Crypto guru getting blamed for his software.
September 21, 2001 1:26 PM   Subscribe

Crypto guru getting blamed for his software. PGP writer Phil Zimmermann's hate mail goes a little something like this, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." If Phil is guilty of anything so is everyone who has ever used their credit card online, including Mr. Hate Mail.
posted by skallas (23 comments total)
and let's not forget Boeing and the Wright Brothers and whoever it was that started that religion Islam sprung out of, you know, that Jesus fellow.
posted by mattpfeff at 1:33 PM on September 21, 2001

Do the people who make guns cry ever time someone gets shot?
posted by jbou at 1:35 PM on September 21, 2001

Bad analogy. I'd like to see the piece of software which is capable of directly killing someone. Short of sharpening a CD to a razor-edge, I don't think it exists.
posted by darukaru at 1:45 PM on September 21, 2001

So the people who manufacture box cutters need to be crying right about now ? Or should the physical trainer who trained one of the hijackers defensive techniques be crying ?

By the way, whats this talk about a number of hijackers not using their real names and actually stealing identities ?
Why are we seeing names and pictures of innocent people on TV ?
posted by adnanbwp at 1:45 PM on September 21, 2001

What's this talk of hijacking the thread?
posted by darukaru at 1:49 PM on September 21, 2001

The Associated Press today today reports that Skylar has announced a "War on Fuckwits", commencing immediately. "With your violent acts and racist threats against Moslems, Sikhs and Afghanis, you've shown yourselves to be real fuckwits", said Skylar. "And you, the ones who send hate mail to PGP geeks: true fuckwits. You wouldn't know democracy and civilisation if it bit you in the ass."

"There's a poster in the Old West that says...oh well, you know", continued Skylar. "I want to make it clear to all fuckwits, and all who harbour fuckwits: you can run, but you can't hide. We'll smoke you out, folks."
posted by skylar at 2:03 PM on September 21, 2001

In the long run, I suspect that PGP has saved thousands of lives, thanks to its use by human rights campaigners around the world. That kind of value is best measured by those who themselves benefitted from it. Of course, the fuckwit fraternity is too busy working out what bit them on the collective arse to appreciate that.
posted by holgate at 2:06 PM on September 21, 2001

Mohamed, prior to the visit of Gabriel, was not a Christian, mattpfeff. Get your story straight.

On the topic at hand... I think it speaks volumes of Phil that he is saddened by the potentiality that his software played some role at 9.11. It's too bad that people are misdirecting their anger at Phil... stealth communications played a small (albeit important part) in this tragedy. Lunacy, some Boeings, and a lax airspace all played a bigger role.

As for the whole gunmaker analogy... I don't know that it's all that apropos. The makers of the a-bomb have certainly shed a tear or two for their contributions to modern science.
posted by silusGROK at 2:08 PM on September 21, 2001


maybe death induced by seizure? remember pokemon? just make a game that does the same thing.
posted by moz at 2:12 PM on September 21, 2001

I guess he should be glad he never came out with 'Really Good Privacy'.
posted by hellinskira at 2:15 PM on September 21, 2001

Mohamed, prior to the visit of Gabriel, was not a Christian, mattpfeff. Get your story straight.

Doesn't mean that Islam isn't an offshoot of Christianity. Or Zoroastianism, for that matter. Or the desperate human need for someone other than themselves to blame for their own miserable existence...
posted by j.edwards at 2:27 PM on September 21, 2001

Vis: True -- my bad for the vaguery. But Islam still very much reflects a Christian influence; maybe a contrary, reactive one, but a real influence all the same. My point was simply that if you wish to follow these chains far enough back, you can blame anyone.

In greater seriousness, though, there is danger in many things in this world. Car accidents kill thousands of people, but the overall benefit of the automobile is tremendous. Similarly with airplanes and PGP, which, by any estimate, haven't killed nearly as many. We pay a price for many of the things we want; progress has its risks. The world would be a safer place, by some measures, if we were all still primitive farmers and hunter-gatherers with spears and bows, but there would be far fewer of us, living short and mostly unhappy lives.
posted by mattpfeff at 2:27 PM on September 21, 2001

Um, airplanes have killed quite a few people before now, especially the really fast ones with bombs strapped to them... ;-)
posted by zeoslap at 2:33 PM on September 21, 2001

I place the guilt firmly on Abraham and his silly idea that their is only one God.
posted by geoff. at 2:41 PM on September 21, 2001

Um, airplanes have killed quite a few people before now, especially the really fast ones with bombs strapped to them... ;-)

Yeah, but the pilots no doubt drove to the airport....
posted by mattpfeff at 2:49 PM on September 21, 2001

PGP don't kill peopple, people kill people.
posted by campy at 3:26 PM on September 21, 2001

Bad analogy. I'd like to see the piece of software which is capable of directly killing someone.

Software running equipment in an OR...
posted by rushmc at 6:24 PM on September 21, 2001

The makers of the a-bomb have certainly shed a tear or two for their contributions to modern science.

Yes they did.

"I am become death, the destroyer of worlds."
-- The Bhagavad-Gita, quote by Dr. J. Robert Oppenheimer
posted by bjgeiger at 6:44 PM on September 21, 2001

rushmc: Point.
posted by darukaru at 6:45 PM on September 21, 2001

At least one report I read stated that early Internet-based evidence tied to the suspected hijackers indicated that they did not use PGP. The e-mails which have been recovered were completely unencrypted and seemingly innocuous conversations.

It's possible that some have simply jumped to the incorrect conclusion that the conspiracy was carried out via e-mail and PGP.
posted by khisel at 8:42 PM on September 21, 2001

The e-mails which have been recovered were completely unencrypted and seemingly innocuous conversations

This fits in with the prevailing theme of a lot of other reports that they didn't do a lot to mask identity, although I have seen that some identity theft has taken place.

