PGP Frequently Asked Questions with Answers

Appendix (I-VI)


Appendix I - PGP add-ons and Related Products
Appendix II - Glossary of Cryptographic Terms
Appendix III - Cypherpunks
Appendix IV - Testimony of Philip Zimmermann to Congress
Appendix V - Announcement of Philip Zimmermann Defense Fund
Appendix VI - A Statement from ViaCrypt Concerning ITAR


========================================================================
Appendix I - PGP add-ons and Related Programs
========================================================================

Due to the enormous size this FAQ has begun to take, I have condensed
this section, using a home-grown format that (I hope) will be easy to
machine-parse into whatever other formats I can manage.

This list is not exhaustive, nor is it even necessarily correct.  Much
of it is lifted from the old FAQ, and, as a result, some of the links
are probably out of date.  Hopefully, I will be able to weed out the
bad links and update this over time; the task was too great for me to
take immediately, however, especially given the pressing need.  I
present it in the hope that it will be helpful.

========
Amiga
========

PGP Mail Integration Project
Author: Peter Simons 
ftp://ftp.uni-kl.de/pub/aminet/comm/mail/PGPMIP.lha
ftp://ftp.uni-kl.de/pub/aminet/comm/mail/PGPMIT.readme

Automatic PGP encryption for mail over UUCP and SMTP.
- -----
PGPAmiga-FrontEnd
Author: Peter Simons 

GUI front end for Amiga PGP.
- -----
StealthPGP 1.0
ftp://ftp.uni-erlangen.de/pub/aminet/util/crypt/StealthPGP1_0.lha

Tool to remove any header stuff from PGP encrypted
messages, to make sure nobody recognizes it as
encrypted text. Source included.
- -----
PGPMore 2.3
ftp://ftp.uni-erlangen.de/pub/aminet/util/crypt/PGPMore2_3.lha

More-like tool which decrypts PGP encrypted blocks
included in the text before displaying them.
Useful for decrypting complete mail folders, etc...

========
Archimedes
========

PGPwimp
Author: Peter Gaunt
ftp://ftp.demon.co.uk/pub/archimedes/

A multi-tasking WIMP front-end for PGP (requires RISC OS 3).  Operates on
files - it has no hooks to allow integration with mailers/newsreaders.
- -----
RNscripts4PGP
Author: pla@sktb.demon.co.uk (Paul L. Allen)
ftp://ftp.demon.co.uk/pub/archimedes/

A collection of scripts and a small BASIC program which integrate PGP
with the ReadNews mailer/newsreader.  Provides encryp, decrypt, sign
signature- check, add key.

========
DOS (Windows utilities are in a separate section)
========

Offline AutoPGP
Author: Stale Schumacher 
ftp://oak.oakland.edu/pub/msdos/security/apgp212.zip
http://www.ifi.uio.no/~staalesc/AutoPGP/

Integrates PGP with QWK and SOUP offline mail readers.
- -----
PGPSort
Author: Stale Schumacher 
ftp://oak.oakland.edu/pub/msdos/security/pgpsort.zip
http://www.ifi.uio.no/~staalesc/PGP/PGPSort.html

Sorts your PGP public keyring.
- -----
HPack
ftp://garbo.uwasa.fi/pc/arcers/hpack79.zip
ftp://garbo.uwasa.fi/pc/doc-soft/hpack79d.zip
ftp://garbo.uwasa.fi/pc/source/hpack79s.zip
ftp://garbo.uwasa.fi/unix/arcers/hpack79src.tar.Z

Archiver program (like ZIP) which integrates PGP.
- -----
Menu
ftp://ghost.dsi.unimi.it/pub/crypt/menu.zip

Menu shell for PGP which uses 4DOS.
- -----
OzPKE
CompuServe: EFFSIG lib 15, OZCIS lib 7, EURFORUM lib 1

Integrates PGP into OzCIS, an automated access program for CompuServe.
- -----
PGP-Front
Author: Walter H. van Holst <121233@student.frg.eur.nl>
ftp://ftp.dsi.unimi.it:/pub/security/crypt/PGP/pgpfront.zip

Interactive shell for PGP; has most functions.
- -----
PGPShell
Author:  James Still 
ftp://oak.oakland.edu/pub/msdos/security/pgpshe33.zip
mailto:still@rintintin.colorado.edu (subject "send shell")

Another PGP shell for DOS.
- -----
PGS
ftp://oak.oakland.edu/pub/msdos/security/

Pretty Good PGP Shell or PGS is a complete shell for Philip Zimmermann's
Pretty Good Privacy (PGP). PGS enables you to do anything that PGP can do
from the commandline from a, easy to use, front-end shell.
- -----
PGPUtils
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgputils.zip

Batch files and PIF files for PGP.
- -----
PC Yarn
Author: Chin Huang 
ftp://oak.oakland.edu/SimTel/msdos/offline/yarn_0xx.zip (xx is version number)

MS-DOS offline mail and news software (using the SOUP packet format)
that can clearsign or encrypt outgoing messages, and decrypt incoming
messages to the CRT, a text file, or a mail folder.

========
MAC
========

========
NeXT
========

CryptorBundle
ftp://ftp.informatik.uni-hamburg.de/pub/comp/platforms/next/Mail/apps/
  CryptorBundle-1.0.NI.b.tar.gz

Integrates PGP into Mail.app.

========
OS/2
========

EPM Macro for PGP
Author: John C. Frickson 
ftp://ftp.gibbon.com/pub/gcp/gcppgp10.zip

Macro for EPM which places a PGP menu in the menu bar.

