Canada Flag . . . . . Blue Ribbon . . . . . Any Browser :-)

"WW III? No thanks...!" On-Line Library

What is an appropropriate response?
Political and philosophical considerations after the attack on the Word Trade Center

Limiting citizens' right to use encryption is not an acceptable response

It is claimed in circles close to the US government that encryption gives 
criminals and terrorists an advantage over the police, leading to the 
proposal that encryption software should have a "backdoor" that would, 
under certain circumstances, allow the police access to the information
that the users of the encryption software wish to keep confidential.

Critics of this proposal point out that criminals would be the least 
likely to use such software but that legitimate users' right to privacy 
would be unduly compromised. Aside from that, there is no evidence that 
the people responsible for the attacks on the World Trade Center used 
encryption, or even e-mail, to discuss any of their plans. Nevertheless 
the US government is not only considering limitations on the use of 
cryptography but also to expand general surveillance of the internet. 

There are already wiretapping laws in place that allow the police, under 
certain circumstances, access to information coming from, or going to, 
someone who is suspected of a crime. New, sweeping, surveillance powers do
little, if anything, to deter terrorists or criminals but can be used to do
a lot of harm to people who disagree, in one way or another, with those in 
power. We need to be vigilant against the everpresent threats to our 
freedoms, from those who are supposed to serve us but who wish to control 
us instead.

Here is a related article from the Washigton Post based on an interview 
with Phil Zimmermann, the creator of the world-famous encryption software 
"Pretty Good Privacy". Unfortunately Phil Zimmerman's views were seriously
misrepresented in the article, and therefore a correction in Phil
Zimmermann's own words follows the Washington Post article.


To Attacks' Toll Add a Programmer's Grief

Ariana Eunjung Cha
September 21, 2001

The tears have come in the kitchen, the car and the shower, too.

Like many Americans, Phil Zimmermann, a stocky, 47-year-old computer 
programmer, has been crying every day since last week's terrorist attacks.
He has been overwhelmed with feelings of guilt.

Zimmermann is the inventor of a computer program called Pretty Good 
Privacy, or PGP. He posted the tool for free on the Internet 10 years ago;
it was the first to allow ordinary people to encrypt messages so only those
with a "key" could read them. No government or law enforcement agency has 
been able to get in.

People warned Zimmermann back then that he could be putting powerful 
technology into the wrong hands. He knew that was theoretically possible, 
but he also knew that the program could do good: His work created a way 
for people in oppressed countries to communicate without fear of 

Now the government is investigating whether Zimmermann's technology or 
another scrambler was used by the hijackers to coordinate last week's 
attacks, and U.S. lawmakers are calling for new restrictions on the use 
and distribution of the technology.

Zimmermann and other fathers of encryption say it may be too late, given 
that the technology has spread all over the world.

In a telephone interview from his home in Burlingame, Calif., Zimmermann 
said he doesn't regret posting the encryption program on the Internet. Yet
he has trouble dealing with the reality that his software was likely used 
for evil.

"The intellectual side of me is satisfied with the decision, but the pain 
that we all feel because of all the deaths mixes with this," he said. "It 
has been a horrific few days."

Contributing to that is the hate e-mail he got Sunday night.

It began, "Phil -- I hope you can sleep at night with the blood of 5,000 
people on your hands." PGP has become a "weapon of war," the e-mail 
continued, leveling the playing field between powerful countries like the 
United States and "zealots."

Zimmermann read the words over and over again the next day, trying to 
think of a way to respond. But in the end, the man who is known in the 
technology world for his rousing speeches and meticulous debates didn't 
know what to say.

"He raises some points that many people are raising right now, namely that
terrorists can use the technology," Zimmermann said quietly. "But it 
overlooks the strong need for good crypto."

The open policy the United States has today toward encryption arose out of
years of debate in the 1990s. Zimmermann was among the most prominent 
figures in the discussions, fighting against a government that threatened 
to jail him for posting his technologies online. He also launched a 
campaign to convince Congress to ease restrictions on exporting the 
technology to other countries. He won on both accounts.

Zimmermann and other technologists now struggle with the Catch-22 that 
encryption presents. If governments are given a backdoor or a master key 
to the encryption, as lawmakers like Sen. Judd Gregg (R-N.H.) have 
suggested, it would defeat the purpose of the technology.

