For most of us the name Phil Zimmermann doesn’t ring a bell. But it was his software and legal battles stemming from creating it that saved the country from the overreach of government’s desire to ban encryption all together in the 1990s. Few know about his story and why it affects all of us. The cryptographer grew up in New Jersey. He graduated from Florida Atlantic University with a Bachelors of Science degree in computer science in 1978. He started his career as a software engineer and military policy analyst through the 1980s before he would create what he is known for now.
Inventing Pretty Good Privacy
Before Mr. Zimmermann created his encryption software, Pretty Good Privacy, the average computer user did not have access to high quality encryption software to keep their communications private. He felt the average citizen should have the right for there communications not to be public when transferring over the internet. He stepped up to the task and in 1991, he debuted his creation, PGP. Now users could encrypt and decrypt e-mails, folders, files or whole computer disks with free software.
PGP uses hashing, data compression, symmetric-key and public-key cryptography. Each user creates a password, private key and public key. After your keys are generated by the software, you exchange your generated public key with another user. That user can take your public key and encrypt a file with it. They can now send the encrypted file to you in where you unencrypt the file with your private key and password. Without you password and private key, the file cannot be decrypted.
You don’t have to distrust the government to want to use cryptography. Your business can be wiretapped by business rivals, organized crime, or foreign governments.Phil Zimmermann
Arms Export Control Act Investigation
For his trouble he became the target of a three year criminal investigation for using the RSA algorithm in his software. The United States Customs Service alleged he violated the Arms Export Control Act. The government considered cryptography software as munition. The crux was PGP as an export was not allowed then and Mr. Zimmermann had reportedly been hosting the source code to his software on public FTP servers for others to download. Zimmermann denied ever uploading the software to the internet.
Lawyering up and bringing in the media
Knowing he was in trouble, Zimmermann hired a team of lawyers. As many attorneys could see this was an important 5th amendment issue, some were quite willing to provide their services, pro bono. Help he desperately needed, however, he knew he needed more. Against the advice of his legal counsel, he employed the media. Zimmermann did interviews, explaining the importance of his technology and the case. Nearly all media pieces on him were in a positive light. With the media at his back, and his legal team geared up for litigation, he could see possible victory in sight. It paid off. The government dropped the case without any indictment but offering no reason for dismissal. Rumors had it that the government didn’t want him to become a martyr.
Now that he was in the clear, Zimmermann went on to make the software even more widely available by setting up a corporation called PGP, Inc. Though it was bought out multiple times, it was his hard work with these corporations that helped PGP to become a open source protocol in RFC 4800 in 2007.
Hero or Enabler
Zimmermann’s perseverance in protecting PGP helped keep encryption available to everyone today. Many ask, is he a hero or enabler? Some see him as a stringent Constitutionalist fighting for privacy rights through technology. Hailed by privacy advocates, civil liberties, and computer professionals. Others look at him as an enabler. Through his encryption, bad actors can use his software as a means to conceal their illegal activity. So what is the consensus?
“[Phil is] an apparently unformidable gnome on a tight budget (who) now terrifies a security monolith which required half a century, uncounted billions of dollars and the collective IQs of a few thousand geniuses to develop.”John Perry Barlow, EFF
Enough time has come and gone and the public jury is back. Mr. Zimmermann has been recognized numerous times for his humanitarian work. In 2003, he was included into the Heinz Nixdorf Museums Forum Wall of Fame. He was inducted into the CRN Industry Hall of Fame in 2001. In 2000, he was named Top 10 Innovators in E-Business. He received the Louis Brandeis Award from Privacy International in 1999. In 1998, he was awarded the Lifetime Achievement Award from Secure Computing Magazine. He received the Norbert Wiener Award from Computer Professionals for Social Responsibility for promoting the responsible use of technology in 1996. In 1995, he received the Chrysler Award for Innovation In Design and the Pioneer Award from Electronic Frontier Foundation. He was also named “Net 50” in Newsweek.
For that, I honor and thank Mr. Zimmerman for his significant contribution to digital privacy.