========
Unix
========

PGPsendmail
ftp://ftp.atnf.csiro.au/pub/people/rgooch/
ftp://ftp.dhp.com/pub/crypto/pgp/PGPsendmail/
ftp://ftp.ox.ac.uk/pub/crypto/pgp/utils/

Automatically encrypts by acting as a wrapper for sendmail.
- -----
PGPTalk
ftp://ftp.ox.ac.uk/src/security/pgptalk.zip

Integrates PGP into ytalk for secure private chatting.
- -----
Emacs Auto-PGP
Author: Ian Jackson 

This is a package for integrating PGP into GNU Emacs.
- -----
Mailcrypt
Author: jsc@mit.edu (Jin S Choi), patl@lcs.mit.edu (Patrick J. LoPresti)
ftp://cag.lcs.mit.edu/pub/patl/mailcrypt/

This is an elisp package for encrypting and decrypting mail.  I wrote this to
provide a single interface to the two most common mail encryption programs,
PGP and RIPEM. You can use either or both in any combination.
- -----
mail-secure.el
Author: Travis J. I. Corcoran (tjic@icd.teradyne.com)
mailto: tjic@icd.teradyne.com

Complement to Mailcrypt which adds some new features.  Requires Mailcrypt.
- -----
PGPPAGER
Author: abottone@minerva1.bull.it (Alessandro Bottonelli)

This program acts as a smart pager for mail, and can automatically
decrypt the body portion of a message if necessary.
- -----
mkpgp
mailto:slutsky@lipschitz.sfasu.edu
  (auto-replies the mkpgp program; use Subject: mkpgp)

Script for integrating pine and PGP.
- -----
PGP Elm
Author: Kenneth H. Cox 
ftp://ftp.viewlogic.com/pub/elm-2.4pl24pgp3.tar.gz

Patched version of elm which is PGP-aware.
- -----
PGP Augmented Messaging (was PGP Enhanced Messaging)
Author: Rick Busdiecker 
ftp://h.gp.cs.cmu.edu/usr/rfb/pem/

Another set of GNU Emacs PGP utilities.

========
VAX/VMS
========

ENCRYPT.COM
Author: joleary@esterh.wm.estec.esa.nl (John O'Leary)

ENCRYPT.COM is a VMS mail script that works fine for
joleary@esterh.wm.estec.esa.nl (John O'Leary)

========
Windows (v3, '95, NT)
========

PGP Help for the Windows Help engine
Author: Jeff Sheets 
http://netaccess.on.ca/~rbarclay/pgp.html

PGP documentation and help in WinHelp format.
- -----
PGPWinFront (PWF)
Author: Ross Barclay 
http://netaccess.on.ca/~rbarclay/index.html
mailto:rbarclay@trentu.ca (put GET PWF in subject)

Windows front end for PGP.  Includes most functions.
- -----
J's Windows PGP Shell (JWPS)
ftp://oak.oakland.edu/pub/msdos/security/

Another Windows front end for PGP.  Supports drag-n-drop, clipboard, etc.
- -----
PGP Windows
ftp://oak.oakland.edu/pub/msdos/security/pgpwin.zip

Still another Windows PGP front end.
- -----
WinPGP(tm)
ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip
http://www.firstnet.net/~cwgeib/welcome.html

Another PGP Windows shell; this one is shareware.
- -----
ZMail Scripts for PGP
Author: Guy Berliner 
ftp://ftp.netcom.com/pub/be/berliner/readme.html
ftp://kaiwan.com/user/mckinnon/pgp4zm.zip

Scripts for integrating PGP with ZMail, a popular graphical mailer.
- -----
Private Idaho
ftp://ftp.eskimo.com/joelm/pidaho21.zip
http://www.eskimo.com/~joelm/

A PGP integration tool for various Windows mailers.  Supports anonymous
remailers.
- -----
S-Tools
Author: Andy Brown 
ftp://mirage.nexor.co.uk/pub/security/steganography/s-tools3.zip

A set of Windows steganography tools.


========================================================================
Appendix II - Glossary of Cryptographic Terms
========================================================================

========
Chosen Plain Text Attack
========

This is the next step up from the Known Plain Text Attack. In this
version, the cryptanalyst can choose what plain text message he wishes
to encrypt and view the results, as opposed to simply taking any old
plain text that he might happen to lay his hands on. If he can recover
the key, he can use it to decode all data encrypted under this key.
This is a much stronger form of attack than known plain text. The
better encryption systems will resist this form of attack.

========
Clipper
========

A chip developed by the United States Government that was to be used
as the standard chip in all encrypted communications. Aside from the
fact that all details of how the Clipper chip work remain classified,
the biggest concern was the fact that it has an acknowledged trap door
in it to allow the government to eavesdrop on anyone using Clipper
provided they first obtained a wiretap warrant. This fact, along with
the fact that it can't be exported from the United States, has led a
number of large corporations to oppose the idea.  Clipper uses an 80
bit key to perform a series of nonlinear transformation on a 64 bit
data block.

========
DES (Data Encryption Standard)
========

A data encryption standard developed by IBM under the auspices of the
United States Government.  It was criticized because the research that
went into the development of the standard remained classified.
Concerns were raised that there might be hidden trap doors in the
logic that would allow the government to break anyone's code if they
wanted to listen in. DES uses a 56 bit key to perform a series of
nonlinear transformation on a 64 bit data block.  Even when it was
first introduced a number of years ago, it was criticized for not
having a long enough key. 56 bits just didn't put it far enough out of
reach of a brute force attack.  Today, with the increasing speed of
hardware and its falling cost, it would be feasible to build a machine
that could crack a 56 bit key in under a day's time. It is not known
if such a machine has really been built, but the fact that it is
feasible tends to weaken the security of DES substantially.

I would like to thank Paul Leyland  for the following
information relating to the cost of building such a DES cracking
machine:

      _Efficient DES Key Search_

      At Crypto 93, Michael Wiener gave a paper with the above title.  He
      showed how a DES key search engine could be built for $1 million which
      can do exhaustive search in 7 hours.  Expected time to find a key from
      a matching pair of 64-bit plaintext and 64-bit ciphertext is 3.5 hours.

      So far as I can tell, the machine is scalable, which implies that a
      $100M machine could find keys every couple of minutes or so.

      The machine is fairly reliable: an error analysis implies that the mean
      time between failure is about 270 keys.

      The final sentence in the abstract is telling: In the light of this
      work, it would be prudent in many applications to use DES in triple-
      encryption mode.

      I only have portions of a virtually illegible FAX copy, so please don't
      ask me for much more detail.  A complete copy of the paper is being
      snailed to me.