To get back on point, I am really conflicted on how to react to this story. One part of me sympathizes with Zimmerman, another part of me is angry that this Pandora's Box may have been open. I think there's a lot of other people out there that are in the same boat.
posted by PeteyStock at 10:20 PM on September 21, 2001

Encryption is readily available for anyone who wants to use it. Making laws against the use of cryptography by law-abiding citizens who merely want to keep their personal thoughts or their credit card numbers a secret will do nothing for people who wish to use cryptography for illicit purposes. This is like gun laws - we can restrict the use of firearms by innocent people until we're blue in the face, but it will never stop criminals from obtaining firearms.

If we restrict the use of strong encryption to government agencies and criminals, the only thing we will accomplish is a weakening of computer security for those commercial institutions who rely on such methods to keep their customers' data safe.

For all we know, the encryption that Bin Laden uses for his couriered disks is NOT PGP, but some other kind. Either way, the U.S. cannot control world encryption. If nice young Americans are not writing free crypto software, then it will be nice young Germans or nice young Australians or nice young Middle Easterners writing and distributing the software.

If we can't stop people from downloading cracked warez off the internet, how do we expect to stop people from distributing crypto?

This all makes people angry because it is likely that the terrorists used US weapons, US training, US crypto, US security loopholes, and US money to carry out their operations. It's a kick in the face. It would STILL be a kick in the face if the terrorists used Soviet weapons, British training, German crypto, French money, and US security loopholes to carry out the attacks - but not nearly as much of one.
posted by xyzzy at 9:18 AM on September 24, 2001

Here is a letter from Philip Zimmerman that he forwarded to his employees (one of whom is a friend of mine):

No Regrets About Developing PGP

The Friday September 21st Washington Post carried an article by
Ariana Cha that I feel misrepresents my views on the role of PGP
encryption software in the September 11th terrorist attacks. She
interviewed me on Monday September 17th, and we talked about how I
felt about the possibility that the terrorists might have used PGP in
planning their attack. The article states that as the inventor of
PGP, I was "overwhelmed with feelings of guilt". I never implied
that in the interview, and specifically went out of my way to
emphasize to her that that was not the case, and made her repeat back
to me this point so that she would not get it wrong in the article.
This misrepresentation is serious, because it implies that
under the duress of terrorism I have changed my principles on the
importance of cryptography for protecting privacy and civil liberties
in the information age.

Because of the political sensitivity of how my views were to be
expressed, Ms. Cha read to me most of the article by phone before she
submitted it to her editors, and the article had no such statement or
implication when she read it to me. The article that appeared in the
Post was significantly shorter than the original, and had the
abovementioned crucial change in wording. I can only speculate that
her editors must have taken some inappropriate liberties in
abbreviating my feelings to such an inaccurate soundbite.

In the interview six days after the attack, we talked about the fact
that I had cried over the heartbreaking tragedy, as everyone else
did. But the tears were not because of guilt over the fact that I
developed PGP, they were over the human tragedy of it all. I also
told her about some hate mail I received that blamed me for
developing a technology that could be used by terrorists. I told her
that I felt bad about the possibility of terrorists using PGP, but
that I also felt that this was outweighed by the fact that PGP was a
tool for human rights around the world, which was my original intent
in developing it ten years ago. It appears that this nuance of
reasoning was lost on someone at the Washington Post. I imagine this
may be caused by this newspaper's staff being stretched to their
limits last week.

In these emotional times, we in the crypto community find ourselves
having to defend our technology from well-intentioned but misguided
efforts by politicians to impose new regulations on the use of strong
cryptography. I do not want to give ammunition to these efforts by
appearing to cave in on my principles. I think the article correctly
showed that I'm not an ideologue when faced with a tragedy of this
magnitude. Did I re-examine my principles in the wake of this
tragedy? Of course I did. But the outcome of this re-examination
was the same as it was during the years of public debate, that strong
cryptography does more good for a democratic society than harm, even
if it can be used by terrorists. Read my lips: I have no regrets
about developing PGP.

The question of whether strong cryptography should be restricted by
the government was debated all through the 1990's. This debate had
the participation of the White House, the NSA, the FBI, the courts,
the Congress, the computer industry, civilian academia, and the
press. This debate fully took into account the question of
terrorists using strong crypto, and in fact, that was one of the core
issues of the debate. Nonetheless, society's collective decision
(over the FBI's objections) was that on the whole, we would be better
off with strong crypto, unencumbered with government back doors. The
export controls were lifted and no domestic controls were imposed. I
feel this was a good decision, because we took the time and had such
broad expert participation. Under the present emotional pressure, if
we make a rash decision to reverse such a careful decision, it will
only lead to terrible mistakes that will not only hurt our democracy,
but will also increase the vulnerability of our national information

PGP users should rest assured that I would still not acquiesce to any
back doors in PGP.

It is noteworthy that I had only received a single piece of hate mail
on this subject. Because of all the press interviews I was dealing
with, I did not have time to quietly compose a carefully worded reply
to the hate mail, so I did not send a reply at all. After the article
appeared, I received hundreds of supportive emails, flooding in at two
or three per minute on the day of the article.

I have always enjoyed good relations with the press over the past
decade, especially with the Washington Post. I'm sure they will get
it right next time.

The article in question appears at

-Philip Zimmermann
24 September 2001
(This letter may be widely circulated)

posted by elvissinatra at 7:21 PM on September 24, 2001

« Older Fundamentalism Reaches Fever Point on U.S. Soil.   |   online reality games go straight to the gutter Newer »

This thread has been archived and is closed to new comments