2001
 (This letter may be widely circulated)

~~~
back to Terror in America
<<<back to Privacy and mail services