      Paul C. Leyland 

Laszlo Baranyi  says that the full paper is available
in PostScript from:

      ftp://ftp.eff.org/pub/crypto/des_key_search.ps
      ftp://cpsr.org/cpsr/crypto/des/des_key_search.ps
      (cpsr.org also makes it available via their Gopher service)

========
EFF (Electronic Frontier Foundation)
========

The Electronic Frontier Foundation (EFF) was founded in July, 1990, to assure
freedom of expression in digital media, with a particular emphasis on
applying the principles embodied in the Constitution and the Bill of Rights
to computer-based communication. For further information, contact:

      Electronic Frontier Foundation
      1001 G St., NW
      Suite 950 East
      Washington, DC 20001
      +1 202 347 5400
      +1 202 393 5509 FAX
      Internet: eff@eff.org

========
IDEA (International Data Encryption Algorithm)
========

Developed in Switzerland and licensed for non-commercial use in PGP.
IDEA uses a 128 bit user supplied key to perform a series of nonlinear
mathematical transformations on a 64 bit data block. Compare the
length of this key with the 56 bits in DES or the 80 bits in Clipper.

========
ITAR (International Traffic in Arms Regulations)
========

ITAR are the regulations covering the exporting of weapons and weapons
related technology from the United States. For some strange reason,
the government claims that data encryption is a weapon and comes under
the ITAR regulations. There is presently a move in Congress to relax
the section of ITAR dealing with cryptographic technology.

========
Known Plain Text Attack
========

A method of attack on a crypto system where the cryptanalyst has
matching copies of plain text, and its encrypted version. With weaker
encryption systems, this can improve the chances of cracking the code
and getting at the plain text of other messages where the plain text
is not known.

========
MD5 (Message Digest Algorithm #5)
========

The message digest algorithm used in PGP is the MD5 Message Digest
Algorithm, placed in the public domain by RSA Data Security, Inc.
MD5's designer, Ronald Rivest, writes this about MD5:

      "It is conjectured that the difficulty of coming up with two messages
      having the same message digest is on the order of 2^64 operations, and
      that the difficulty of coming up with any message having a given
      message digest is on the order of 2^128 operations.  The MD5 algorithm
      has been carefully scrutinized for weaknesses.  It is, however, a
      relatively new algorithm and further security analysis is of course
      justified, as is the case with any new proposal of this sort.  The
      level of security provided by MD5 should be sufficient for implementing
      very high security hybrid digital signature schemes based on MD5 and
      the RSA public-key cryptosystem."

========
MPILIB (Multiple Precision Integer Library)
========

This is the common name for the set of RSA routines used in PGP 2.3a
and previous, as well as the international versions of PGP.  It is
alleged to violate PKP's RSA patent in the USA, but is not otherwise
restricted in usage.  It retains its popularity abroad because it
outperforms RSAREF and has fewer legal restrictions as well.

========
NSA (National Security Agency)
========

The following information is from the sci.crypt FAQ:

The NSA is the official communications security body of the U.S.
government. It was given its charter by President Truman in the early
50's, and has continued research in cryptology till the present. The
NSA is known to be the largest employer of mathematicians in the
world, and is also the largest purchaser of computer hardware in the
world. Governments in general have always been prime employers of
cryptologists. The NSA probably possesses cryptographic expertise many
years ahead of the public state of the art, and can undoubtedly break
many of the systems used in practice; but for reasons of national
security almost all information about the NSA is classified.

========
One Time Pad
========

The one time pad is the ONLY encryption scheme that can be proven to
be absolutely unbreakable! It is used extensively by spies because it
doesn't require any hardware to implement and because of its absolute
security. This algorithm requires the generation of many sets of
matching encryption keys pads. Each pad consists of a number of random
key characters. These key characters are chosen completely at random
using some truly random process. They are NOT generated by any kind of
cryptographic key generator. Each party involved receives matching
sets of pads. Each key character in the pad is used to encrypt one and
only one plain text character, then the key character is never used
again. Any violation of these conditions negates the perfect security
available in the one time pad.

So why don't we use the one time pad all the time? The answer is that
the number of random key pads that need to be generated must be at
least equal to the volume of plain text messages to be encrypted, and
the fact that these key pads must somehow be exchanged ahead of time.
This becomes totally impractical in modern high speed communications
systems.

Among the more famous of the communications links using a one time pad
scheme is the Washington to Moscow hot line.

========
PEM (Privacy Enhanced Mail)
========

The following was taken from the sci.crypt FAQ:

How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]?

Here's one popular method, using the des command:

cat file | compress | des private_key | uuencode | mail

Meanwhile, there is a de jure Internet standard in the works called
PEM (Privacy Enhanced Mail). It is described in RFCs 1421 through
1424. To join the PEM mailing list, contact pem-dev-request@tis.com.
There is a beta version of PEM being tested at the time of this
writing.

There are also two programs available in the public domain for
encrypting mail: PGP and RIPEM. Both are available by FTP. Each has
its own news group: alt.security.pgp and alt.security.ripem. Each has
its own FAQ as well.  PGP is most commonly used outside the USA since
it uses the RSA algorithm without a license and RSA's patent is valid
only (or at least primarily) in the USA.

[ Maintainer's note: The above paragraph is not fully correct, as MIT
  PGP uses RSAREF as well now. ]

RIPEM is most commonly used inside the USA since it uses the RSAREF
which is freely available within the USA but not available for
shipment outside the USA.

Since both programs use a secret key algorithm for encrypting the body
of the message (PGP used IDEA; RIPEM uses DES) and RSA for encrypting
the message key, they should be able to interoperate freely. Although
there have been repeated calls for each to understand the other's
formats and algorithm choices, no interoperation is available at this
time (as far as we know).

========
PGP (Pretty Good Privacy)
========

The program we're discussing.  See question 1.1.

========
PKP (Public Key Partners)
========

A patent holding company that holds many public-key patents, including
(supposedly) the patent on public-key cryptography itself.  Several of
its patents are not believed by some to be valid, including their
patent on RSA (which affects PGP).

