Note: Many of the URL's provided in this and other columns have changed or disappeared in the decade since this column was written. They are left intact in these columns to preserve the original content.

On Friday, Jan. 12, 1996, the Associated Press released the following item:

PRETTY GOOD PRIVACY

SAN FRANCISCO (AP) -- The government says it won't prosecute a software writer whose program keeps internet communications secret. Philip Zimmermann's Pretty Good Privacy encryption program makes computer messages unreadable to anyone except the intended recipient. The government opposes export of cryptographic technology because it makes monitoring electronic communications overseas difficult. Domestic law enforcement agencies fear such programs could keep them from eavesdropping on digital conversations. Pretty Good Privacy is available on the World Wide Web at http://www.epic.org/privacy/tools.html

PGP (short for Pretty Good Privacy) is a highly secure public key encryption program originally written by Philip Zimmermann. Over the past few years, PGP has got thousands of ardent supporters all over the globe and has become a de-facto standard for encryption of email on the Internet. If you don't know whether PGP is something for you, please take some time to read Phil Zimmermann's article on why you should use PGP. You may also be interested in this excellent introduction to PGP, taken from a PGP workshop by Electronic Frontiers Houston. Adam Back has written this history of PGP.

I first met Phil Zimmermann in the summer of '94 at a hacker conference in Las Vegas, where he was scheduled to be the keynote speaker. Through a bizarre set of mishaps with the "organizers" of the conference - and I use the term loosely here - he didn't have a room. My late friend, Jim Gallagher and I were standing nearby as he was informed of his roomlessness. Springing into action, we offered him the extra bed in our suite, and his misfortune lead to our good fortune of being able to spend many hours with this fascinating individual.

Soon after completing PGP, Phil found himself the target of the United States Government, who accused him of exporting PGP outside the U.S. The Feds essentially asserted that Phil uploaded PGP to Usenet, thus violating laws against such a program being exported without a license. In laws enacted around World War II, encryption technology falls under the same jurisdiction as munitions.

As his legal battles grew, so did his infamy. And so did the similarity between his case and that of David v. Goliath, et al. In empassioned speeches, he spoke of how his program is being used by everyone from criminals/politicians to freedom fighters to, well, you name it. They use PGP if they need rock-solid security. The standard speech was followed by a plea for donations to his legal defense fund, since he was facing "imminent" indictment and possibly a very long prison term.

Along the journey, Phil was offered "digi-political asylum" by MIT, who took over the development and distribution of the "official" version of PGP.

Arguably, Phil has have done more for civil liberties than any other individual in this century by providing digital transmissions the ability to "privately" be deciphered by the intended recipient ONLY.

Why You Should Consider Using PGP

The Internet is a boon to communication, making it possible to move text, pictures, software, sounds, and video anywhere on the planet within seconds. One of the downsides is that along the way, your packets can be intercepted by someone other than the intended recipient. This has actually happened to me, where a total stranger sent me email regarding a (bad) joke I had written in an email message to a friend. Unscrupulous individuals - and I'm thinking here of most of the kids at the hacker conference - are known to put up "sniffers" to look for things of interest. On a scarier note, so can the government. If you don't bother to protect your transmissions, it's sort of like sending a postcard to someone, where every one who handles it along the way can read it.

PGP provides multiple levels of security, determined by the number of bits you choose for your private key. For reference, the 429-bit key "RSA- 129" required 6000 mips-years to break, and the difficulty doubles every few bits.

• 512 bits: Adequate for casual personal security (512 bits).

• 768 bits: If you have reason to believe that a major corporation or a very large number of hackers with ENORMOUS computer resources are trying to decrypt your message, you should go with the 768-bit key.

• 1024 bits: If you have reason to believe that a major government is trying to decrypt your messages, you should go with the 1024-bit key AND build a radiation-proof shielded room to use your computer. There are various other security protocols you would have to use as well, some of which are documented and some of which involved big safes and armed guards.

• 2047 bits: If you have reason to believe that space aliens, quantum computers, Operating Thetans or Russian COSMOspheres are trying to decrypt your messages, you should go with 2047-bit keys and seek psychiatric help.

• If you need your message to STAY secret for a couple of decades, double the keysize to allow for future technological advances.

The current version of PGP, 2.6.2, is available to all legal AMERICANS who must answer four simple questions before they get the details on how to download it. Whatever you do with it, don't EXPORT it.

In its "native" form, PGP is a bit cumbersome for the average computer user, unless they happen to like command-line-driven software. There are a growing number of front-ends and remailers to simplify the process. Most of the sites referenced in the URL table below provide links to where these front-ends can be found.

I plan to start including PGP as part of my 'net strategy, particularly when I'm h*ys%$pt+ G!5 t@1j #lq

[no carrier]

Original article for Computing News & Review, January, 1996

Copyright © 1996 Jonathan E. Sisk.

Web Sites referenced in this article:

MIT
Why do you need PGP? by Phil Zimmermann
EPIC
Cryptography, PGP, and Your Privacy
The PGP Home Page
PGP addons
UseNet Newsgroup: alt.security.pgp