Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: PGP

Was Zimmerman Guilty?

In an attempt to bring RSA encryption-level security to the masses, Zimmerman released Pretty Good Privacy(PGP). But in his attempt to do so, Zimmerman had one large issue: The FBI had taken notice of his activities and were frightened. They were frightened because they believed that they would not longer be able to wiretap criminals and bring them to justice in Zimmermans’s attempt to bring NSA-proof security to the masses. Zimmer eventually published the PGP onto the internet through a friend, which the FBI deemed as “exporting munitions” because a foreign government or hostile power could have easily accessed it. This remains problematic for a number of reasons, but ultimately Zimmerman was wrong in publishing software on the internet because he did so with the intent to deceive the US government and provide top grade security for all, law-abiding citizens and criminals alike.

When anyone publishes anything on the internet, they should be able to face the consequences of their action. We’ve seen in the present how past videos or texts can come back to derail an established politician’s career. Anything posted on the web never truly disappears, and people need to be aware of this fact. Critics state that because Zimmer hadn’t actually sent the software to a foreign government, he shouldn’t have been pursued by the FBI; but the fact remains, Zimmerman published his work in an attempt to deceive the US government. And in fact, another more compelling argument remains: if country A sells weapons to country B, and country B is currently engaged in a genocide and A is aware of this fact, then Country A is at least partially to blame for providing the tools with which that genocide occurs. A key component of this argument is that those who provide the tools must know that their tools can and will be used to enact harm, and Zimmerman certainly fell true to this.

In all, this question is one that is difficult to answer, but if cryptanalysts publish software that has circumvented the government’s wished and that they know will be used for harm, such as Zimmerman, then such cryptanalysts are at least partially responsible for the consequences that ensue.

Unintentional Facilitation Is Not Complicity

When Phil Zimmerman made PGP available to the world, he gave everyone with a computer access to secure and private communication with anyone else with a computer. His goal in doing this was to give the public a way to communicate with the assurance that the contents of their messages were private, an assurance that had not been available since advancements in surveillance technology such as hidden microphones and wiretapping had been introduced. His goal was not to facilitate the dealings of criminals and terrorists, his interests were in the privacy of normal people who just wanted secure and private communication.

Of course, whether it was his intention or not, there’s no denying that PGP was used by criminals and terrorists and whoever else had nefarious intentions that they wanted to hide from authorities. Just because facilitating these people wasn’t Zimmerman’s intention doesn’t mean that it didn’t happen, but it seems unfair to place the blame for these people’s actions on him. Just as we can’t blame the hardware store that sold the crowbar to the burglar who used it to break into someone’s house, or the winter apparel store who sold him the gloves and ski mask he used to hide his identity, we can’t blame the maker of a technology when that technology is used for harm. If the burglar from our metaphor also used a silenced pistol he bought from the black market in his heist, that’s different. The black market arms dealer who sold him the weapon had no illusions as to its intended purpose. He knew it would be used for a crime, and sold it nonetheless. Therefore, that arms dealer deserves to be charged with aiding and abetting the crime. In this analogy, PGP more closely resembles the crowbar and gloves and ski mask than the gun. Zimmerman didn’t put PGP onto the internet to aid criminals, he did it to protect people’s privacy. The hardware store owner knows that crowbars can be used for breaking and entering, but that’s not why she sells crowbars, and she shouldn’t be charged with assisting the burglar. Zimmerman probably knew that PGP could be used by criminals, but that’s not why he published it, and he shouldn’t be charged with assisting those criminals.

The Question of Accountability

On page 315, Singh writes that Zimmerman, through a friend, “simply installed [PGP] on an American computer, which happened to be connected to the Internet. After that, a hostile regime may or may not have downloaded it.”  Although Zimmerman’s actions possibly enabled criminals to gain access to better encryption, he should not be held accountable for what they do with it.  For one, his intention when releasing PGP to the public was simply to provide average citizens the ability to exercise their right to privacy.  He did not upload it with the goal of helping criminals and terrorists, so there is no reason he should be held accountable if such groups choose to abuse the software.

Singh brings up an important point in this debate when he compares the release of PGP to the sale of gloves.  The purpose of gloves is to protect your hands from hazardous environments, and that is what most people use them for.  However, they can also be used by criminals to cover up their fingerprints.  Therefore, gloves can hinder a police investigation of a case when they are abused by a criminal, yet you don’t hear people saying that the inventor of gloves should be held accountable for this.  The same concept applies to PGP.  The creator of the program is not to blame for its misuse by a select few.  The only person who should be held accountable for a crime is the person who committed it.