========
RIPEM
========

See PEM

========
RSA (Rivest-Shamir-Adleman)
========

RSA is the public key encryption method used in PGP. RSA are the
initials of the developers of the algorithm which was done at taxpayer
expense. The basic security in RSA comes from the fact that, while it
is relatively easy to multiply two huge prime numbers together to
obtain their product, it is computationally difficult to go the
reverse direction: to find the two prime factors of a given composite
number. It is this one-way nature of RSA that allows an encryption key
to be generated and disclosed to the world, and yet not allow a
message to be decrypted.

========
RSAREF
========

This is the free library RSA Data Security, Inc., made available for
the purpose of implementing freeware PEM applications.  It implements
several encryption algorithms, including (among others) RSA.  MIT PGP
uses RSAREF's RSA routines to avoid the alleged patent problems
associated with other versions of PGP.

========
Skipjack
========

See Clipper

========
TEMPEST
========

TEMPEST is a standard for electromagnetic shielding for computer
equipment. It was created in response to the fact that information can
be read from computer radiation (e.g., from a CRT) at quite a distance
and with little effort.  Needless to say, encryption doesn't do much
good if the cleartext is available this way.  The typical home
computer WOULD fail ALL of the TEMPEST standards by a long shot. So,
if you are doing anything illegal, don't expect PGP or any other
encryption program to save you. The government could just set up a
monitoring van outside your home and read everything that you are
doing on your computer.

Short of shelling out the ten thousand dollars or so that it would
take to properly shield your computer, a good second choice might be a
laptop computer running on batteries. No emissions would be fed back
into the power lines, and the amount of power being fed to the display
and being consumed by the computer is much less than the typical home
computer and CRT. This provides a much weaker RF field for snoopers to
monitor. It still isn't safe, just safer.  In addition, a laptop
computer has the advantage of not being anchored to one location.
Anyone trying to monitor your emissions would have to follow you
around, maybe making themselves a little more obvious.  I must
emphasize again that a laptop still is NOT safe from a tempest
standpoint, just safer than the standard personal computer.


========================================================================
Appendix III - Cypherpunks
========================================================================

========
What are Cypherpunks?
========

========
What is the cypherpunks mailing list?
========

Eric Hughes  runs the "cypherpunk" mailing list
dedicated to "discussion about technological defenses for privacy in
the digital domain." Frequent topics include voice and data
encryption, anonymous remailers, and the Clipper chip.  Send e-mail to
majordomo@toad.com with "subscribe cypherpunks" in the body to be
added or subtracted from the list.  The mailing list itself is
cypherpunks@toad.com. You don't need to be a member of the list in
order to send messages to it, thus allowing the use of anonymous
remailers to post your more sensitive messages that you just as soon
would not be credited to you. (Traffic is sometimes up to 30-40
messages per day.)

========
What is the purpose of the Cypherpunk remailers?
========

The purpose of these remailers is to take privacy one level further.
While a third party who is snooping on the net may not be able to read
the encrypted mail that you are sending, he is still able to know who
you are sending mail to. This could possibly give him some useful
information. This is called traffic flow analysis. To counter this
type of attack, you can use a third party whose function is simply to
remail your message with his return address on it instead of yours.

Two types of remailers exist. The first type only accepts plain text
remailing headers. This type would only be used if your goal was only
to prevent the person to whom your are sending mail from learning your
identity. It would do nothing for the problem of net eavesdroppers
from learning to whom you are sending mail.

The second type of remailer accepts encrypted remailing headers. With
this type of remailer, you encrypt your message twice. First, you
encrypt it to the person ultimately receiving the message. You then
add the remailing header and encrypt it again using the key for the
remailer that you are using. When the remailer receives your message,
the system will recognize that the header is encrypted and will use
its secret decryption key to decrypt the message. He can now read the
forwarding information, but because the body of the message is still
encrypted in the key of another party, he is unable to read your mail.
He simply remails the message to the proper destination. At its
ultimate destination, the recipient uses his secret to decrypt this
nested encryption and reads the message.

Since this process of multiple encryptions and remailing headers can
get quite involved, there are several programs available to simplify
the process. FTP to soda.berkeley.edu and examine the directory
/pub/cypherpunks/remailers for the programs that are available.

========
Where are the currently active Cypherpunk remailers?
========

Raph Levien maintains a list of currently active remailers.  The list,
unfortunately, seems to change often as remailers are shut down for
whatever reasons; therefore, I am not printing a list here.  You can
get the list by fingering remailer-list@kiwi.cs.berkeley.edu.

========
Are there other anonymous remailers besides the cypherpunk remailers?
========

Yes, the most commonly used remailer on the Internet is in Finland. It
is known as anon.penet.fi. The syntax for sending mail through this
remailer is different from the cypherpunk remailers. For example, if
you wanted to send mail to me (gbe@netcom.com) through anon.penet.fi,
you would send the mail to "gbe%netcom.com@anon.penet.fi". Notice that
the "@" sign in my Internet address is changed to a "%". Unlike the
cypherpunk remailers, anon.penet.fi directly supports anonymous return
addresses. Anybody using the remailer is assigned an anonymous id of
the form "an?????" where "?????" is filled in with a number
representing that user. To send mail to someone when you only know
their anonymous address, address your mail to "an?????@anon.penet.fi"
replacing the question marks with the user id you are interested in.
For additional information on anon.penet.fi, send a blank message to
"help@anon.penet.fi". You will receive complete instructions on how to
use the remailer, including how to obtain a pass phrase on the system.

