
Why I Wrote PGP (1999) - pdkl95
https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html
======
Jtsummers

      The government initially claimed that using Clipper would be
      voluntary, that no one would be forced to use it instead of
      other types of cryptography. But the public reaction against
      the Clipper chip was strong, stronger than the government
      anticipated. The computer industry monolithically proclaimed
      its opposition to using Clipper. FBI director Louis Freeh
      responded to a question in a press conference in 1994 by saying
      that if Clipper failed to gain public support, and FBI wiretaps
      were shut out by non-government-controlled cryptography, his
      office would have no choice but to seek legislative
      relief. Later, in the aftermath of the Oklahoma City tragedy,
      Mr. Freeh testified before the Senate Judiciary Committee that
      public availability of strong cryptography must be curtailed by
      the government (although no one had suggested that cryptography
      was used by the bombers).
    

Sounds a bit like some of the conversations going on again, today. The last
sentence in particular.

~~~
clay_to_n
Yes. The difference is that today, about Paris, people _are_ suggesting that
cryptography (or Xbox games??) were used by the bombers.

~~~
throwaway7767
Is there any credible data to support that?

The NYT seemed to be the source for that claim, and they quietly pulled that
story. It's still repeated by media outlets elsewhere.

Not that it would change my opinion that government mandated crypto backdoors
are a bad idea if they had.

~~~
flatline
French intelligence has heavily infiltrated the regional extremist Muslim
community and they had no idea about these attacks in advance. Ergo, the
terrorists were using encryption.

That was the speculation I heard the other evening on NPR, by someone lobbying
to put limits on private citizens' use of strong crypto.

~~~
wuschel
I would disagree with this reasoning.

Yes, french HUMINT has heavily infiltrated extremist organizations, and failed
to prevent this attack. It does not mean that it was the use of encryption
that allowed ISIS/extremist organizations to execute this attack on french
soil.

The french secret service approach is fundamentally different from the US, as
they historically rely less on SIGINT.

I am not sure where I read it, but in presume the number of prevented attack
is in the thousands.

~~~
davorb
> I am not sure where I read it, but in presume the number of prevented attack
> is in the thousands.

Then why don't we have thousands of prosecuted and convicted terrorists in our
jails?

~~~
wuschel
I am not speaking necessarily about prevented live assaults, but about pre-
emptive action as well.

But I get your point. I need to check that article back then.

------
Rmilb
> If privacy is outlawed, only outlaws will have privacy.

This still rings very true to this day.

~~~
ctdonath
Worth noting: "if X is outlawed, only outlaws will have X" usually overlooks
how many otherwise law-abiding citizens will legislatively become outlaws
because they won't give up their right to X. (Current example: a
registration/prohibition law in New York has turned about a million otherwise
exemplary residents into "outlaws" as the SAFE Act has a compliance rate of
about 4%.) Rather than solving the problem, legislators alienate & criminalize
much of the population.

~~~
maemilius
My favorite has always been: "Outlaws do X, but X isn't against the law. If we
make X against the law, it will make it harder for outlaws to do X", when, in
reality, outlaws weren't doing that thing legally (read: traceably) in the
first place.

------
upofadown
The interesting thing in retrospect is that the pro-crypto faction seems to
have won. These days anyone that actually needs cryto can get it and use it.
The amount of useful intelligence that a government can get from passive
monitoring is constantly decreasing. Entities like the NSA have to concentrate
on stuff like meta-data as they can be sure that most of the interesting
content is unavailable to them. Signals intelligence is quickly becoming
technologically obsolete. So the situation that the Clipper chip supporters
feared back in the day has become real.

It would be really good if the NSAs of the world would just accept this and
stop doing evil in their desperate attempt to survive.

~~~
Jtsummers
The NSA also focused on meta-data because it was more likely to survive a
legal challenge. A law enforcement observer can make note of you entering and
leaving a building at certain times. Your entrance and exit is public. What
they can't do, without warrants (legally, not speaking to technical ability),
is observe what happens inside a private place or within (what's intended to
be) private communications.

Meta-data also bypasses codes, as you point out, by revealing the network of
communication (who-with-who, when, and how often). So whether the
communication/interaction is recorded and understandable or not becomes less
important. In the case that it is recorded and understandable, excellent, even
more intel. If it's not, they still have some material to work with.