It would cause problems, for instance, for a rebel fighter in Kosovo, 
whose brother e-mailed Zimmermann to tell him the technology was being 
used to relay messages from command center to command center, eliminating 
the need for human couriers.

Another encryption pioneer, Matt Blaze, said there are also practical 
reasons why the technology shouldn't be restricted. "I am extremely 
doubtful that this could be done without weakening computer systems, and 
the costs would be absolutely staggering," said Blaze, a researcher at
AT&T Labs.

Then there are the civil liberties questions.

"We should be careful not to make any rash decisions in the heat of the 
moment" that could have a negative impact on privacy, human rights and 
First Amendment freedoms for years to come, Zimmermann said.



Phil Zimmermann's follow-up article:

No Regrets About Developing PGP

Philip Zimmermann
24 September 2001

The Friday September 21st Washington Post carried an article by Ariana Cha
that I feel misrepresents my views on the role of PGP encryption software 
in the September 11th terrorist attacks. She interviewed me on Monday 
September 17th, and we talked about how I felt about the possibility that 
the terrorists might have used PGP in planning their attack. The article 
states that as the inventor of PGP, I was "overwhelmed with feelings of 
guilt". I never implied that in the interview, and specifically went out 
of my way to emphasize to her that that was not the case, and made her 
repeat back to me this point so that she would not get it wrong in the 
article. This misrepresentation is serious, because it implies that under 
the duress of terrorism I have changed my principles on the importance of 
cryptography for protecting privacy and civil liberties in the information

Because of the political sensitivity of how my views were to be expressed,
Ms. Cha read to me most of the article by phone before she submitted it to 
her editors, and the article had no such statement or implication when she
read it to me. The article that appeared in the Post was significantly 
shorter than the original, and had the abovementioned crucial change in 
wording. I can only speculate that her editors must have taken some 
inappropriate liberties in abbreviating my feelings to such an inaccurate 

In the interview six days after the attack, we talked about the fact that 
I had cried over the heartbreaking tragedy, as everyone else did. But the 
tears were not because of guilt over the fact that I developed PGP, they 
were over the human tragedy of it all. I also told her about some hate 
mail I received that blamed me for developing a technology that could be 
used by terrorists. I told her that I felt bad about the possibility of 
terrorists using PGP, but that I also felt that this was outweighed by the
fact that PGP was a tool for human rights around the world, which was my 
original intent in developing it ten years ago. It appears that this 
nuance of reasoning was lost on someone at the Washington Post. I imagine 
this may be caused by this newspaper's staff being stretched to their 
limits last week.

In these emotional times, we in the crypto community find ourselves having
to defend our technology from well-intentioned but misguided efforts by 
politicians to impose new regulations on the use of strong cryptography. I
do not want to give ammunition to these efforts by appearing to cave in on 
my principles. I think the article correctly showed that I'm not an 
ideologue when faced with a tragedy of this magnitude. Did I re-examine my
principles in the wake of this tragedy? Of course I did. But the outcome of
this re-examination was the same as it was during the years of public 
debate, that strong cryptography does more good for a democratic society 
than harm, even if it can be used by terrorists. Read my lips: I have no 
regrets about developing PGP.

The question of whether strong cryptography should be restricted by the 
government was debated all through the 1990's. This debate had the 
participation of the White House, the NSA, the FBI, the courts, the 
Congress, the computer industry, civilian academia, and the press. This 
debate fully took into account the question of terrorists using strong 
crypto, and in fact, that was one of the core issues of the debate. 
Nonetheless, society's collective decision (over the FBI's objections) was
that on the whole, we would be better off with strong crypto, unencumbered 
with government back doors. The export controls were lifted and no 
domestic controls were imposed. I feel this was a good decision, because 
we took the time and had such broad expert participation. Under the 
present emotional pressure, if we make a rash decision to reverse such a 
careful decision, it will only lead to terrible mistakes that will not 
only hurt our democracy, but will also increase the vulnerability of our 
national information infrastructure.

PGP users should rest assured that I would still not acquiesce to any back
doors in PGP.

It is noteworthy that I had only received a single piece of hate mail on 
this subject. Because of all the press interviews I was dealing with, I 
did not have time to quietly compose a carefully worded reply to the hate 
mail, so I did not send a reply at all. After the article appeared, I 
received hundreds of supportive emails, flooding in at two or three per 
minute on the day of the article.

I have always enjoyed good relations with the press over the past decade, 
especially with the Washington Post. I'm sure they will get it right next