========
What is the remailer command syntax?
========

The first non blank line in the message must start with two colons
(::). The next line must contain the user defined header
"Request-Remailing-To: ". This line must be followed by a
blank line. Finally, your message can occupy the rest of the space. As
an example, if you wanted to send a message to me via a remailer, you
would compose the following message:

      ::
      Request-Remailing-To: gbe@netcom.com

      [body of message]

You would then send the above message to the desired remailer. Note
the section labeled "body of message" may be either a plain text
message, or an encrypted and armored PGP message addressed to the
desired recipient. To send the above message with an encrypted header,
use PGP to encrypt the entire message shown above to the desired
remailer. Be sure to take the output in armored text form. In front of
the BEGIN PGP MESSAGE portion of the file, insert two colons (::) as
the first non-blank line of the file. The next line should say
"Encrypted: PGP". Finally the third line should be blank. The message
now looks as follows:

      ::
      Encrypted: PGP

      -----BEGIN PGP MESSAGE-----
      Version 2.3a

      [body of pgp message]
      -----END PGP MESSAGE-----

      You would then send the above message to the desired remailer
just as you did in the case of the non-encrypted header. Note that it
is possible to chain remailers together so that the message passes
through several levels of anonymity before it reaches its ultimate
destination.

========
Where can I learn more about Cypherpunks?
========

  ftp://ftp.csua.berkeley.edu/pub/cypherpunks


=======================================================================
Appendix IV - Testimony of Philip Zimmermann to Congress.
              Reproduced by permission.
=======================================================================

- From netcom.com!netcomsv!decwrl!sdd.hp.com!col.hp.com!csn!yuma!ld231782 Sun
Oct 10 07:55:51 1993
Xref: netcom.com talk.politics.crypto:650 comp.org.eff.talk:20832
alt.politics.org.nsa:89
~Newsgroups: talk.politics.crypto,comp.org.eff.talk,alt.politics.org.nsa
Path: netcom.com!netcomsv!decwrl!sdd.hp.com!col.hp.com!csn!yuma!ld231782
~From: ld231782@LANCE.ColoState.Edu (L. Detweiler)
~Subject: ZIMMERMANN SPEAKS TO HOUSE SUBCOMMITTEE
~Sender: news@yuma.ACNS.ColoState.EDU (News Account)
Message-ID: 
~Date: Sun, 10 Oct 1993 04:42:12 GMT
Nntp-Posting-Host: turner.lance.colostate.edu
Organization: Colorado State University, Fort Collins, CO  80523
~Lines: 281


~Date: Sat, 9 Oct 93 11:57:54 MDT
~From: Philip Zimmermann 
~Subject: Zimmerman testimony to House subcommittee


            Testimony of Philip Zimmermann to
     Subcommittee for Economic Policy, Trade, and the Environment
               US House of Representatives
                    12 Oct 1993



Mr. Chairman and members of the committee, my name is Philip
Zimmermann, and I am a software engineer who specializes in
cryptography and data security.  I'm here to talk to you today about
the need to change US export control policy for cryptographic
software.  I want to thank you for the opportunity to be here and
commend you for your attention to this important issue.

I am the author of PGP (Pretty Good Privacy), a public-key encryption
software package for the protection of electronic mail.  Since PGP was
published domestically as freeware in June of 1991, it has spread
organically all over the world and has since become the de facto
worldwide standard for encryption of E-mail.  The US Customs Service
is investigating how PGP spread outside the US.  Because I am a target
of this ongoing criminal investigation, my lawyer has advised me not
to answer any questions related to the investigation.

I.  The information age is here.

Computers were developed in secret back in World War II mainly to
break codes.  Ordinary people did not have access to computers,
because they were few in number and too expensive.  Some people
postulated that there would never be a need for more than half a
dozen computers in the country.  Governments formed their attitudes
toward cryptographic technology during this period.  And these
attitudes persist today.  Why would ordinary people need to have
access to good cryptography?

Another problem with cryptography in those days was that cryptographic
keys had to be distributed over secure channels so that both parties
could send encrypted traffic over insecure channels. Governments
solved that problem by dispatching key couriers with satchels
handcuffed to their wrists.  Governments could afford to send guys
like these to their embassies overseas.  But the great masses of
ordinary people would never have access to practical cryptography if
keys had to be distributed this way.  No matter how cheap and powerful
personal computers might someday become, you just can't send the keys
electronically without the risk of interception. This widened the
feasibility gap between Government and personal access to cryptography.

Today, we live in a new world that has had two major breakthroughs
that have an impact on this state of affairs.  The first is the
coming of the personal computer and the information age.  The second
breakthrough is public-key cryptography.

With the first breakthrough comes cheap ubiquitous personal
computers, modems, FAX machines, the Internet, E-mail, digital
cellular phones, personal digital assistants (PDAs), wireless digital
networks, ISDN, cable TV, and the data superhighway.  This
information revolution is catalyzing the emergence of a global
economy.

But this renaissance in electronic digital communication brings with
it a disturbing erosion of our privacy.  In the past, if the
Government wanted to violate the privacy of ordinary citizens, it had
to expend a certain amount of effort to intercept and steam open and
read paper mail, and listen to and possibly transcribe spoken
telephone conversation.  This is analogous to catching fish with a
hook and a line, one fish at a time.  Fortunately for freedom and
democracy, this kind of labor-intensive monitoring is not practical
on a large scale.

Today, electronic mail is gradually replacing conventional paper
mail, and is soon to be the norm for everyone, not the novelty is is
today.  Unlike paper mail, E-mail messages are just too easy to
intercept and scan for interesting keywords.  This can be done
easily, routinely, automatically, and undetectably on a grand scale.
This is analogous to driftnet fishing-- making a quantitative and
qualitative Orwellian difference to the health of democracy.

The second breakthrough came in the late 1970s, with the mathematics
of public key cryptography.  This allows people to communicate
securely and conveniently with people they've never met, with no
prior exchange of keys over secure channels.  No more special key
couriers with black bags.  This, coupled with the trappings of the
information age, means the great masses of people can at last use
cryptography.  This new technology also provides digital signatures
to authenticate transactions and messages, and allows for digital
money, with all the implications that has for an electronic digital
economy.  (See appendix)

This convergence of technology-- cheap ubiquitous PCs, modems, FAX,
digital phones, information superhighways, et cetera-- is all part of
the information revolution.  Encryption is just simple arithmetic to
all this digital hardware.  All these devices will be using
encryption.  The rest of the world uses it, and they laugh at the US
because we are railing against nature, trying to stop it.  Trying to
stop this is like trying to legislate the tides and the weather. It's
like the buggy whip manufacturers trying to stop the cars-- even with
the NSA on their side, it's still impossible.  The information
revolution is good for democracy-- good for a free market and trade.
It contributed to the fall of the Soviet empire.  They couldn't stop
it either.

