It wasn’t always so popular to stand up for the rights of regular people to keep their communications private from the prying eyes of governments.
In 2016, the computing and smartphone giant Apple is winning both praise and criticism for refusing a request by the FBI and resisting an order from the federal judge to break into an iPhone used by one of the attackers in last year’s terrorist shooting in San Bernardino.
Twenty-five years ago, few people knew anything about encryption, the act of using math to render communications like email and text messages unreadable except by the person for whom they’re intended. If they did they likely couldn’t foresee a future where it would be embedded into the very fabric of an increasingly digital-dependent society.
Phil Zimmermann did. In 1991 he created the software program PGP. It stood for “Pretty Good Privacy” and its existence and availability on the Internet sparked a three-year federal criminal investigation during which he faced the real possibility of federal prosecution because the software ended up being distributed on the Internet, and in the hands of someone outside the U.S. “Strong encryption for regular people didn’t exist,” he said, and what encryption technology did exist wasn’t very strong.
I met Zimmermann last week for breakfast in Hannover, Germany, ahead of our onstage interview at the CeBit technology conference. (You can see a video of that interview below.) He created PGP, he said, as a human rights project, a way to help political activists and dissidents around the world communicate securely via the Internet without fear that their governments could listen in.
The export of strong encryption software was regulated along with guns and bombs. Uploading PGP to the Internet where anyone could obtain it, the legal theory went, ran against those regulations. Zimmermann pressed his case in an interesting way. Federal export regulations don’t apply to words on a printed page. In 1995 MIT Press published Zimmermann’s “PGP Source Code and Internals” as a book that would allow anyone with the know-how the ability to recreate the software. The investigation ended in 1996 with no charges filed against Zimmermann or anyone else.
It’s perhaps no surprise that Zimmermann supports Apple’s position in its scrap with the FBI. The importance of the debate lies not with a single phone that may or may not contain useful information about a dead terrorist. It’s about what happens next if the software the FBI wants is created. “This idea of modifying the operating system to defeat the protections is a bad one,” he said. “Once created it would be used again and again by other governments around the world.” And some of those governments are essentially organized criminal enterprises, he said.
Anyone with a human heart wishes there were a more equitable solution between the extremes that Apple and the FBI have laid out. The families of the San Bernardino victims and indeed the nation deserve to know as much as possible about last December’s shootings. President Obama has argued several times — including in a 2015 interview with Re/code — that while he supports civil liberties he’s also sympathetic to the needs of law enforcement and hopes some “middle ground” can be found.
It doesn’t exist, Zimmerman said. “It’s easy to say you’re for a middle ground. But the mathematics of cryptography quickly make that middle ground disappear.” There’s no way — no mathematically certain way — to ensure that any back door created for use by the good guys of law enforcement, no matter how well that door is protected and obfuscated, wouldn’t one day be found and cracked open by the bad guys.
Back doors have been tried before. At about the same time Zimmermann created PGP, the Clinton administration proposed its own encryption technology called “The Clipper Chip.” Essentially, electronics companies using encryption technology of any kind would have been required to use a government-mandated chip that would give law enforcement agencies a master key to break the encryption. Those keys would be held by the government “in escrow.” As Zimmermann wrote then, “The Government hopes that the American public will accept this government-controlled cryptography, and is trying to discourage other forms of cryptography that they do not control.”
The facts were not on the government’s side then and they are not on its side now. Security researchers like Matt Blaze proved that key escrow was fundamentally flawed. Even the retired director of the CIA and NSA Michael Hayden agrees that government-sanctioned back doors are a “bad idea.” Emotions are on the government’s side as presidential candidates such as Donald Trump and Ted Cruz have argued that Apple should comply with the court order. Hillary Clinton has called the argument the “worst dilemma ever.”
Today Zimmermann is the chief scientist of Silent Circle, a software company that builds secure messaging apps for the iPhone and Android as well as an Android-based phone called the Blackphone that the company claims is secure. Both he and the company are based in Switzerland. “The laws there,” he said, “are a lot more friendly to encryption and to personal privacy.”
Here’s a video of our conversation onstage at CeBit.
This article originally appeared on Recode.net.