~~~
felipeerias
The focus on bulk collection of metadata is based on the assumption that it
can be used to stop terrorists and other enemies. This assumption remains
unproven. American drones routinely murder people abroad purely because of
their metadata, and yet peace is nowhere nearer.

At home, it turns out that it is pretty much impossible to stop a handful of
people who have access to weapons, want to do as much damage as possible, and
don't fear death. Increasing the surveillance on regular citizens will not
change that.

------
broswell
PGP Usabilty:

In the old days (Groupwise?) I found PGP easy to implement and use. Today I
find it nearly impossible. Apparently I am not alone.

[http://www.gaudior.net/alma/johnny.pdf](http://www.gaudior.net/alma/johnny.pdf)

I have found S/MIME a bit easier to implement, but still much harder.

Is it a conspiracy to keep people from using crypto?

~~~
unfunco
I was using Groupwise in 2007 at a previous employer, and PGP was definitely
easy to use with Groupwise. I worked in a MIS department for a large UK
company, and the customer services department was in a small town in Wales,
the kind of town where not many people had broadband in 2007, and the staff
were not trained in any technical specialty, it was mostly just people with
jobs instead of people with careers. The staff used to send banking
information using PGP and Groupwise and people rarely had issues.

The problem now is the increasing number of centralised services, Google
doesn't want to be storing encrypted emails within Gmail, because the content
cannot be analysed for advertising purposes. And the same goes for other free
email providers. It's still possible, but it is increasingly difficult.

------
neo2006
When politicians will understand that technology is only a tool. The way it is
used can be evil but not the technology itself.

------
broswell
In the 90's I found PGP fairly easy to use (with old versions of Novell
Groupwise)

Today I find it fairly difficult to implement with modern email systems and
devices. Apparently I am not alone.

[http://www.gaudior.net/alma/johnny.pdf](http://www.gaudior.net/alma/johnny.pdf)

I have found S/MIME to be barely implementable. What can we do together to
make it easier to use email encryption?

~~~
scott_karana
Dupe comment?

------
kaizendad
Thanks for sharing this. It's terrifying how relevant this is - the predicted
government ability to read all communications has come true.

------
Sealy
Thanks for the share. Relevant given politicians are currently, and
predictably using the recent news to push through various snoopers charters.

Has nobody told them that in reality, the problem is not encryption. Its poor
foreign policy as well as poor international relations.

Thats my two cents for what its worth. Im no expert on foreign policy though
although I do understand that the clear agenda in it is peace.

------
jsatk
Thanks for posting. This is incredible.

------
iamleppert
I wonder how the people who wrote crypto software and provide secure messaging
services feel about terrorists and other bad people using their products to
execute their plans? Most of these people wouldn't have the ability or access
to such technology had it not be for the efforts of a few who have made it
very accessible and user friendly.

I know there are plenty of legitimate uses, but especially for the services
that essentially bill themselves as secure and untraceable, you have to know
at a certain point you've designed and built technology that is actively being
used to hurt innocent people. For me it would be difficult to quantify if the
amount of good is worth the all the bad people in the world.

~~~
hellbanner
This is the "think of the children" argument used by many manipulative
government news agencies when discussing

anonymous money anonymous communication anonymous residence anonymous weapons

etc

Maybe we should make hands illegal since they do illegal things and you can
only use your hand with a license from the smart-over-lord-government, right?

Or less dramatically, all technology and all constructions from home
improvements to particle accelerators to hairspray to encrypted internet
should pass review from the government and people can only work on what the
government approves and use things they have licenses for.

\--

Do you want to apply your same argument to car manufacturers? Cars can be used
by kidnappers, bank robbers, rapists and murderers to flee crime scenes. So
car manufacturers should stop producing cars because all of the good they are
used for (visiting loved ones in the hospital, visiting your kids baseball
game, going to work) isn't worth the carnage caused by the "bad people"?

~~~
CrimsnBlade
Exactly right. It goes with almost anything, if you make it, someone will end
up finding a way to use it in a negative way. If everyone lived thinking X
shouldn't be created because it could turn into Y then we would all be living
in caves afraid of everyone else.

~~~
hellbanner
Did you see the frontpage today? EU clamping down on bitcoin to avoid viking
invasion.
[https://news.ycombinator.com/item?id=10594453](https://news.ycombinator.com/item?id=10594453)

~~~
Adlai
You just made me laugh out loud :)

