Network: Meet Big Brother's worst nightmare

For Phil Zimmerman, the ability to prevent your e-mail being intercepted is a fundamental human right. Try telling that to the US government. By Stephen Pritchard
Click to follow
A piece of software is not normally a human rights issue. But for Phil Zimmerman, the debate for and against computer encryption is no less serious. Zimmerman is a software engineer and senior fellow with Network Associates. He came to prominence in the early 1990s when he released Pretty Good Privacy (PGP), a software package that encrypts e-mail messages, protecting them from prying eyes.

In 1991, Zimmerman released PGP as freeware, which resulted in a three- year criminal investigation by the US government. It held that by making PGP available free of charge, he was effectively exporting it, potentially breaching national security. The charges against Zimmerman were dropped in 1996. By then, PGP was the world's leading e-mail encryption program.

Zimmerman's actions continue to have ramifications today. Only this month, a court of appeal in San Francisco ruled that laws restricting the export of encryption software violated a citizen's constitutional right to free speech. The case was brought by Professor Daniel Bernstein, an academic who wanted to share his work with other researchers.

Ostensibly, both the Bernstein case and the Zimmerman investigation centre around the US government's belief that certain types of electronics and computer programs could be used by hostile powers for military or intelligence purposes. Encryption software, according to the US export regulations, has a similar status to munitions, and could not be sold outside the United States. US developers are a long way from total freedom: the Bernstein ruling only allows individuals to publish source code, not distribute ready-to-run software.

Privacy advocates such as Phil Zimmerman believe that export restrictions hold back the development of effective, easy-to-use encryption software both in the US and overseas. An individual's right to keep his or her business safe from interception by strangers, from business rivals to government agents, depends on encryption software.

In Europe and the US, governments have argued that encryption poses a threat to law enforcement and security. If criminals or terrorists can download packages such as PGP, police and intelligence agents will not be able to read their messages, to detect crime or to gather evidence. Governments have advocated a system, known as "key escrow", which allows companies and individuals to use strong encryption. The keys to read the messages would be deposited with a "trusted third party", but law enforcement officials would be able to apply for a warrant to obtain the keys if they suspected illegal activities.

Opponents of key escrow believe it is unworkable, and gives too much power to governments. In the UK, plans to introduce key escrow have been shelved, and the Government has asked the industry to come up with alternatives.

Zimmerman believes encryption is necessary because technology makes large- scale monitoring of communications possible in a way that George Orwell never dreamt of. Governments, he asserts, can and do tap into e-mails and scan messages for subversive or criminal contents. Computers can quickly hunt for keywords and alert a human operator, who will investigate further. This happens in seconds, and the sender and recipient of the message need never know.

"If somebody was to open your mail, you would figure it out," Zimmerman says. "The mail would arrive damaged, or there would be other physical evidence. That is not true for e-mail."

Encryption, he suggests, is rather like a physical envelope with a letter. Envelopes are a minimum guarantee of privacy. An envelope keeps a letter from the eyes of casual observers; the volume of mail means that even the most autocratic state would not be able to open every letter. Zimmerman thinks encryption should fulfil the same function. And, as with envelopes, the more people who use it the safer it becomes.

"People don't use postcards to send most of their mail," he says. "You use envelopes, even for ordinary mail, and that is a good thing. Otherwise the few people who need to use envelopes would attract attention. We provide safety in numbers for the few people who really need envelopes. The same thing applies to encryption: it is an envelope for e-mail."

For Phil Zimmerman, encryption is essentially a political issue. He was a political activist in the 1980s, involved in the nuclear disarmament campaign. With the end of the Cold War, he turned his attention to cryptography, developing what would become PGP. "In late 1990, I decided to make a go of it and develop an application for the purpose of protecting human rights, and protecting privacy in the US."

During the federal investigation into PGP, Zimmerman's lawyers advised him not to talk about the human rights application of the technology, as this would have shown he intended to export the software. Now he is more open about his motives. PGP was originally intended as a commercial product, but Zimmerman subsequently decided to release it free of charge to pre-empt any attempts to ban the software.

Zimmerman is essentially distrustful of government. Even the Western democracies, he suggests, abuse their powers from time to time and intrude on their citizens' privacy. "We have to devise policies to channel the applications of technology so they do not create a surveillance society," he says.

He is less concerned about the risk that strong encryption would play into the hands of criminals. "Crimes leave footprints in the real world," he says. "Other investigative techniques can be used to uncover them."

He points out that there are other tools that criminals use which are not banned, for the very reason that they have many innocent uses too. "It is like not selling scales because drugs dealers might use them to weigh their drugs."

Phil Zimmerman believes that privacy is a fundamental right which needs to be closely guarded. Citizens, just as much as governments, have a right to use technology for their protection.

PGP is available free from http://