[ISN] Setting the record straight: Zimmermann on PGP use in times of terrorism.

From: InfoSec News (isnat_private)
Date: Tue Sep 25 2001 - 01:07:01 PDT

  • Next message: InfoSec News: "[ISN] Giving Away Computers, Dispensing Peace of Mind"

    Forwarded from: "Jay D. Dyson" <jdysonat_private>
    
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    Courtesy of Cryptography List.
    
    Originally posted on Cypherpunks.
    
    - -----BEGIN FORWARDED MESSAGE-----
    
    From: "Sandy Sandfort" <sandfortat_private>
    To: "Cypherpunks" <cypherpunksat_private>
    Old-Subject: No Regrets About Developing PGP
    Date: Mon, 24 Sep 2001 07:59:50 -0700
    Subject:  No Regrets About Developing PGP
    
    C'punks,
    
    Phil Zimmermann asked me to post this.  He would like it freely
    disseminated, so feel free to post it wherever you wish.
    
     S a n d y
    
    - -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    No Regrets About Developing PGP
    
    The Friday September 21st Washington Post carried an article by Ariana Cha
    that I feel misrepresents my views on the role of PGP encryption software
    in the September 11th terrorist attacks.  She interviewed me on Monday
    September 17th, and we talked about how I felt about the possibility that
    the terrorists might have used PGP in planning their attack.  The article
    states that as the inventor of PGP, I was "overwhelmed with feelings of
    guilt".  I never implied that in the interview, and specifically went out
    of my way to emphasize to her that that was not the case, and made her
    repeat back to me this point so that she would not get it wrong in the
    article.  This misrepresentation is serious, because it implies that under
    the duress of terrorism I have changed my principles on the importance of
    cryptography for protecting privacy and civil liberties in the information
    age. 
    
    Because of the political sensitivity of how my views were to be expressed,
    Ms. Cha read to me most of the article by phone before she submitted it to
    her editors, and the article had no such statement or implication when she
    read it to me.  The article that appeared in the Post was significantly
    shorter than the original, and had the abovementioned crucial change in
    wording.  I can only speculate that her editors must have taken some
    inappropriate liberties in abbreviating my feelings to such an inaccurate
    soundbite. 
    
    In the interview six days after the attack, we talked about the fact that
    I had cried over the heartbreaking tragedy, as everyone else did.  But the
    tears were not because of guilt over the fact that I developed PGP, they
    were over the human tragedy of it all.  I also told her about some hate
    mail I received that blamed me for developing a technology that could be
    used by terrorists.  I told her that I felt bad about the possibility of
    terrorists using PGP, but that I also felt that this was outweighed by the
    fact that PGP was a tool for human rights around the world, which was my
    original intent in developing it ten years ago.  It appears that this
    nuance of reasoning was lost on someone at the Washington Post.  I imagine
    this may be caused by this newspaper's staff being stretched to their
    limits last week. 
    
    In these emotional times, we in the crypto community find ourselves having
    to defend our technology from well-intentioned but misguided efforts by
    politicians to impose new regulations on the use of strong cryptography. 
    I do not want to give ammunition to these efforts by appearing to cave in
    on my principles.  I think the article correctly showed that I'm not an
    ideologue when faced with a tragedy of this magnitude.  Did I re-examine
    my principles in the wake of this tragedy?  Of course I did.  But the
    outcome of this re-examination was the same as it was during the years of
    public debate, that strong cryptography does more good for a democratic
    society than harm, even if it can be used by terrorists.  Read my lips: I
    have no regrets about developing PGP. 
    
    The question of whether strong cryptography should be restricted by the
    government was debated all through the 1990's.  This debate had the
    participation of the White House, the NSA, the FBI, the courts, the
    Congress, the computer industry, civilian academia, and the press.  This
    debate fully took into account the question of terrorists using strong
    crypto, and in fact, that was one of the core issues of the debate. 
    Nonetheless, society's collective decision (over the FBI's objections) was
    that on the whole, we would be better off with strong crypto, unencumbered
    with government back doors.  The export controls were lifted and no
    domestic controls were imposed.  I feel this was a good decision, because
    we took the time and had such broad expert participation.  Under the
    present emotional pressure, if we make a rash decision to reverse such a
    careful decision, it will only lead to terrible mistakes that will not
    only hurt our democracy, but will also increase the vulnerability of our
    national information infrastructure. 
    
    PGP users should rest assured that I would still not acquiesce to any back
    doors in PGP. 
    
    It is noteworthy that I had only received a single piece of hate mail on
    this subject.  Because of all the press interviews I was dealing with, I
    did not have time to quietly compose a carefully worded reply to the hate
    mail, so I did not send a reply at all.  After the article appeared, I
    received hundreds of supportive emails, flooding in at two or three per
    minute on the day of the article.
    
    I have always enjoyed good relations with the press over the past decade,
    especially with the Washington Post.  I'm sure they will get it right next
    time.
    
    The article in question appears at
    http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html
    
    
     -Philip Zimmermann
     24 September 2001
     (This letter may be widely circulated)
    
    - -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.3
    
    iQA/AwUBO69F2sdGNjmy13leEQIn+QCg2DjDeyibtRe61tUSplSAobdzAqEAoOMF
    ir3lRc4c1D/0Mmmv/JtP/E73
    =HmRO
    - -----END PGP SIGNATURE-----
    
    - ----- END FORWARDED MESSAGE -----
    
      (    (                                                         _______
      ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) |    = |-'
     `--' `--'  `--------------- rm -rf /bin/laden ---------------'  `------'
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    
    iQCVAwUBO69dULlDRyqRQ2a9AQH2xQP5AbyD5GDcszH6TgUx8QRtsPU729lZ7Qa+
    uS1U4YePqoKFzxa4UeTYB1/GawkAmOF+H3epS8RIVE5JCtI8G2kTzZHJOCNx8+Ia
    LcRYVIwWP7R0dgzLNKHydLmaZW72YxmO9nwNQOgi/UgBfknR1IncUctwg/tx/jBu
    6FciWh/BWFc=
    =kOta
    -----END PGP SIGNATURE-----
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 04:12:14 PDT