×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Philip Zimmermann and 'Guilt' Over PGP

Roblimo posted more than 12 years ago | from the freedom-is-still-the-goal dept.

Encryption 837

Philip R. Zimmermann, creator of PGP, was quoted in a recent Washington Post article as saying he has been "overwhelmed with feelings of guilt" about the use of PGP by suspected terrorists. Zimmermann says the story was not entirely accurate, and has written a response to it (below) that he hopes will clear things up. He has also consented to a Slashdot interview, so please post any questions you have for him. As usual, we'll send 10 of the highest-moderated ones to Zimmermann by email, and post his replies verbatim as soon as we get them back.

No Regrets About Developing PGP

The Friday September 21st Washington Post carried an article by Ariana Cha that I feel misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. She interviewed me on Monday September 17th, and we talked about how I felt about the possibility that the terrorists might have used PGP in planning their attack. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case, and made her repeat back to me this point so that she would not get it wrong in the article. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.

Because of the political sensitivity of how my views were to be expressed, Ms. Cha read to me most of the article by phone before she submitted it to her editors, and the article had no such statement or implication when she read it to me. The article that appeared in the Post was significantly shorter than the original, and had the abovementioned crucial change in wording. I can only speculate that her editors must have taken some inappropriate liberties in abbreviating my feelings to such an inaccurate soundbite.

In the interview six days after the attack, we talked about the fact that I had cried over the heartbreaking tragedy, as everyone else did. But the tears were not because of guilt over the fact that I developed PGP, they were over the human tragedy of it all. I also told her about some hate mail I received that blamed me for developing a technology that could be used by terrorists. I told her that I felt bad about the possibility of terrorists using PGP, but that I also felt that this was outweighed by the fact that PGP was a tool for human rights around the world, which was my original intent in developing it ten years ago. It appears that this nuance of reasoning was lost on someone at the Washington Post. I imagine this may be caused by this newspaper's staff being stretched to their limits last week.

In these emotional times, we in the crypto community find ourselves having to defend our technology from well-intentioned but misguided efforts by politicians to impose new regulations on the use of strong cryptography. I do not want to give ammunition to these efforts by appearing to cave in on my principles. I think the article correctly showed that I'm not an ideologue when faced with a tragedy of this magnitude. Did I re-examine my principles in the wake of this tragedy? Of course I did. But the outcome of this re-examination was the same as it was during the years of public debate, that strong cryptography does more good for a democratic society than harm, even if it can be used by terrorists. Read my lips: I have no regrets about developing PGP.

The question of whether strong cryptography should be restricted by the government was debated all through the 1990's. This debate had the participation of the White House, the NSA, the FBI, the courts, the Congress, the computer industry, civilian academia, and the press. This debate fully took into account the question of terrorists using strong crypto, and in fact, that was one of the core issues of the debate. Nonetheless, society's collective decision (over the FBI's objections) was that on the whole, we would be better off with strong crypto, unencumbered with government back doors. The export controls were lifted and no domestic controls were imposed. I feel this was a good decision, because we took the time and had such broad expert participation. Under the present emotional pressure, if we make a rash decision to reverse such a careful decision, it will only lead to terrible mistakes that will not only hurt our democracy, but will also increase the vulnerability of our national information infrastructure.

PGP users should rest assured that I would still not acquiesce to any back doors in PGP.

It is noteworthy that I had only received a single piece of hate mail on this subject. Because of all the press interviews I was dealing with, I did not have time to quietly compose a carefully worded reply to the hate mail, so I did not send a reply at all. After the article appeared, I received hundreds of supportive emails, flooding in at two or three per minute on the day of the article.

I have always enjoyed good relations with the press over the past decade, especially with the Washington Post. I'm sure they will get it right next time.

The article in question appears at http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html

-Philip Zimmermann
24 September 2001

(This letter may be widely circulated)

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQA/AwUBO69F2sdGNjmy13leEQIn+QCg2DjDeyibtRe61tUSplSAobdzAqEAoOMF ir3lRc4c1D/0Mmmv/JtP/E73 =HmRO
-----END PGP SIGNATURE-----

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

837 comments

Tools are never evil (5, Insightful)

SuiteSisterMary (123932) | more than 12 years ago | (#2341695)

Only their users. And remember, good and evil are relative. Not everybody thinks like you do.

Re:Tools are never evil (-1)

cyborg_monkey (150790) | more than 12 years ago | (#2341754)

The plural of Lego is Lego, not Legos.

Taleban! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2341816)

Chemical warfare!!!

Fuck it up!

Liquidate
The torture kills the troops that try to fight
Terminate
Human pesticide bring days of doom
Mist falls
The deadly gas that brings them to their knees
Sacrifice
Steal the soul and send his corpse to hell

Hahahahahaha

Re:Tools are never evil (1)

beagle (99378) | more than 12 years ago | (#2341827)

You're right about one thing - tools are never evil, but their uses can be.

You're not right about the other - good and evil are not relative. If they were, there would be -- in someone's mind -- justification for the murder of 6,000+ innocent civilians in New York, Pennsylvania, and Washington last week. There is never any justification for the murder of innocents.

Re:Tools are never evil (-1)

Anonymous Pancake (458864) | more than 12 years ago | (#2341860)

actually there are many radical muslims who think death to 6000 of satan's children is a great thing.. I think they are a little nuts though!

But there is (3, Insightful)

wiredog (43288) | more than 12 years ago | (#2341867)

there would be -- in someone's mind -- justification for the murder of 6,000+ innocent civilians

There is justification in someone's mind, else it wouldn't have happened. Not saying it's a good justification, it isn't, but they felt it justified. Which proves the bankruptcy of their ideas.

