The
possibility that terrorists could have used encryption technology
to help plan the 9-11 attacks has resulted in much debate over whether
the government should be given back-door keys to encryption programs,
such as PGP. The following was written by Philip Zimmermann, creator
of PGP, in response to a September 21 Washington Post article which
described Mr. Zimmermann as "overwhelmed with feelings of guilt
" in the wake of 9-11. Mr. Zimmermann argues that his feelings
were misrepresented by the reporter and expresses his views against
providing the government back-door keys to encryption.
For
more information about Philip Zimmermann and his work, click
here.
No
Regrets About Developing PGP
By Philip
Zimmermann
24 September 2001
The Friday September 21st Washington Post carried an article by
Ariana Cha that I feel misrepresents my views on the role of PGP
encryption software in the September 11th terrorist attacks. She
interviewed me on Monday September 17th, and we talked about how
I felt about the possibility that the terrorists might have used
PGP in planning their attack. The article states that as the inventor
of PGP, I was "overwhelmed with feelings of guilt". I never implied
that in the interview, and specifically went out of my way to emphasize
to her that that was not the case, and made her repeat back to me
this point so that she would not get it wrong in the article. This
misrepresentation is serious, because it implies that under the
duress of terrorism I have changed my principles on the importance
of cryptography for protecting privacy and civil liberties in the
information age.
Because of
the political sensitivity of how my views were to be expressed,
Ms. Cha read to me most of the article by phone before she submitted
it to her editors, and the article had no such statement or implication
when she read it to me. The article that appeared in the Post was
significantly shorter than the original, and had the abovementioned
crucial change in wording. I can only speculate that her editors
must have taken some inappropriate liberties in abbreviating my
feelings to such an inaccurate soundbite.
In the interview
six days after the attack, we talked about the fact that I had cried
over the heartbreaking tragedy, as everyone else did. But the tears
were not because of guilt over the fact that I developed PGP, they
were over the human tragedy of it all. I also told her about some
hate mail I received that blamed me for developing a technology
that could be used by terrorists. I told her that I felt bad about
the possibility of terrorists using PGP, but that I also felt that
this was outweighed by the fact that PGP was a tool for human rights
around the world, which was my original intent in developing it
ten years ago. It appears that this nuance of reasoning was lost
on someone at the Washington Post. I imagine this may be caused
by this newspaper's staff being stretched to their limits last week.
In these emotional
times, we in the crypto community find ourselves having to defend
our technology from well-intentioned but misguided efforts by politicians
to impose new regulations on the use of strong cryptography. I do
not want to give ammunition to these efforts by appearing to cave
in on my principles. I think the article correctly showed that I'm
not an ideologue when faced with a tragedy of this magnitude. Did
I re-examine my principles in the wake of this tragedy? Of course
I did. But the outcome of this re-examination was the same as it
was during the years of public debate, that strong cryptography
does more good for a democratic society than harm, even if it can
be used by terrorists. Read my lips: I have no regrets about developing
PGP.
The question
of whether strong cryptography should be restricted by the government
was debated all through the 1990's. This debate had the participation
of the White House, the NSA, the FBI, the courts, the Congress,
the computer industry, civilian academia, and the press. This debate
fully took into account the question of terrorists using strong
crypto, and in fact, that was one of the core issues of the debate.
Nonetheless, society's collective decision (over the FBI's objections)
was that on the whole, we would be better off with strong crypto,
unencumbered with government back doors. The export controls were
lifted and no domestic controls were imposed. I feel this was a
good decision, because we took the time and had such broad expert
participation. Under the present emotional pressure, if we make
a rash decision to reverse such a careful decision, it will only
lead to terrible mistakes that will not only hurt our democracy,
but will also increase the vulnerability of our national information
infrastructure.
PGP users should
rest assured that I would still not acquiesce to any back doors
in PGP.
It is noteworthy
that I had only received a single piece of hate mail on this subject.
Because of all the press interviews I was dealing with, I did not
have time to quietly compose a carefully worded reply to the hate
mail, so I did not send a reply at all. After the article appeared,
I received hundreds of supportive emails, flooding in at two or
three per minute on the day of the article.
I have always
enjoyed good relations with the press over the past decade, especially
with the Washington Post. I'm sure they will get it right next time.
The article
in question appears here.
Reprinted
with permission from Mr. Zimmermann, the creator of Pretty Good
Privacy. For more information on Mr. Zimmermann, click
here.
Return to Current Events Index
|