It’s an unexpectedly warm day and the sky is an optimistic blue, a relaxing backdrop for a lunchtime chat with Phil Zimmermann, a man once described as being (and we paraphrase) ‘a grave threat to US national security’.
It is on placid days like this that all seems right with the world. But when better to talk to a man who has made a career out of persuading people to look a little more carefully at the apparent calm around them?
The overbearing mien of the Bush administration, the corrosive effect of easy money on 1990’s America, the threat posed by surveillance technologies, the importance of putting encryption software in the hands of ordinary citizens; Zimmermann is too relaxed to count as an outright pessimist, but talking to him means coming face-to-face with a troubled take on events.
“Moore’s law is the biggest threat to privacy,” he chides, before going on to explain how increases in processing power are enabling the development of surveillance systems powerful enough to keep tabs on the physical movement of citizens.
“The human population does not double every eighteen months, but the ability for computers to keep track of us has. When you put all that growing processing power behind the surveillance infrastructure, it becomes possible for someone to become all-seeing. That gives me the willies.”
After expanding on the ways in which he feels the current US administration might use technology to erode civil liberties, he points out that it is in the UK that the love of the public surveillance camera has reached its apogee. At least the UK can claim to be leading edge in one area of technology then.
“Before 9/11, it was mostly the blind force of Moore's law that let us drift toward that future. But post 9/11, there is now public policy accelerating and guiding this blind force,” he says.
Twenty square miles surrounded by reality
Phil Zimmermann, now 49, made his name writing a freeware desktop encryption program called Pretty Good Privacy (PGP), which first appeared in 1991. By 1993, he was in trouble with the authorities, which saw Zimmermann’s program as handing a subversive tool to criminals or, according to the misplaced paranoia of the time, foreign governments.
Where once the US National Security Agency (NSA) and FBI had been the only bodies with access to such technology, suddenly it was possible for PC users around the globe to use something as trivial as a computer program to secure email from prying eyes – including the government itself.
Another government technology monopoly had been trashed in the style of the PC revolution, and Zimmermann found himself facing the threat of imprisonment for his trouble. By the time the government decided to concede defeat in 1996 (he doubts the case would be dropped so easily today), Zimmermann had been hardened by adversity. “I had the instincts of a criminal defence lawyer, he says, affording himself a smile before hitting a note of affected magnanimity “To their credit, the US government did come around after several years of struggle.”
The following year, Zimmermann sold PGP to Network Associates where the program languished until sold on in 2002 to a startup company, PGP Corporation (for which Zimmermann is an ‘advisor’). He is diplomatic about his time at Network Associates but unenthusiastic about the company’s sales culture at that time.
On the plus side, he had planted the idea of message encryption into the consciousness of computer users, and become the dissident hero US computing counter-culture had been looking for ever since Steve Wozniak sloped off from Apple.
“I designed PGP to be used by power users. It was intended to be used by people whose life depended on it,” says Zimmermann, by way of admitting the program was not particularly easy to use. Despite evolving over the years, the ‘difficult to use’ tag has stuck like superglue to desktop encryption software. Today’s users are much the same sorts of people who would have used it when it first appeared, namely techies, civil liberties advocates, political dissidents, and the incurably paranoid.
“It's not just a matter of a better GUI. It's a matter of asking the user to have to learn too many abstract concepts such as PKI, key certification, trust models, certificate authorities, trusted introducers,” says Zimmermann. “Now that PGP Universal is out [from PGP Corporation], this may change, because now it's finally possible to allow everyone in an enterprise to use public key crypto without learning about any of these concepts. It's all done invisibly at the email proxy.”
Into the Valley
Zimmermann moved some years ago from the onetime hippie sanctuary of Boulder (“20 square miles surrounded by reality” they called it before the armies of Jeep Cherokees arrived) to the blander cubicle world of Silicon Valley, and at first you wonder how he could stand such a change. But even in its current low state the Valley is still a sanctuary of a sort, holding at bay the disillusioned neurosis that technology no longer matters because it’s suddenly become harder to make money.
From there he runs his own one-man consultancy, and his name turns up on the boards of the odd security company, about as near as tech gets to letting its big names become avuncular. “There are plenty of companies out there that need help applying crypto to solve their problems, and some of them call me to help them do it. That pays the bills while I keep my hand in the public policy areas of privacy and crypto.”
A decade on, what is the legacy of Zimmermann’s battle with the NSA and FBI? Does it matter that an engineer won the right to send his software program around the world – does message encryption technology really matter if nobody much is actually using it?
After the hiatus of the US tech bubble, which stopped development in its tracks, arguably the answer is a modest ‘yes’. A handful of companies are developing the technology in earnest, spurred on by the increasing regulatory and management demand for corporate confidentiality. It should become much easier to use, more of a business staple. Beyond the business sphere people may end up using it without realising they are doing so. Encryption could become an invisible friend by stealth, the least remarked on about technology roll-out in software history.
Zimmermann has also retained his status as the first computer geek to stare down the world’s most powerful government. That’s something the historians will note even if today’s generation of tech-saturated users has barely noticed.
A happy ending you’d think. But recent events have added an unexpected twist that must make Zimmermann uncomfortable at some level. It’s the issue he must presumably face in every interview he now does so you hesitate to broach it. Does it worry you that terrorists might use crypto technology to hide their intentions from security services?
This is really just a variation on the argument that the US government tried to use to stop PGP’s dissemination - that criminals might use PGP to communicate with impunity - but criminality is somehow less worrisome than the mayhem of the religious maniac.
“Of course I worry. But I don't see how to keep this away from criminals without keeping it away from the rest of society. Terrorists can use other technologies, even military technologies such as GPS receivers, to guide their weapons to their targets. But no one suggests that the rest of our economy be deprived of GPS to keep it out of the hands of terrorists. GPS is merely a technology of convenience - encryption is that and it helps strengthen democratic institutions too. Privacy is a necessary part of freedom.”
He is right, however the odd government insider may be tempted to say ‘I told you so’. Technology can always be turned on its creators, no matter what, and can always be used for purposes that its creators couldn’t foresee. It’s tempting to mention an even better defence – that the average terrorist would struggle to use PGP anyway.
As ever, Zimmermann happily takes the conversation back to bigger issues. Technology is important but it is merely a convenient set of tools to help with the bigger play. “When I travelled around Europe in the week after the attack on the World Trade Centre there was immense goodwill. That has now been squandered.”
*This interview was conducted in person and by email.
Find your next job with techworld jobs