Re:But there is (2, Insightful)

RevAaron (125240) | more than 12 years ago | (#2341879)

Just like that little thing called the Crusades, that goes to prove that Christians are also morally bankrupt.

Re:Tools are never evil (3, Insightful)

Drone-X (148724) | more than 12 years ago | (#2341890)

You're not right about the other - good and evil are not relative. If they were, there would be -- in someone's mind -- justification for the murder of 6,000+ innocent civilians in New York, Pennsylvania, and Washington last week. There is never any justification for the murder of innocents.
I'm pretty sure the US government was convinced that A-bombing Japan was justified. Or rather, I hope they did and do believe that it was justified, it would be far worse if they themselves think of that action as evil.

Same goes for terrorists. No matter how "inhumane" people might find their actions, if they believed/believe in their cause then their action is as just as the A-bombing of Japan.

Awaiting countless corrections...

Re:Tools are never evil (0)

Anonymous Coward | more than 12 years ago | (#2341895)

Tell that to "God" next time he causes an earthquake in a densely populated area.

Of course, he can get away with it, terrorists can't...

Re:Tools are never evil (1)

FatRatBastard (7583) | more than 12 years ago | (#2341901)

There is never any justification for the murder of innocents.

Except maybe war... but only if its a just war... as I define "just"... ooops... but that's the whole "relative" argument again.

Was the US nuking Japan "evil?"
Were the Allies bombing of Dresden "evil?"
Were the Germans bombing of London "evil?"
...

I guess it depends on which side you are on.

Don't get me wrong. I think 9/11 was pretty damn "evil." But the key words there are "I think."

Re:Tools are never evil (1)

pomakis (323200) | more than 12 years ago | (#2341927)

You're not right about the other - good and evil are not relative. If they were, there would be -- in someone's mind -- justification for the murder of 6,000+ innocent civilians in New York, Pennsylvania, and Washington last week. There is never any justification for the murder of innocents.

The justification need not be rational, but you'd be naive to think that bin Laden didn't have what he considered a strong justification for these attacks. From his point of view, he and his army are the good guys, and the Western world is evil. Everybody, in every conflict, no matter what side they're on, always seem themselves as being the good guys. The real world is not like the movies. There is no Dr. Evil.

Re:Tools are never evil (2)

mesocyclone (80188) | more than 12 years ago | (#2341859)

Good and evil are not relative. Moral relativism is a weak and wrong idea.

There are those who are evil. They desire nothing other than to prey upon their fellow human beings.

There are those who are good. They do nothing but help fellow human beings.

Re:Tools are never evil (2, Interesting)

Derek S (19004) | more than 12 years ago | (#2341888)

It would appear, then, that there are no good or evil people in the world.

Re:Tools are never evil (3, Insightful)

RevAaron (125240) | more than 12 years ago | (#2341920)

So, would you say these indivudials have been "possesed" by "agents of Satan?" Absolute morality is a farce- relativism is the only obvious truth simply because there is a range of ideas. Those who did this felt righteous in what they did- or they wouldn't likely have done it. There are no such things as people that are evil and "desire nothing other than to prey upon their fellow human beings." Or maybe we're all these people- after all, we've all done something immoral.

Absolutism smacks of religion, especially Christianity, which more than most religions, claims that all morals are absolute, and (surprise!) their morals are the absolutely correct ones.


Just because you think you're right doesn't mean you are- regardless of whether or not your religion justifies it. Nor does it mean those who differ from your are wrong. But such is the purpose of religion- to give people something behind which to rally (absolute morality), and an enemy to against which to fight (those with a different set of absolute morals).

Re:Tools are never evil (1)

FatRatBastard (7583) | more than 12 years ago | (#2341923)

Well, your definition's certainly are absolute... the question is, how exactly you "pick the teams."

Those who "prey upon their fellow human beings" is a little vague. I could throw pretty much anyone in that category.

Same with those who "help fellow human beings."

Nice sentiment, but very, very abstract (and personally definable) definitions.

Re:Tools are never evil (0, Interesting)

Anonymous Coward | more than 12 years ago | (#2341925)

Good and evil are not relative. Human perception of them is.

Name `PGP` (1)

pallex (126468) | more than 12 years ago | (#2341704)

Do you regret not calling PGP something like `Knife` or `Law`, so the clueless would perhaps be more likely to be aware of the fact that it could be used for good AND evil?

guilt? (0, Informative)

wobblie (191824) | more than 12 years ago | (#2341712)

I wonder if Bush Sr or Clinton are overwhelmed with feeling of guilt over tens of thousands of East Timorese being slaughtered with US weapons.

Phil (-1, Troll)

Anonymous Coward | more than 12 years ago | (#2341729)

Breaking the law!
Breaking the law!

So much for the golden future, I can't even start
I've had every promise broken, there's anger in my heart
you don't know what it's like, you don't have a clue
if you did you'd find yourselves doing the same thing too

Now this folks.... (1)

Dr. Smeegee (41653) | more than 12 years ago | (#2341732)

Is an example of the kind of cool head that will prevail.

No bellrin' pain and threatening lawsuits. I am once again pleased that some folks are able to keep their wits about them in stressful situations.

Go Phil!

The Washington Post (3, Insightful)

Stickster (72198) | more than 12 years ago | (#2341739)

We who live in the D.C. area are very familiar with the Post's penchant for "manufacturing" stories where none exist. Mr. Zimmerman unfortunately was the party on the receiving end of the editorial foul play in this particular case.

