|
||||||||
Internet >
Security Issues > Encryption >
Pretty Good Privacy (PGP)- Philip Zimmermann
PGP places Public Key Cryptography in the hands of every Internet user. Philip Zimmermann took a great personal risk in creating PGP and making it available to the world against the strong wishes of the US Government. While a difficult battle, he succeeded, and the program is now used around the world as the primary Internet encryption standard for email. The following subsections provide more information on PGP: PGP History. An otherwise quiet fellow named Philip Zimmermann obtained a bachelor's degree in computer science from Florida Atlantic University in 1978. He then worked as a software engineer with cryptographic systems, communications, and real-time systems.On 17 April, 1991, the New York Times reported that the following non-binding resolution had been added to Bill 266 in the US Senate to encourage industry to add trap-doors to their networking equipment, of course including Internet networking equipment:
Even though the bill was not passed, Zimmermann understood the resolution to mean that the US Government was one step away from introducing legislation outlawing secure communication systems for use by private citizens, thereby giving the state the ability to eavesdrop on any communications at any time. Indeed, legislation that made public key cryptography a form of protected munitions was introduced shortly thereafter, and then signed into law. However, not before Zimmermann, working quickly to beat the legislation, invented the Pretty Good Privacy (PGP) program based on the RSA public-key cryptography algorithm. Zimmermann then released PGP 1.0 as freeware. Not long afterwards, Kelly Goen uploaded the PGP program onto some bulletin board systems, and shortly after that it was uploaded onto the Usenet newsgroups where the cat escaped around the world. Government investigation. Shocked and dismayed, the US Government then opened a criminal investigation of Zimmermann, Goen, and others to see if there was some way to penalize them retroactively for developing and distributing PGP. The two sides of this old argument are summarized below:
The individual rights view finally prevailed. The investigations of Zimmermann and supporters were finally dropped in early 1996 under strong pressure from free speech advocates and civil rights organizations around the world. Also in 1996, Zimmermann founded the software company PGP, which was then bought by Network Associates in December 1997, where Zimmermann became a Senior Fellow as well as an independent consultant, and which was later bought by McAfee. Free software escapes. Zimmermann had based PGP 1.0 on the openly published RSA algorithm, and specified in the documentation that it was a user's responsibility to get a license if they wanted to use the software:
Nevertheless, RSA immediately complained to Zimmermann that PGP enabled unlicensed use by unscrupulous users, an argument which didn't impress Zimmermann any more than the US Government's similar argument had earlier. Finally, they reached an agreement where RSA agreed not to bring legal action against Zimmermann, and Zimmermann agreed to stop distributing PGP, which was a small compromise since the program was already being developed and distributed by others around the world. Not long afterwards, with Zimmermann's approval, MIT released PGP 2.5 based on the originally developed RSAREF 1.0 algorithm. RSA immediately complained about violation of their rights, but the situation was complicated... since MIT had a part interest in the original patent, RSA decided against further action. MIT then began functioning as the official distributor of PGP. MIT and Zimmermann published a book that contained the PGP source code written in the C programming language, and printed in a special font designed to be easily read by computer scanners, which was legal since the US Supreme Court had consistently refused to ban any written expression. However, while legal within the US, the MIT PGP version was still technically illegal internationally due to US export controls, so Stale Schumacher developed PGP 2.6xi using Zimmermann's original big integer library MPILIB. This made a version of PGP available around the world without legal restrictions for the first time. Resources. The following sources provide more information on PGP:
Awards. In recognition of his efforts, Zimmermann and his work on PGP have been honored with the following awards:
|