Intent – What’s the Big Deal?

I do not believe that anyone should be held accountable for the actions of others if they choose to make their software public. Before I explain why, I want to open with this opinion being contingent on one caveat: intent. Unfortunately, intent can be hard to quantify, but I will preface this condition with an example to at least attempt to unpack what I mean by intent.

I believe that if one lives in the United States, whether he or she agrees with the current circumstances or not, the actions taken by that individual should not intentionally inflict harm. They can protest, organize groups, and lobby for change, but the actions taken should and cannotIntent bring harm to others intentionally. Everything can be abused, but the original intent is what is so important to keep in mind. So, for instance, if someone develops a software that could breach the encryption of the NSA and then they distribute the software to terrorist organizations or other countries, they are committing treason. The intent was to breach the NSA and to do harm to the national security of the United States; that was the goal from the beginning.

This is what distinguishes the difference between the actions of someone with ulterior motives and those of PGP. My ultimate impression of the circumstance was adequate summed up when Singh stated that the software of PGP was “so secure that it frightened the Feds” (Singh 314). I feel that the charges brought upon Zimmermann had nothing to do with his intended actions and more to do with the threat he and his software posed. Furthermore, I do not agree with anyone being held accountable because “if you don’t do it, someone else will.” Again, simply look to the case of PGP. The second Zimmerman was unable to continue the development, “engineers in Europe began to rebuild PGP” (Singh 314). In most circumstances, the ball will continue to roll forward. Governments can attempt to ban as much as they want, but someone, somewhere else, will do it.

Digital Encyption: Modern Day’s Most Important Luxuries

Strong public encryption greatly benefits the general public. The ability to send all your messages with the knowledge that it is secure and will only be read by the recipient is a modern day luxury. One of the arguments against strong encryption points out that if you don’t have any secrets to hide then your should feel safe sending your emails without encryption. However, a intangible benefit of encryption is that feeling of security. If we knew that all our messages, actions, and conversations were watched by the government or some stranger, we would not feel comfortable to speak our minds and act on behalf of  our own identity. We would feel the need to create an identity that performs actions and sends messages that are compliant with the rules. Free speech is obstructed without strong internet encryption. Singh’s book mentioned how Zimmermann received many thank yous for posting PGP because they were now able to “create resistance groups in Burma.”

Secondly, if strong encryption was cut off from the public, would society be more safe. The government would like to argue that more criminals and terrorists would be caught without encryption techniques, but without any protection of the general public’s data, a lot more havoc will happen to more people. Digit information is the most important part of our lives, and if it was all unprotected, it would be the equivalent of leaving all your doors and windows of your house open while you are away. We need strong encryption for our safety and privacy, the government has to catch criminals without hurting everyone else.

 

Privacy Rules

The government should not be given free reign to use electronic surveillance for “national security” when compromising the privacy of citizens. I understand that the government would compromise privacy in the best interests of the state; however, the efficiency of the system for trying to find criminals using electronic surveillance is lacking. Little Brother gives us an example at the inefficiencies of searching for criminals by brute force. If they want to find criminals who are attempting to use security systems like Zimmermann’s “Pretty Good Privacy” (PGP), they need to know who and where to survey because only by making smart and educated decisions on who to check based on previous records will the government have a good chance at finding these criminals/terrorists.

Instead of prosecuting Zimmermann, the government should have used the benefits of PGP. By informing all normal, law-abiding citizens of PGP, they could have shown everyone how to use this security for their own electronic safety. If everybody had PGP to prevent others from reading their information, not only would the government have trouble seeing it, but also would internet criminals trying to steal their credit card/personal information. Some might think giving everyone the ability the secure their information would give criminals an easy way to avoid being caught by the government. However, even if the government didn’t allow this type of security and heavily surveyed electronic usage, criminals and terrorists would still find new ways to stay under the radar and will still be able to commit crimes. The heavy electronic surveillance and a strict ban on types of security such as PGP would only give the criminals the ability to stay private. This is similar to the debate on the Second Amendment on the right to bear arms. Making guns and other arms illegal only take them away from law-abiding citizens while the criminals still get them illegally.

Allowing privacy for the individuals helps the average citizen because their basic rights are maintained while helping them keep private from hackers and criminals. Compromising this basic right only gives the criminals the ability to work without being under the governmental surveillance. To prevent criminal acts or terrorist attacks, other measures should be made instead of taking away the people’s privacy.

 

Diego Torres Silvestre, 2005

Diego Torres Silvestre, 2005. Wikimedia, Creative commons.

 

 

Powered by WordPress & Theme by Anders Norén