As a community, we should recognize that the Post as well as other news media outlets are NOT in their line of work to provide complete and unbiased coverage of events. They are in business to make MONEY, and that is a goal that creates in and of itself conflict of interest with reporting the truth in most (if not all) cases.

I wish the readership of the Post was going to be privy to Mr. Zimmerman's clarifications in the same way we /.ers are.

Re:The Washington Post (2)

agentZ (210674) | more than 12 years ago | (#2341781)

I wish the readership of the Post was going to be privy to Mr. Zimmerman's clarifications in the same way we /.ers are



Agreed! I know it's not really a good discussion question, but we should ask Mr. Zimmerman if we can forward his letter to the Post's editorial board. What he wrote should definitely be published.

Re:The Washington Post (2)

hardburn (141468) | more than 12 years ago | (#2341862)

The end of Zimmerman's message says it can be freely distributed, so forward away.

Re:The Washington Post (2)

agentZ (210674) | more than 12 years ago | (#2341891)

Yes, I saw that, but I wonder if the Post would print something they got from a third party. That is, would a non-computer saavy editor recognize the PGP signature and see it as valid, or just assume that I'm some wacko saying, "Yeah, Phil told me this on the street yesterday. Publish it and attribute it to him."

I'll send it in though.

Re:The Washington Post (2)

agentZ (210674) | more than 12 years ago | (#2341931)

My apologies for responding to my own post. Here is the Post's policy on publishing letters:
Letters must be exclusive to The Washington Post, and must include the writer's home address and home and business telephone numbers. Because of space limitations, those published are subject to abridgment. Although we are unable to acknowledge those letters we cannot publish, we appreciate the interest and value the views of those who take the time to send us their comments.
Source: http://www.washingtonpost.com/wp-dyn/articles/A133 01-2000Mar5.html [washingtonpost.com] .
Thus, Mr. Zimmerman needs to send it himself.

Re:The Washington Post (1)

jazman_777 (44742) | more than 12 years ago | (#2341833)

We who live in the D.C. area are very familiar with the Post's penchant for "manufacturing" stories where none exist. Mr. Zimmerman unfortunately was the party on the receiving end of the editorial foul play in this particular case.


My first reaction was, "I don't believe the Washington Post." And to think, I delivered that propaganda rag for four years! The shame of it all.

Genie is out of the bottle... (1)

Alpha Prime (25709) | more than 12 years ago | (#2341740)

The genie of encryption is out of the bottle and the only thing laws can do is to make criminals of even more of us. How do they plan on enforcing the use of 'safe' encryption? Do they really think we would be stupid enough to put "Encrypted Message" in the subject of an email? Without that, it just looks like any other message.

Re:Genie is out of the bottle... (1)

Darkstorm (6880) | more than 12 years ago | (#2341810)

Actually it looks like allot of garbage. Its not whether or not they can tell its encrypted or not it the fact we have the choice.

Phil, have you ever used this pickup line? (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#2341744)

"Honey, I'm looking for some Pretty Good Pussy."

Re:Phil, have you ever used this pickup line? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2341831)

Please,he's Phil Zimmerman. He can get any woman he wants!

Re:Phil, have you ever used this pickup line? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2341837)

You mean like RMS, ESR and Linus?

I'm sure I'm preaching to the choir here... (2)

JohnTheFisherman (225485) | more than 12 years ago | (#2341746)

Now that the encryption tools, which are not evil, but can be used for such just like a car or a hammer or a computer or virtually any other useful thing, are out there with full source code and all, does anyone seriously think the nasty bad men

1) will upgrade to the new CIA-approved encryption technologies, should they pass, or
2) will not be able to extend the previous technology as computers get faster

The genie is out of the bottle. All we can do is allow government to pry into the lives of honest, law abiding citizens with new back doors.

It's the same as *strict* gun control - criminals already won't follow the law, so they aren't going to suddenly turn in their guns if they become illegal. Oh, guess I'll have to find a new way to break the law, now that guns are illegal.

C'mon Now (2)

ekrout (139379) | more than 12 years ago | (#2341748)

So, let's blame Babbage for the computer, Ford for the everyday automobile, Bell for the telephone, ...

Everyone's been lashing-out at the wrong people lately (all Islamics, Zimmerman, ...). They just don't know where to direct their anger. But as long as we know they're not justified, it's not so bad.

You have a point. (-1)

CmdrTaco on (468152) | more than 12 years ago | (#2341806)

Everyone's been lashing-out at the wrong people lately (all Islamics, Zimmerman, ...). They just don't know where to direct their anger.

We shouldn't be lashing out at all Islamics. Just most Islamics.

Re:C'mon Now (2)

garcia (6573) | more than 12 years ago | (#2341823)

someone else always has to take the blame.

at least w/the recent bullshit about a national ID I can blame it on that idiot from Oracle and not the government. ;)

Re:C'mon Now (0)

Anonymous Coward | more than 12 years ago | (#2341880)

Who has been lashing-out at "all Islamics"? I've seen nothing but the opposite. Everyone on that television show went out of their way to differentiate the good and the bad. Over and over and over again!

These are just tools!!!!! (1)

jdevons (233314) | more than 12 years ago | (#2341750)

I really ahte when people equate tools to the evil done by SOME men with these tools.

If you think about it, there are very few tools that cannot be used for evil purposes.

I'm sure that Alexander Grahm Bell isn't sorry he created the telephone just because some people use it to set-up bank jobs and murders!

The problem the US has is that the media has blinded many of us into equating tools and the people who use them.