Soon, every off-the-shelf multimedia PC will become a secure voice
telephone, through the use of freely available software.  What does
this mean for the Government's Clipper chip and key escrow systems?

Like every new technology, this comes at some cost.  Cars pollute the
air.  Cryptography can help criminals hide their activities.  People
in the law enforcement and intelligence communities are going to look
at this only in their own terms.  But even with these costs, we still
can't stop this from happening in a free market global economy.  Most
people I talk to outside of Government feel that the net result of
providing privacy will be positive.

President Clinton is fond of saying that we should "make change our
friend".  These sweeping technological changes have big implications,
but are unstoppable.  Are we going to make change our friend?  Or are
we going to criminalize cryptography?  Are we going to incarcerate
our honest, well-intentioned software engineers?

Law enforcement and intelligence interests in the Government have
attempted many times to suppress the availability of strong domestic
encryption technology.  The most recent examples are Senate Bill 266
which mandated back doors in crypto systems, the FBI Digital
Telephony bill, and the Clipper chip key escrow initiative.  All of
these have met with strong opposition from industry and civil liberties
groups.  It is impossible to obtain real privacy in the information
age without good cryptography.

The Clinton Administration has made it a major policy priority to
help build the National Information Infrastructure (NII).  Yet, some
elements of the Government seems intent on deploying and entrenching
a communications infrastructure that would deny the citizenry the
ability to protect its privacy.  This is unsettling because in a
democracy, it is possible for bad people to occasionally get
elected-- sometimes very bad people.  Normally, a well-functioning
democracy has ways to remove these people from power.  But the wrong
technology infrastructure could allow such a future government to
watch every move anyone makes to oppose it.  It could very well be
the last government we ever elect.

When making public policy decisions about new technologies for the
Government, I think one should ask oneself which technologies would
best strengthen the hand of a police state.  Then, do not allow the
Government to deploy those technologies.  This is simply a matter of
good civic hygiene.

II.  Export controls are outdated and are a threat to privacy and
economic competitivness.

The current export control regime makes no sense anymore, given
advances in technology.

There has been considerable debate about allowing the export of
implementations of the full 56-bit Data Encryption Standard (DES).
At a recent academic cryptography conference, Michael Wiener of Bell
Northern Research in Ottawa presented a paper on how to crack the DES
with a special machine.  He has fully designed and tested a chip that
guesses DES keys at high speed until it finds the right one.
Although he has refrained from building the real chips so far, he can
get these chips manufactured for $10.50 each, and can build 57000 of
them into a special machine for $1 million that can try every DES key
in 7 hours, averaging a solution in 3.5 hours.  $1 million can be
hidden in the budget of many companies.  For $10 million, it takes 21
minutes to crack, and for $100 million, just two minutes.  That's
full 56-bit DES, cracked in just two minutes.  I'm sure the NSA can
do it in seconds, with their budget.  This means that DES is now
effectively dead for purposes of serious data security applications.
If Congress acts now to enable the export of full DES products, it
will be a day late and a dollar short.

If a Boeing executive who carries his notebook computer to the Paris
airshow wants to use PGP to send email to his home office in Seattle,
are we helping American competitivness by arguing that he has even
potentially committed a federal crime?

Knowledge of cryptography is becoming so widespread, that export
controls are no longer effective at controlling the spread of this
technology.  People everywhere can and do write good cryptographic
software, and we import it here but cannot export it, to the detriment
of our indigenous software industry.

I wrote PGP from information in the open literature, putting it into
a convenient package that everyone can use in a desktop or palmtop
computer.  Then I gave it away for free, for the good of our
democracy.  This could have popped up anywhere, and spread.  Other
people could have and would have done it.  And are doing it.  Again
and again.  All over the planet.  This technology belongs to
everybody.

III.  People want their privacy very badly.

PGP has spread like a prairie fire, fanned by countless people who
fervently want their privacy restored in the information age.

Today, human rights organizations are using PGP to protect their
people overseas.  Amnesty International uses it.  The human rights
group in the American Association for the Advancement of Science uses
it.

Some Americans don't understand why I should be this concerned about
the power of Government.  But talking to people in Eastern Europe, you
don't have to explain it to them.  They already get it-- and they
don't understand why we don't.

I want to read you a quote from some E-mail I got last week from
someone in Latvia, on the day that Boris Yeltsin was going to war
with his Parliament:

   "Phil I wish you to know: let it never be, but if dictatorship
   takes over Russia your PGP is widespread from Baltic to Far East
   now and will help democratic people if necessary.  Thanks."



Appendix -- How Public-Key Cryptography Works
- ---------------------------------------------

In conventional cryptosystems, such as the US Federal Data Encryption
Standard (DES), a single key is used for both encryption and
decryption.  This means that a key must be initially transmitted via
secure channels so that both parties have it before encrypted
messages can be sent over insecure channels.  This may be
inconvenient.  If you have a secure channel for exchanging keys, then
why do you need cryptography in the first place?

In public key cryptosystems, everyone has two related complementary
keys, a publicly revealed key and a secret key.  Each key unlocks the
code that the other key makes.  Knowing the public key does not help
you deduce the corresponding secret key.  The public key can be
published and widely disseminated across a communications network.
This protocol provides privacy without the need for the same kind of
secure channels that a conventional cryptosystem requires.

Anyone can use a recipient's public key to encrypt a message to that
person, and that recipient uses her own corresponding secret key to
decrypt that message.  No one but the recipient can decrypt it,
because no one else has access to that secret key.  Not even the
person who encrypted the message can decrypt it.

Message authentication is also provided.  The sender's own secret key
can be used to encrypt a message, thereby "signing" it.  This creates
a digital signature of a message, which the recipient (or anyone
else) can check by using the sender's public key to decrypt it.  This
proves that the sender was the true originator of the message, and
that the message has not been subsequently altered by anyone else,
because the sender alone possesses the secret key that made that
signature.  Forgery of a signed message is infeasible, and the sender
cannot later disavow his signature.

