June 6 marked 30 years of the making of Pretty Good Privacy, the first consumer encryption software to provide the option of signing, encrypting and decrypting texts, emails, files, directories and entire hard disks.
Encryption is a process that uses cryptography to convert plain text communications to cipher (secret) text. For generations, people across the world used code to communicate living under totalitarian governments and fascist governments.
Pretty Good Privacy was developed by American computer scientist Phil Zimmermann and uploaded to the internet in 1991 and used advancements in public key encryption methodologies made by Diffe-Hellman and Rivest-Shamir-Adleman. This act of uploading Pretty Good Privacy encryption software to the internet made Zimmermann a target of investigation under the United States Arms Export Control Act and set in motion what is widely known as Crypto Wars.
Evolution of encryption
For minorities and humanitarian organisations vulnerable to state persecutions, encryption is an especially important tool. Over the three decades after Zimmermann made Pretty Good Privacy, people in the human rights sector used encryption to save lives. But it is not just vulnerable, everyone has something or other to hide from their friends, family and especially the government that can potentially listen to every communication.
Knowledge around encryption or rather cryptography was controlled heavily by United States National Security Agency since its creation during World War II. The war itself was won because of important contributions made by the American and British cryptographers in breaking “The Enigma Machine” used by Germans for military communications.
Superiority over cryptography and knowledge to break it using cryptanalysis was important for US and Russian spy agencies during the Cold War era. With the need to protect the secrets of spycraft, cryptography ended up being regulated heavily inside the US and exporting it in any form became an offence equivalent to exporting weapons.
Zimmermann was not the only person trying to promote cryptography for protecting private information. In late 1992, Eric Hughes, Timothy C May and John Gilmore founded a small group of crypto rebels that met monthly at Gilmore’s company Cygnus Solutions in the San Francisco Bay Area.
This group was humorously termed cypherpunks by Jude Milhon, a programmer, civil rights advocate and writer, at one of the first meetings – derived from cipher (secret) and cyberpunk (sci-fi sub-genre).
Eric Hughes further promoted the group’s ideas through Cypherpunks Manifesto in 1993. The manifesto is an important guiding message that explains the need for privacy in an information age and how cypherpunks will protect this by writing code:
We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures and with electronic money. Cypherpunks write code. We know that someone has to write software to defend privacy, and since we cannot get privacy unless we all do, we are going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We do not much care if you do not approve of the software we write. We know that software canmot be destroyed and that a widely dispersed system cannot be shut down— Read part of the Cypherpunks manifesto.
The cypherpunks’ distrust in the government and centralised institutions came from anarchists. Timothy C May articulated this through the Crypto Anarchist Manifesto that he shared to others in the cryptography community at Crypto’88 conference. The manifesto was a call to start using cryptography for communicating anonymously and using it to evade nation states.
The manifesto called for anonymised computer markets, where people can transact anonymously and predicted it would be used by drug dealers, assassins for hire and even extortion, but still asked to not stop spreading crypto anarchy. The current global rush for cryptocurrencies can be traced back to this manifesto and ideas presented here.
After Pretty Good Privacy 1.0 was written by Zimmermann, cypherpunks improved it and started exporting it in different languages across the world. To export Pretty Good Privacy source code without any restrictions from export laws, cypherpunks printed the code on t-shirts and exported t-shirts.
The National Security Agency was more concerned about this act of exporting cryptography across the world. They did not want foreign countries to have the expertise to encrypt their communications which the agency cannot spy on.
Apart from trying to control the spread of Pretty Good Privacy across the world through the internet, the National Security Agency was making it hard for commercial software companies to use cryptography in their software applications. It forced companies to adopt a weaker encryption standard for exports than what they were allowed to offer domestically in the US. This was hurting American business interests including the very company that was providing the encryption algorithms, RSA Security Inc.
Triumph of privacy
Under the Clinton Administration, to appease the American industry and to ensure legal requirements to break encryption for national security are met, the National Security Agency advocated for what was called the clipper chip. The clipper chip was being recommended as an encryption standard to the software companies in the US which can be used for encryption.
The clipper chip would generate a set of cryptographic key-pairs with a “law enforcement access field” that will be stored in an escrow vault by the National Security Agency, which it can use to break encryption when a federal judge gives an order. A backdoor for encryption as a standard, completely devoid of logic for the very need of encryption for people afraid of nation states’ actions.
The clipper chip proposal was a disaster, several researchers pointed out flaws in the design of the protocol allowing people to bypass these provisions made for law enforcement.
The American software industry was also opposing this from a software exports perspective, as no other country would use computers with a backdoor encryption chip with keys with the US government. Several American senators and digital rights organizations like Electronic Frontier Foundation opposed the very idea of clipper chips.
RSA Security Inc went to the extent of issuing ads against clipper chips in the newspapers. In the end, the United States dropped the restrictions on the export of cryptography and the Crypto Wars was won by people who promoted individuals’ right to privacy.
In a globalised world, it was not just the bay area with their cypherpunk mailing lists. Few Indian geeks, programmers too were influenced by the ideas of cypherpunks and created cypherpunks India mailing list in 2001. It was meant for people who were interested in tracking the convergence of cryptography, politics and society in India.
The group did not last long, was later disbanded and was consumed by the mailing list, known as the silk list. But these ideas were renewed and were promoted in the form of Crypto Party across the globe and in India.
These ideas that emerged at the start of the information age in silicon valley were important for the world. These ideas did not emerge from companies that wanted to profit but emerged from countless social groups which questioned the ideas of nation state and understood the importance of privacy in the information age.
These ideas and politics continue to drive discussions across the globe. If you are using any communications app powered by the signal protocol, you should be aware that its creator Moxie MarlinSpike identifies himself as an anarchist. Signal too uses the Diffie-Hellman algorithm used by Pretty Good Privacy for its end to end encryption protocol. The political beliefs of mathematicians, computer scientists, technologists, affect your life in ways that you are probably unaware of.
After these three decades of Pretty Good Privacy and Crypto Wars, Phil Zimmermann asked an important question. Did we really win the Crypto Wars when several nation states are trying to crub and are trying to weaken encryption? He is asking is it time for people to mobilise again to protect encryption? In his own words, the need for this mobilisation is stronger than ever before.
“The need for protecting our right to a private conversation has never been stronger, Phil Zimmermann said. “Many democracies are sliding into populist autocracies. Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can.”
“If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China,” Zimmermann said. “Secure communication is necessary for grassroots political opposition in those societies.”
Srinivas Kodali is a researcher with the Free Software Movement of India.
Reader who want to know more about Crypto Wars and the history of cryptography may consider reading the book Crypto by Steven Levy.