-Are planes bad just people some nut-cases used them to crash into the WTC?
-Are guns evil because bad people use them?
-Is nuclear power evil because a bomb can be built from similar technology?
-Are SUV's evil because the government has forced other cars to be small, light and inherently unsafe?

I say an emphatic, "NO!"

Re:These are just tools!!!!! (0)

Anonymous Coward | more than 12 years ago | (#2341792)

Is nuclear power evil because a bomb can be built from similar technology?

It's not evil but it's dirty.

In Europe the countries are already abandoning both fossile fuels AND nuclear power and embracing alternative energy sources.

Question to Zimmermann (2, Interesting)

mnordstr (472213) | more than 12 years ago | (#2341756)

What do you think about the idea of having government backdoors in crypto standards?

Re:Question to Zimmermann (1)

scott1853 (194884) | more than 12 years ago | (#2341868)

I think he already responded to this by saying we wouldn't see back doors in PGP.

Re:Question to Zimmermann (1)

mnordstr (472213) | more than 12 years ago | (#2341906)

I am pretty sure we all know his opinion about this, but I'm interested in knowing his thoughts about this, and what it might lead to if backdoors were introduced.

Zimmeran's actions have only begun to hurt America (-1)

The_Messenger (110966) | more than 12 years ago | (#2341758)

The media isn't talking about it, but a new danger is at hand. A spooky danger. Halloween is just around the corner, and, upon the last day of October, the possiblity arises -- no pun intended -- that thousands of skeletons, ghosts, and zombies will emerge from the rubble of the World Grave Center and terrorize New York City. Of the $20 billion recently appropriated by Congress for disaster recovery, how much money is being invested in the rapid development and deployment of ghostbusting technology? Do we really want the families of WGC victims being subjected to the sight of their deceased loved ones shambling across downtown Manhattan, eating the brains of the innocent in celebration of their unholy holiday?

Not only that, but the vast quantities of fresh blood being sent to New York may trigger a vampire epidemic. I tell you, October in New York will be spooktacular indeed.

Blame the Wright brothers (2)

TomatoMan (93630) | more than 12 years ago | (#2341759)

If they hadn't invented the airplane, none of this would have happened, right?

In fact, it's clearly Bernoulli's fault - if he hadn't told everybody all that business about particles in motion exerting less pressure to the sides, none of this would have happened.

No, Phil, if you hadn't invented it, someone else would have. You're on the right side. Tools are not evil and privacy is important, even when abused. Don't give it another thought. Be strong.

Tools are not Evil. (-1)

CmdrTaco on (468152) | more than 12 years ago | (#2341847)

But the inventors ARE. For example: lets say someone invents a computerized machine gun that flies through the air and locates any heat source that may be of a living creature. Now when it locates the heat source it analizes the DNA from a far and if it is a. human, and b. caucasian that it will blow it's brains out. All in a matter of less than one second. Should be let the inventor live?

You sympathizing bastards make me sick!

Future of pgp (5, Interesting)

Darkstorm (6880) | more than 12 years ago | (#2341762)

Although I don't use pgp on a daily basis I do occasionally use it and wish that more businesses supported it for use in email. I would much rather encrypt personal information being sent to a company but they don't support it.

Is there any plans for improving pgp's ability to incorporate itself into email programs and other forms of internet communications that will make it easier for companies and end users to use?

Lets spread the guilt around! (2)

PopeAlien (164869) | more than 12 years ago | (#2341763)

Hotmail? Internet Cafes? Who needs encryption when you can walk into a cafe and log on to agad435q3@hotmail.com and use keywords instead of blatant text?

Sheesh. I mean there may be a lot of guilt to spread around, but this is ridiculous.

backdoor shit. (2, Redundant)

garcia (6573) | more than 12 years ago | (#2341767)

It is obvious (at least to me) that you do not support adding backdoors to encryption software.

My question is: is this a true statement (in light of recent events) and do you personally believe that the current maintainers of the PGP software will be against such actions (even though they will have to comply)?

Also: how "clean" do you believe the software is (after you left)?

I am sorry to see that you were misquoted, they seem to like to do that to make their stories seem more interesting. Reminds me of Good Morning Vietnam.

Re:backdoor shit. (2)

Rogerborg (306625) | more than 12 years ago | (#2341854)

  • the current maintainers of the PGP software will [...] have to comply [with putting in back doors]

Only the people working on or selling versions in a jurisdiction that mandates it.

Hmm. If I develop PGP-ish code (i.e. do the typing) inside the USA, but it's stored entirely on servers outside the USA ((barely) workable with current technology), and sold and marketed entirely outside the USA, will I still go to jail under the proposed legislation? Or if I go outside of the US to work on it, then re-enter the country, do I get Sklyarov'd? Questions to ask of any proposed bill.

The worst part is that if I were forced to put in backdoors, I'd want to leak the details during development to make it absolutely clear that the whole idea is flawed and unworkable before it even rolls out. But by doing so, I'd cut the throat of my own company. What a bind.

Re:backdoor shit. (0)

Anonymous Coward | more than 12 years ago | (#2341907)

The worst part is that if I were forced to put in backdoors, I'd want to leak the details during development to make it absolutely clear that the whole idea is flawed and unworkable before it even rolls out. But by doing so, I'd cut the throat of my own company. What a bind.

Wouldn't your company deserve to have its throat cut, for kowtowing to the feds? I for one would not buy the product.

use of pgp (1)

neowintermute (81982) | more than 12 years ago | (#2341770)

When I read that article in the Washington Post, I was a little concerned to read that he felt that way and I truly appreciate the corection.

