bulletin lambda 2.06

April 4, 1996

© Planète Internet.
The Scientist and the Frog

Phil's portrait Phil Zimmermann, the "digital privacy guru" (as I call him) was in France for the first time, and he knew that France was the one and only country among democratic nations to block individuals from using cryptographic tools like his pretty good program PGP. Our actual chat took place in Paris, February 23, 1996.

  • You can read about the context Zimmermann went in France : bulletin lambda 2.02
  • And the last news about new French encryption regulations : bulletin lambda 2.05
    The face to face chat

    In France, I began, the government states that Justice cannot remain blind and deaf. So that's why "pretty good privacy" is considered here as a dangerous weapon.

    Phil Zimmermann : "In the physical world (the 'Meat world', as John P. Barlow says), we have a certain amount of privacy -- face to face communications are private, most of our paper mail are private. But as we move into the information age we are losing our privacy -- most of our communications are no longer face to face. They become digital, they can be intercepted, automatically scanned by computers for "subversive" keywords. Our email is replacing paper mail - so it can be filtered in mass by government computers, just like drift net fishing. I think that's bad for democracy."

    "Sure, the governments will make its argument that justice cannot be blind and deaf -- it's a good argument! But it's not the only one : if a governmet becomes omnicient, [with the help of] electronic surveillance, then it's a very close step from omniscience to omnipotence."

    Phil pgped#1 Pretty Good Policy

    Phil explained how he came to think that cryptography could be useful for protecting privacy. "I began to think of ... cryptography in political terms in 1984 when I was active in the nuclear weapons freeze movement", he said. "I began to think that grass roots political organisations were already using computers to organize -- and I thought that if they wanted to be efficient, they woud have to use cryptography. Because otherwise the government could intercept their electronic communications, their mailing lists, members lists, donors lists, and see who is involved in the organisation. [All this] could have been used in some harmfull way. ... So that's how I decided to write a software that would eventually become PGP."

    "Our own government has a bad trackrecord about taking advantage of its power like that," he said. "In the 50's, we had a terrible chapter in our history. When Sen MacCarthy tracked down anybody who was a member of the Communist Party, and ruined their career. Not just people who were members, but also their friends. Imagine if [the government] had the tools of modern technology, imagine if it could see all of the email that anybody sends to each other..."

    As Simson Garfinkel explained in his book, "PGP" (O'Reilly, 1994), Phil had no background in cryptography. But he learned a lot in computer sciences at the end of the 70's. So during six years he had to learn about RSA's public key cryptography, and eventually entered in a legal battle with RSA Data Security, which owned exclusive rights on RSA algorithm applications, even if PGP was not a complete RSA-based tool. In 1990 he was ready to launch a shareware.

    But in late 1990, after 3 months of unpaid work on PGP, "some legislation was introduced in the US that would outlaw cryptography : it was the Senate Bill S266. And it stated that [the government] would require back doors into secure communications systems. So I decided to give it away for free -- I needed to spread it as widely as possible when it was still legal to do so. So I took another 3 month to finish the project. Six months of unpaid work -- I was very close to losing my house..."

    Phil pgped#2 Pretty Good Proverb

    Phil Zimmermann often draws a parallel between cryptography and cars in the beginning of the century. "Car were used to escape the scene of a crime ... The best examples of criminals using cars early in the century were Bonny and Clyde", he laughed.

    But, I said, playing the Devil's advocate, the police decided that every car must be registered with a car plate. And we could consider that PGP is the fastest car man has ever built. Isn't that legitimate to try to stop it?

    "Yes," Phil said. "But PGP is for protecting your speech ... . And if you take that position ['ban the fastest car'], then why should we allow people to have face to face conversations? If you and I go walk in the woods, and we have a face to face conversation, the police cannot intercept that. So maybe if you believe that it's dangerous, then the police should require us to carry microphones attached to our coats, so that they can record everything that we say to each other ... . We could have special devices that encrypt our voices and get them recorded, so that only the police can listen to, [with a] court order to get the proper key. Or maybe you don't need encryption : the tapes get stored in a bank or someplace and they can listen to our conversation if they get the court order. Most people would fear that it's a bad thing. Most people would fear that it's too much like George Orwell's "1984", most people would fear that it's too much power in the hands of the governement, most people would fear that the right to a private conversation is a such an important right that the government should not be able to listen it..."

    ... "So if you accept the idea that the police should have the right to listen to our [phone] conversations, then why don't you accept the idea that they should have a right to listen to our private conversation when we talk face to face when we go for a walk in the woods?..."

    "And why not put video cameras in our houses? I'm sure they could solve many more crimes if they put cameras in our homes, even in our bedrooms. We could live in a crime-free society! But do we want to live in such a society? You made the argument earlier that Justice cannot be blind and deaf -- well, fine! If you want to believe that, I mean if you buy that argument, it does sound good, and I agree with that -- to some extent. But how far? If we have video-cams and they promise not to turn them on except when they suspect you've been doing something nauthty... What kind of society is that?"

    "It's like the story of a scientist who put a frog in boiling water... The frog immediatly jumped out of the water. So then the scientist put the frog in a room-temperature water, and then he slowly heated the water, til it boiled. The frog didn't notice the increment of the temperature, so it stayed in the water... And then it boiled to death! This is what's happening to us with ... the technology slowly incrementally taking away our privacy."

    It seems the notion of key escrow cryptography is also a question of temperature? Yes, people think key escrow is OK because they *had been* used to the idea that the police can tap their phone. They already accept that. So it's easy for the police to get them to accept the next thing [give away their crypto keys]. This is [like] the incremental change in temperature in the water."


    Additionnal and useful sources:
  • PGP, written by Simson Garfinkel (1994), French translation by Nat Makarévitch (1995). Ed. O'Reilly International Thomson, 1995.
  • "Prophet of Privacy", Wired, novembre 1994.
  • "Cyber Rebel", Denver Post Sunday, 3 mars 1996.
    Back to netizen's home page. Retour vers la page d'acceuil.