Like most people online I depend upon my e-mail for communication and like most of these people I value my privacy. Unfortunately e-mail is also one of the most insecure methods of communication currently in use in the world; consider that every computer through which a piece of e-mail can pass is a point at which one or more people can read it. Those people include system administrators, anyone with a warrant to access those systems and anyone who can hack any of the systems along the mail route. It is probably quite likely that, with the exception of those people who have already (for whatever reason) attracted the attention of law enforcement agencies, most people's e-mail would not be specifically sought out. However, it would not be difficult for an unscrupulous person or group with access to one of the systems along the mail route to use a computer program to scan for keywords or interesting information, this could include such things potential blackmail material and credit card details.
Consequently the protection offered by the PGP public encryption software is of great benefit and value to all computer users. Though a great many still refrain from using it, despite the ease with which it can be integrated into most operating systems and e-mail programs. Some people refrain from using current versions (6.0.2 for American users and 5.5.3i for non-US users, Canadians get the option of using either the American or International versions) because they believe the old urban legend, which I recall circulated when I first used PGP in 1995, that every version after 2.3a had special "back door" which would allow US agencies, like the NSA, to decrypt any PGP-encrypted messages. I'll let Phil Zimmermann, the original author of PGP, field this matter:
"Since I first developed and released PGP for free in 1991, I spent three years under criminal investigation by United States Customs for PGP?s spread overseas, with risk of criminal prosecution and years of imprisonment. By the way, you didn?t see the government getting upset about other cryptographic software-it?s PGP that really set them off. What does that tell you about the strength of PGP? I have earned my reputation on the cryptographic integrity of my products. I will not betray my commitment to our right to privacy, for which I have risked my freedom. I?m not about to allow a product with my name on it to have any secret back doors."Considering that PGP is still just as highly regarded, if not more so, as it was back in 1995 when I first heard that urban legend about the "back door" (in relation to version 2.6.2, which was the most recent version at the time) I'm inclined to regard the urban legend as little more than that. Clearly, though, it has had an impact on the acceptance of subsequent releases of PGP if Mr. Zimmermann felt it necessary to deal with the issue in the user's manual. As for the improving strenth of PGP over the years, well, there's this little gem:
-- Phil Zimmermann, PGP for Personal Privacy (version 5.5) User's Guide, p. 123
?If all the personal computers in the world-260 million-were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message.?Not something they'd often admit to and it certainly backs up Mr. Zimmermann's claims regarding the US government and NSA responses to the initial release of PGP in 1991 and subsequent releases since then. Given these claims and countless stories of PGP (including the one regarding the arranging of safe passage with the aid of PGP for refugees attempting to escape ethnic cleansing pogroms during the Croatian-Bosnian conflict in Yugoslavia in the early 1990's) use over the years it would not be difficult to see why people claim that PGP is the strongest public encryption freeware available.
-- William Crowell, Deputy Director, National Security Agency, March 20, 1997.
I should add my voice (or, at least, words) to the world wide chorus of thanks to Phil Zimmermann for having the intelligence, guts and integrity to create and maintain the PGP public encryption software. This thanks, of course, is extended to the vast group of people who have dedicated so much of their time to compiling and recompiling PGPi from original PGP source code outside of the United States, without them there would be no international version except for the old (maybe-legal) copies of version 2.3a (assuming it can still be located at all).
PGP makes online privacy a possibility and the
value of this is priceless, despite the opposition which public encryption
currently faces from world government organisations (especially those of
the United States). Despite the opposition to publicly available
encryption software, especially by those using the argument of how it may
aid drug dealers and other operators within the black markets of the world,
one should consider the other side of personal privacy. Again I refer
to the words of Phil Zimmermann as part of the response to this opposition and he
does have a somewhat unique perspective since he literally risked his freedom
in order to provide the rest of us with the possibility of real privacy.
Though he refers to the US Bill of Rights in regards to the right to privacy,
those of us who aren't US citizens can always turn to Article 12 of the
Universal
Declaration of Human Rights instead.
PRIMARY PGP SITES
Philip R. Zimmermann
Pretty Good Privacy
Pretty Good Privacy
International
MY PGP KEYS
My DH/DSS public key is here
and my RSA public key is here.
Copyright © Benjamin D. McGinnes,
1998
Copyright © Benjamin D. McGinnes, 1998-2004