Nevertheless, seeing the importance of vocally protecting our privacy rights in this important time, I recently began using PGP at work as well as at home. I don't send encrypted email messages, because most of the recipients of my email messages are not skilled enough to use or care about encryption. But I do try to spread the word about pgp by signing every message I send out.

If we don't make efforts to maintain our liberties, we will lose them. We have not gained eight hour work days and the freedom to use strong encryption by the grace of our employers or of the government. We have gained every freedom we have through hard, bitter struggle. We can never forget this.

Thanks Phil (5, Insightful)

sulli (195030) | more than 12 years ago | (#2341771)

I was very skeptical of that article. My question: Has the Washington Post apologized or printed a correction? Better yet, have they offered to run your comment as an op-ed? They really should.

Anti-Empowerment == Anti-Liberty (5, Interesting)

Bruce Perens (3872) | more than 12 years ago | (#2341776)

PGP empowers people to exchange secrets. Computers empower people to run flight simulators and much else. The internet empowers people to meet each other, organize, and exchange data. All are used for great good, and some evil. One of the things that threaten government and large industry the most is the fact that these technologies empower the individual in a way that only government and industry were empowered before. They would like to use the excuse that these technologies can be used for crime to remove them from everybody's hands.

What strikes me about this tragic disaster is the way government is targeting technologies that are not connected with the crime, simply because the implication that they could be used is there, using the need to protect the people as a hollow justification to remove our rights.

Bruce

As a pro-life anarchist (1)

linzeal (197905) | more than 12 years ago | (#2341777)

I use pgp routinely for discussions between me and other memebers of my group (anarchists for life), and it is not like we are planning bombings of abortion clinics or the like (we are peaceful towards all humans), but we are afraid of another big brother session like that imposed by bill clinton and janet reno. If you don't know what I'm talking about you have watched too much network news.

Its a tool... (1)

Katan (104699) | more than 12 years ago | (#2341782)

How can you blame someone for inventing the tool? How can you prevent your tool from being misused? Perhaps we should all head to Redmond with torches in hand proclaiming that Microsoft enabled these terrorists to attack America?


Sooner or later, we have to realize that we can not paralize society by protecting it against what either the malicious or stupid might do.

How can we keep our privacy and keep our safty? (1)

the_2nd_coming (444906) | more than 12 years ago | (#2341784)

I was just wondering, how do you think we could keep terrorists at bay if they use PGP to communicate (though I think they use more low-tech meathods) while keeping our liberty and privacy?

More Social Engineering (1)

linatux (63153) | more than 12 years ago | (#2341786)

Just another example of the press printing what they're told to print, rather than the facts.

Expect more hate mail as people start to see how "evil" good crypto is. They already believe guns are evil. Of course, cars are amoral, even though they kill a lot more people. That's the power of the press.

Personally, I aim to be encrypting (or at least digitally signing) all my email by the end of the year. (Just starting to get the hang of it now).

Re:More Social Engineering (1)

jazman_777 (44742) | more than 12 years ago | (#2341857)

Just another example of the press printing what they're told to print, rather than the facts.


The mainstream press is just a bunch of water-carriers for the State. They are slavish apologists for any state program or effort.

To what point should you go, and would it help? (4, Interesting)

shomon2 (71232) | more than 12 years ago | (#2341787)

I'm sorry to hear about the misrepresentation. I'm sure as well that they will do better next time. It's very important that your reaction to this mistake wasn't anger, which is what I'd have expected of a lot of people. Anyway, here's my question:

To what point would you go with PGP? For example, if it were outlawed, or you considered your life to be threatened through some government's outlawing of it, would you stop working with it, or supporting strong crypto? And if you would actually "go underground" if you sincerely believed that it would help people's freedom, do you think it would matter?

What I mean is... do you think the internet(email, freenet, www, etc) could still be seen as a place where people can somehow communicate and share information, even under a regime that tried hard to stop that information being shared?

Clarification Por Favor? (5, Insightful)

doomicon (5310) | more than 12 years ago | (#2341789)

Couple honest questions I would like to ask within this thread for clarification on this issue?

1. What are the uses of cryptography as a "Human Rights Tool"?

2. If in fact tools such as PGP are used by terrorists, how do governments protect against this?

Any information provided would be greatly appreciated.

Cryptography as a human rights tool (1)

rufus t firefly (35399) | more than 12 years ago | (#2341885)

1. What are the uses of cryptography as a "Human Rights Tool"?

PGP can be used by people living in countries with oppresive goverments to communicate in a manner that will not place them in jeopardy for their ideals and principals.

2. If in fact tools such as PGP are used by terrorists, how do governments protect against this?

You don't. Privacy and human rights can be very easily trodden upon by surveillance such as "back doors" being put in encryption software.

Terrorist attempts require more than simply chatting about it via the internet; supplies, planning, and other things are needed to actually execute such an attempt.

I would suggest actually trying to prevent terrorists from executing terrorist actions through greater airport and border security. The government is currently stepping up efforts to control what is brought on-board airplanes, which should help stop further attempts. Our airport security measures were, as a whole, inconsistent and lax, which is a much more feasible thing to blame than PGP.

Re:Clarification Por Favor? (1)

soboroff (91667) | more than 12 years ago | (#2341917)

1. Cryptography is a human rights tool for individuals who live under oppressive regimes without freedoms of expression, speech, or assembly to communicate. It doesn't completely eliminate the possibility of being listened to by secret police or otherwise, but is a tool to enable freer communication.