These two processes can be combined to provide both privacy and
authentication by first signing a message with your own secret key,
then encrypting the signed message with the recipient's public key.
The recipient reverses these steps by first decrypting the message
with her own secret key, then checking the enclosed signature with
your public key.  These steps are done automatically by the
recipient's software.



- --
  Philip Zimmermann
  3021 11th Street
  Boulder, Colorado 80304
  303 541-0140
  E-mail: prz@acm.org



- --

ld231782@longs.LANCE.ColoState.EDU


========================================================================
Appendix V - The Philip Zimmermann Defense Fund.
             All articles reproduced by permission.
========================================================================

Evidently, providing "free crypto for the masses" has its down side.

The government is investigating Phil Zimmermann, the original author
of PGP, for alleged violations of the ITAR export regulations
prohibiting the unlicensed export of cryptographic equipment.  They do
not seem to believe that Phil himself actually exported PGP; rather,
they claim that making the program available in a way that it could be
exported is itself export (such as giving it away without
restriction).

As of this writing, the investigation is just that.  In January,
Phil's lawyers met with the government lawyers to discuss the case.
The outcome of the meeting is unclear at this point, though the
meeting was described as "cordial" by Phillip Dubois, Phil
Zimmermann's lawyer.

Even though it's "just an investigation", it's been an expensive one.
Phil immediately had to go out and get legal representation to try to
combat this "investigation" and prepare for its possible result.  He's
got a really good legal team, and they have done a lot of their work
pro bono in support of the cause.  Unfortunately, there are still
costs associated with legal fights like this one.  Phil's got quite a
bill so far.

To help offset his costs, Phil and his legal team have set up a legal
defense fund for contributions.  It's currently way in the red, but
it's better than paying the whole bill outright.  If charges actually
get filed, the total bill could soar up into the millions; not a fun
thing to have happen to you after providing such a nice (if
controversial) public service.  And spending all these millions
doesn't guarantee that he won't be convicted and spend some time in
jail; that's something not even a legal defense fund can pay for.

Several companies who benefit from the use of PGP have indicated that
they will donate a portion of their profits from certain activities to
the legal defense fund.  Here is a partial list:

  First Virtual Holdings Incorporated
  Four11 Directory Services
  ViaCrypt
  Christopher Geib (the author of the shareware WinPGP)

Additions to this list would be appreciated.

More information can be had by sending E-mail to zldf@clark.net or by
visiting the information page set up for the fund:

  http://www.netresponse.com/zldf

Also, the legal team has also asked that anyone who has been
approached by a federal investigator and questioned about Phil
Zimmermann please contact Phillip Dubois [dubois@csn.org,
303/444-3885, 2305 Broadway, Boulder, CO 80304-4132].

Here's the original article announcing the fund:

=====
- From prz@columbine.cgd.ucar.EDU Thu Oct 14 23:16:32 1993
Return-Path: 
Received: from ncar.ucar.edu by mail.netcom.com (5.65/SMI-4.1/Netcom)
     id AA05680; Thu, 14 Oct 93 23:16:29 -0700
Received: from sage.cgd.ucar.edu by ncar.ucar.EDU (5.65/ NCAR Central Post
Office 03/11/93)
     id AA01642; Fri, 15 Oct 93 00:15:34 MDT
Received: from columbine.cgd.ucar.edu by sage.cgd.ucar.EDU (5.65/ NCAR Mail
Server 04/10/90)
     id AA22977; Fri, 15 Oct 93 00:14:08 MDT
Message-Id: <9310150616.AA09815@columbine.cgd.ucar.EDU>
Received: by columbine.cgd.ucar.EDU (4.1/ NCAR Mail Server 04/10/90)
     id AA09815; Fri, 15 Oct 93 00:16:57 MDT
~Subject: PGP legal defense fund
To: gbe@netcom.com (Gary Edstrom)
~Date: Fri, 15 Oct 93 0:16:56 MDT
~From: Philip Zimmermann 
In-Reply-To: <9310112013.AA07737@netcom5.netcom.com>; from "Gary Edstrom" at
Oct 11, 93 1:13 pm
~From: Philip Zimmermann 
~Reply-To: Philip Zimmermann 
X-Mailer: ELM [version 2.3 PL0]
Status: OR


~Date: Fri, 24 Sep 1993 02:41:31 -0600 (CDT)
~From: hmiller@orion.it.luc.edu (Hugh Miller)
~Subject: PGP defense fund

As you may already know, on September 14 LEMCOM Systems (ViaCrypt)
in Phoenix, Arizona was served with a subpoena issued by the US District
Court of Northern California to testify before a grand jury and produce
documents related to "ViaCrypt, PGP, Philip Zimmermann, and anyone or
any entity acting on behalf of Philip Zimmermann for the time period
June 1, 1991 to the present."

Phil Zimmermann has been explicitly told that he is the primary
target of the investigation being mounted from the San Jose office of
U.S. Customs.  It is not known if there are other targets.  Whether or
not an indictment is returned in this case, the legal bills will be
astronomical.

If this case comes to trial, it will be one of the most important
cases in recent times dealing with cryptography, effective
communications privacy, and the free flow of information and ideas in
cyberspace in the post-Cold War political order. The stakes are high,
both for those of us who support the idea of effective personal
communications privacy and for Phil, who risks jail for his selfless and
successful effort to bring to birth "cryptography for the masses,"
a.k.a. PGP.  Export controls are being used as a means to curtail
domestic access to effective cryptographic tools: Customs is taking the
position that posting cryptographic code to the Internet is equivalent
to exporting it.  Phil has assumed the burden and risk of being the
first to develop truly effective tools with which we all might secure
our communications against prying eyes, in a political environment
increasingly hostile to such an idea -- an environment in which Clipper
chips and Digital Telephony bills are our own government's answer to our
concerns.  Now is the time for us all to step forward and help shoulder
that burden with him.