2. Not by cracking the code. Note this isn't a fault of PGP, it's a fault of modern cryptography and public key cryptosystems in general. Intelligence agencies are of course welcome to use a host of other, more familiar approaches to compromise keys, listen on channels, etc, as their governments (or otherwise) permit.

Re:Clarification Por Favor? (5, Insightful)

Bonker (243350) | more than 12 years ago | (#2341922)

This is probably a troll, so mod me down for biting.

1. What are the uses of cryptography as a "Human Rights Tool"?

Okay, say you live in China, where the government is known to imprison members of certain religous groups using rather spurious claims that these groups are 'terrorist groups'. You've heard of the Faulan Gaun (sp?).

How else do you meet and exchange information and be free in your religion (which the U.S. considers a 'human right') without the aid of data encryption. There are a few ways to do it, but data encryption is the safest and fastest way to do so.

By the same token, look at Amnesty International's website. You won't be able to in China, or other certain countries, unless you use a proxy that bypasses the national filtering. Then, you won't be able to do it safely unless unless your connection to that proxy is encrypted so that you can't be spied upon. Safeweb rocks for surfing pr0n at work. It is essential tool for individuals in China who want to learn about the world around them without seeing it filtered through the prejudices of the Communist Party.

One last example. Say you are an Amnesty International worker in a country where your work is only barely tolerated, like Afghanistan. If you're smart, you'll hide evidences of human rights abuse behind strong encryption so that the collection of that evidence can't be used against you by a hostile court. Bescrypt is the first tool that comes to mind, but I know that there are equally good open source tools that will do the same job.

I could go on and on. Remember that these 'belligerant' governments aren't the only governments that try to violate human rights. The U.S. government will do it if they can get away with it. You've heard of Echelon? Carnivore? These privacy invading tools are completely useless in the face of 2048-bit strength DSS encryption, which is the default key-length in PGP.

Kevin Mitnick's laptop, which is still in posession of the Fed, has *yet* to yeild up any of his secrets that could be used against him because the data inside was encrypted. I think many /.ers feel like Kevin's rights were repeatedly violated. The data in his laptop cannot be used against him to further violate his rights after he's finally out and about to be able to work again.

Encryption is a wondrous power. Let's *not* give it up just because it rubs LEO's the wrong way. The police already have enough power to solve even the most heinous of crimes, just as they are *currently* doing in the WTC attack. Let's not give them more than they need.

Journalists (and editors) (2, Offtopic)

Merk (25521) | more than 12 years ago | (#2341797)

This isn't a question for Zimmermann, it's a question for anybody who knows. What can you do when, like him, you're misquoted in by a journalist?

From the sounds of it, he did everything you could expect someone to do to avoid being misquoted. He emphasized to her he did not feel "overwhelmed with guilt", had her read the article to him over the phone before it was published, and was still misquoted thanks to an editor.

I imagine in certain circumstances you could sue the newspaper for libel, but what else can you do? What are your rights to: 1) not sound like a complete moron, 2) not be quoted out of context, 3) not be misquoted, 4) not have words put in your mouth.

And while we're on the topic, another question for the masses. From what the DoJ and others are doing, I'm getting less and less willing to send my email in plain text. The problem is that my technically unsophisticated friends don't have PGP, and I'm afraid it might be too tough for them. I know I could point them at hushmail (http://www.hushmail.com/ [hushmail.com] ), but are there any other good options? Also, what good arguments can I use to convince them it's worth the effort?

Btw, by "technically unsophisticated" I mean one until a couple of months ago was using a 486 and windows 3.1. I can't expect them to switch to Linux yet, but I want to help them find a good way to use pgp.

Re:Journalists (and editors) (1)

Darkstorm (6880) | more than 12 years ago | (#2341855)

What can you do when, like him, you're misquoted in by a journalist?

I do believe if they put it in quotes its slander. Even so if Mr Zimmermann wanted to he could write them and inform them of their "error" and by law they would have to print a article stating that they messed up.

First off from his statement he doesn't sound like its worth pursuing. Also the papers tend to put corrections in the most unoticable spots in the paper. The correction would never make front page.

I like the fact he seems level headed about it and not raging...as I would be.

Re:Journalists (and editors) (2)

sulli (195030) | more than 12 years ago | (#2341878)

What can you do when, like him, you're misquoted in by a journalist?

Assuming you really were misquoted (and this is a pretty egregious case), you should do the following:

1. Talk to the journalist directly. Find out what happened, and tell the journalist that you won't be a source again unless it's corrected. Responsible papers run corrections routinely.

2. If it's not corrected that way, write a letter to the editor explaining how you were misquoted and setting the record straight.

If, however, you did make the comment and it was taken out of context, or you gave him/her the response he/she was looking for ("Are you angry that Microsoft is shipping XP?" "Yes" can lead to unfavorable press, for example) you don't have much recourse as this really is the prerogative of the journalist. In this case you just need to be more careful, and if possible pick a fairer reporter to give your story to next time.

Criminalization of Encryption (5, Interesting)

JPMH (100614) | more than 12 years ago | (#2341798)

The idea is seriously being canvassed in the UK, of making it a criminal offence to send strongly encrypted material by email, or to put it up on a web page. Could such a law be enforced ?

BAN PGP! (-1)

egg troll (515396) | more than 12 years ago | (#2341805)

PGP is used only by terrorists and child pornographers. No honest citizen has any valid reason for using encryption that its government cannot see through. What do you have to hide?

I Don't Believe The Washington Post (1)

jazman_777 (44742) | more than 12 years ago | (#2341808)

Nor in general, any mainstream media outlet. What a bunch of court hangers-on! Especially in Washington, D.C. I do rely on them for the general news, but the usefulness is in reading between the lines to find out what the truth is.

How to react (2)

autocracy (192714) | more than 12 years ago | (#2341811)

Obviously after developing one of the most profound applications in the computer world (take all the complex problems of high-speed encryption over insecure channels and bundle them into an easy to use program), we have come to a self-evident belief that you support cryptography. But with the US government already in over react mode, and consider weakening crypto after years of progress in the other direction, we find ourselves in a nasty situation. And though the answer is obvious that we need to persuade a vote against anything like this, I am led to believe that you have more experience in such things than the majority of the people on this site. So we ask, exactly what is the best method to ensure that your complaints are both heard and regarded as something other than raving lunacy.

Glad to hear it (0)

Anonymous Coward | more than 12 years ago | (#2341813)

I'm glad for the clarification. Even if pgp was used by terrorists (and AFAIK there is no evidence it was), Phil is no more culpable for the attacks than the manufacturers of boxcutters.

Will US Government export restrictions help? (3, Interesting)

ddstreet (49825) | more than 12 years ago | (#2341814)

I'll admit I'm not extremely knowledgable about government regulation of encryption. But it seemed to me that previous US Governement crypto was basically focusing on controlling the exportation of 'strong' (large key?) encryption, not on the internal (by US citizens) use of encryption.

My question is, will export regulations help at all? By 'help', I mean 'accomplish what the US Government wants to happen', which I assume would be reducing the strength of encryption available outside the US. The only way I can see export regulations helping is if the large majority of R&D into encryption is done inside the US. Do you know how much work is done inside and/or outside the US in the field of encryption, and would cutting off US encryption research from the outside world (assuming that is possible via regulation) have a major impact on encryption available out of the US, or an impact on the field of encryption itself?

These laws always amaze me. (2)

NetJunkie (56134) | more than 12 years ago | (#2341815)

Wanting to put back doors in crypto is just like a lot of the firearm control laws to me. What the people that want them don't realize is that criminals DO NOT follow laws. If I'm going to go shoot someone do you really think I'm going to get a gun the legit way and fill out the paperwork? If I'm going to encrypt my email for terroristic purposes, am I really going to use a tool with a back door?

NO! So it just wastes time and costs everyone money.

what will become of this? (0)

Anonymous Coward | more than 12 years ago | (#2341817)

Do you plan on limiting who can purchase your product and do you plan on implementing backdoors whether or not they are required? That's my question. :)

Tools are not really an issue (1, Informative)

Anonymous Coward | more than 12 years ago | (#2341818)

As I understand it, with limited cryptographic knowledge, the use of a one time key for encryption is the ideal situation. Why is there such a fuss over these tools when someone could simply XOR their message with say the data from a known music CD or the like. Wouldn't this almost completely protect the information ?

A Related Question (5, Interesting)

jalefkowit (101585) | more than 12 years ago | (#2341824)

I wonder why the reporter didn't think to ask the CEO of Boeing [boeing.com] if he is tormented by feelings of guilt? After all, the attacks showed us that he makes his living selling giant flying bombs that Very Bad People can use to kill thousands of our people in one fell swoop. Surely he must agree that he and his company have blood on their hands, right?

Of course not. Boeing isn't responsible for this tragedy, and neither is Phil Zimmerman (and kudos to Phil for standing up and saying so). Boeing's aircraft have contributed immensely to our national economy by helping make easy commercial air travel possible. Strong crypto has contributed immensely to the economy by helping make the online world a safe, secure place to do business. Both have been misused by evil men to do a great wrong; but they are just tools, with no moral implications beyond those transferred to them through the hands of those who wield them. To place the blame anywhere else is to absolve the monsters behind the attack of the full weight of their crimes.

-- Jason Lefkowitz

Re:A Related Question (1)

m00t (256995) | more than 12 years ago | (#2341905)

No kidding.
Oh no! PGP *may* have been used as a tool by the terrorists! So what? Why whould Mr. Zimmerman feel guilt over such a thing?

Yes, what happened is tragic. But shouldn't the people who made the roads used by the terrorists to get to the airport feel the same guilt? What about the people who built the World Trade Center? Why shouldn't they be tormented by guilt? How about the people who taught the terrorists to fly? What about the ones who made the cars they used? The blades? The clothes? The freedom they used to get as far as they did? Hrm? Well? By the same token, why shouldn't they feel as guilty? Because they shouldn't. ANYTHING can be used for evil. Does this mean that we should dispense with every single thing to be "safe"? That would include dispensing with our lives, for they, too, can be used for evil.

Whoever edited the article to include that garbage should take a few decades to think about what they have implied by their "simple" addition.

Re:A Related Question (2, Troll)

update() (217397) | more than 12 years ago | (#2341929)

I instantly disagreed with your analogy but had to think for a while before deciding why:

I think the difference is that an aircraft is designed to transport passengers and cargo through the air, and in this case was transformed into a destructive tool. (Same for the box cutters used in the hijackings.) Cryptography, on the other hand, is designed to conceal information. If PGP or other crypto was used in the WTC attacks (which I haven't seen anything conclusive saying it was) it was used in precisely the job for which it was intended.

A better analogy is to guns. They make individuals less vulnerable and more powerful, which can be used for all sorts of good and bad purposes.

I've had similar conversations with my father-in-law about working on scientific research that could potentially make for bad uses. I appreciate the importance of ethical oversight in all firelds of science and engineering, but I feel a lot better about my biomedical research, even with the potential for abuse, than about his work on H-bombs that in his opinion (and mine) contributed to the preservation of democracy.

Encryption is less evil than plain text (2)

dattaway (3088) | more than 12 years ago | (#2341828)

What's worse than encryption in the wrong hands? No encryption for anyone. That leaves everything a free for all for all terrorists and crackers.

I'm happy that I can use encryption to communicate, especially when dealing with my computer's security. Regretfully, these tools may have been used by bad people, but encryption has prevented many magnitudes of more trouble from being possible. Its good that we have these tools and I have many great thanks to those who advocate their use and security.

A question; (2)

cluge (114877) | more than 12 years ago | (#2341836)

What's your current experience with US law enforcement like? I know that you were harassed for some time just for developing PGP, are you still harassed? How do you feel about the US law enforcement in general?


I know a lot of questions, but I'm curious to know how you feel after all that you have been through.
.

Why blame Phil Z? (0)

Anonymous Coward | more than 12 years ago | (#2341845)

I found an
article here [yannetta.com] that says that
blaming you for providing encryption to terrorists is like blaming spoons for Rosie O'Donnell being fat. How in the world do you react to this reality statement?

Tell Washington Post and Ariana Eunjung Cha (0)

Anonymous Coward | more than 12 years ago | (#2341850)

If you want to tell the Washington Post that you feel the article did an injustice, you can write to letters@washpost.com. They did not have Ariana Cha's email available on their website, but her email is ariana@intercom.com (from people.yahoo.com).

Point the finger (0)

ZaneMcAuley (266747) | more than 12 years ago | (#2341853)

Just another example of human tendancy of people wanting to blame somebody else. Its all too easy to do that. "It was this , that, him, her. Problem solved... NOT".

Humanity is wonderfull aint it.

Need to thwart lameness filter... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#2341856)

Do you recommend any techniques for thwarting the /. lameness filter? I keep missing the "first post" and your help would be greatly appreciated.

Best Regards,
Anonymous Coward

how far (1)

bool (144199) | more than 12 years ago | (#2341864)

PGP users should rest assured that I would still not acquiesce to any back doors in PGP.

How far are you willing to go for this... jail? What will happen to PGP when it is unlawful to distrbute strong crypto without a back door?

Inappropriately singled out..? (2)

_Mustang (96904) | more than 12 years ago | (#2341865)

Since the NYC tragedy I've found that the media has gone berzerk; losing all ability to provide rational and impartial coverage of the situation.
Despite lacking confirmation from official sources that encryption played a pivotal role and (more worrisome!) despite lacking proof, it seems that the collective mind of the media has fixated on encryption as the reason the terrorists were successfull.

Obviously without the airplane this tragedy could never have happened, yet nobody blames the Wright brothers. Why do you think a double standard is being applied to your work and encryption tools in general- when (like the airplane) the potential for good *far* *far* outweighs any potential for bad?

Worst part of the article "likely used for evil" (0)

Anonymous Coward | more than 12 years ago | (#2341866)

...implying that the terrorists had likely used PGP, when there is no evidence at all that this is the case.

What role should the NSA and the like play? (2, Insightful)

Charles Dodgeson (248492) | more than 12 years ago | (#2341869)

I would like to ask PKZ a question that I have struggled with. Is it appropriate for governments to engage in electronic snooping at all? Is there an appropriate role for organizations like the NSA? If the answer to the first question is "yes", then why should the object of that snooping be limited to only fools too folish to not use something like PGP?


My own position is confused and contradictory. I see personal communication mechanisms and security a force for good. I think that US interests would actually be served if everyone in Central Asia had the ability to communicate privately and securely with anyone they wish to. I also believe that it is a proper part of the job of governments to spy. I have problems reconciling these views.

good and bad guys (0)

Anonymous Coward | more than 12 years ago | (#2341875)

i agree with some opinions here,
there is always a bad party that
abuses thoughts and ideas of others.
and events should not change good
ideas, even like the last one.
i can take a knive and use it to eat
an apple. but i can also use it to
kill people.
cryptography is a method,
and it is no reason.

-zahnd

Question for Mr. Zimmerman (0, Offtopic)

deque_alpha (257777) | more than 12 years ago | (#2341884)

You obviously have quite a bit of experience in influencing legislation and policy in the US. In your opinion, what is the most effecive way for "John Q Public" to help influence public opinion and legislators?

My question for Phillip: (-1)

motherfuckin_spork (446610) | more than 12 years ago | (#2341892)

will you mow my lawn?

no, really... Its a large lawn for suburbia, and I've not had much time to be able to mow it. I would greatly appreciate you assistance in this matter.

-MFS

A question for Phill (1)

n-baxley (103975) | more than 12 years ago | (#2341899)

Are you seaking some sort of remedy from the Post? A retraction, or a chance to submit a rebutal?

Zimmermann should complain to the Post Ombudsman (4, Informative)

regexp (302904) | more than 12 years ago | (#2341918)

Rather than just clarifying his views for the Slashdot audience, Zimmermann should bring this up with the Washington Post's ombudsman. [washingtonpost.com]

Situations like this are pretty much the reason the Post has an ombudsman.

As Zimmermann says, the Washington Post usually takes accuracy very seriously. I'm sure they will give this the attention it deserves.

Owes apology to the victims and their kin (0)

Anonymous Coward | more than 12 years ago | (#2341921)

Zimmerman, the blood of the dead and injured is upon your hands as much as it is on the hands of the suicide bombers. You bear a large part of the responsibilty, and that terrible stain will be upon your hands for the rest of your life. No matter how hard you scrub, the stains of innocent blood will mark you forever.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...