Phil is assembling a legal defense team to prepare for the
possibility of a trial, and he needs your help.  This will be an
expensive affair, and the meter is already ticking. I call on all of us,
both here in the U.S. and abroad, to help defend Phil and perhaps
establish a groundbreaking legal precedent.  A legal trust fund has been
established with Phil's attorney in Boulder.  Donations will be accepted
in any reliable form, check, money order, or wire transfer, and in any
currency.  Here are the details:

To send a check or money order by mail, make it payable, NOT to Phil
Zimmermann, but to Phil's attorney, Philip Dubois.  Mail the check or money
order to the following address:

    Philip Dubois
    2305 Broadway
    Boulder, CO USA  80304
    (Phone #: 303-444-3885)

To send a wire transfer, your bank will need the following
information:

    Bank: VectraBank
    Routing #: 107004365
    Account #: 0113830
    Account Name: "Philip L. Dubois, Attorney Trust Account"

    Any funds remaining after the end of legal action will be returned
to named donors in proportion to the size of their donations.

    You may give anonymously or not, but PLEASE - give generously.  If
you admire PGP, what it was intended to do and the ideals which animated
its creation, express your support with a contribution to this fund.

- -----------------------------------------------------------------------

Posted to: alt.security.pgp; sci.crypt; talk.politics.crypto;
comp.org.eff.talk; comp.society.cu-digest; comp.society; alt.sci.sociology;
alt.security.index; alt.security.keydist; alt.security;
alt.society.civil-liberty; alt.society.civil-disob; alt.society.futures

- --

Hugh Miller       | Asst. Prof. of Philosophy |  Loyola University Chicago
FAX: 312-508-2292 |    Voice: 312-508-2727    |  hmiller@lucpul.it.luc.edu
PGP 2.3A Key fingerprint: FF 67 57 CC 0C 91 12 7D  89 21 C7 12 F7 CF C5 7E
=====

European users of PGP may also make contributions to the fund, as
described in the following message posted to alt.security.pgp.  Note
that this fund is not endorsed or managed by the people managing the
real legal defense fund; it is intended as a medium for Europeans (and
others) to be able to contribute to the fund easily.

=====
- -----BEGIN PGP SIGNED MESSAGE-----

     This is a call for donations to support Philip Zimmermann, the
author of Pretty Good Privacy (PGP), directed especially to the
european users.

     To avoid the large bank fees when transferring money to the
United States or when issuing checks to overseas, I have established
an european legal trust fund for your convenience. First of all, I'd
like to inform you what this legal trust fund is all about in the
first place. If you already know Phil's situation, you might skip the
quoted message below. I am using parts of the "request for donations"
as it was posted by Philip Dubois, Zimmermann's lawyer.

 | As you may already know, on September 14 LEMCOM Systems (ViaCrypt)
 | in Phoenix, Arizona was served with a subpoena issued by the US
 | District Court of Northern California to testify before a grand
 | jury and produce documents related to "ViaCrypt, PGP, Philip
 | Zimmermann, and anyone or any entity acting on behalf of Philip
 | Zimmermann for the time period June 1, 1991 to the present."
 |
 | Phil Zimmermann has been explicitly told that he is the primary
 | target of the investigation being mounted from the San Jose office
 | of U.S.  Customs. It is not known if there are other targets.
 | Whether or not an indictment is returned in this case, the legal
 | bills will be astronomical.
 |
 | If this case comes to trial, it will be one of the most important
 | cases in recent times dealing with cryptography, effective
 | communications privacy, and the free flow of information and ideas
 | in cyberspace in the post-Cold War political order. The stakes are
 | high, both for those of us who support the idea of effective
 | personal communications privacy and for Phil, who risks jail for
 | his selfless and successful effort to bring to birth "cryptography
 | for the masses," a.k.a. PGP. Export controls are being used as a
 | means to curtail domestic access to effective cryptographic tools:
 | Customs is taking the position that posting cryptographic code to
 | the Internet is equivalent to exporting it. Phil has assumed the
 | burden and risk of being the first to develop truly effective tools
 | with which we all might secure our communications against prying
 | eyes, in a political environment increasingly hostile to such an
 | idea -- an environment in which Clipper chips and Digital Telephony
 | bills are our own government's answer to our concerns. Now is the
 | time for us all to step forward and help shoulder that burden with
 | him.
 |
 | Phil is assembling a legal defense team to prepare for the
 | possibility of a trial, and he needs your help. This will be an
 | expensive affair, and the meter is already ticking. I call on all
 | of us, both here in the U.S. and abroad, to help defend Phil and
 | perhaps establish a groundbreaking legal precedent. A legal trust
 | fund has been established with Phil's attorney in Boulder.


     If you wish to donate some money to Philip Zimmermann, you may
now transfer it to an account here in Germany -- what is usually quite
a lot cheaper than transferring it to overseas. Here is the
information you will need:

        Account owner: Peter Simons
        Bank         : Commerzbank Bonn, Germany
        Account No.  : 1112713/00
        Bank No.     : 380 400 07

     This is NOT my private account! It is only used to collect the
donations for Philip. Every single dollar I receive will be
transferred to the account in the States monthly, with minimum fees.
If you donate any money, you might want to send an e-mail to me
(simons@peti.rhein.de) and to Philip Dubois (dubois@csn.org) to let us
know. Sending a copy to Phil's lawyer will furthermore make sure that
I can by no means keep anything for myself as he knows exactly what
amount has been given.

     If you need any further information, please don't hesitate to
contact me under simons@peti.rhein.de and I will happily try to help.
You may get my PGP public key from any keyserver or by fingering
simons@comma.rhein.de.

     Please be generous! Consider that PGP is completely free for you
to use and Phil got nothing but trouble in return. One can easily
imagine what a software company had charged you for a tool like that!

        Sincerely,

            Peter Simons 


- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2i beta

iQCVAgUBL2YWuw9HL1s0103BAQEj9wP9EJwRtjcpCSCG/5p10rfPkgD3tlYs35ds
HwXOlCdRkFSfVOQ70xhgObgf6iZwv/OFQzfjf83CjLt5CxVpROMvMBGLnJkpTYEJ
JzXh/22O+E2guWMuGbDgoD83dPXbxWhPCqeJEIP1uNUaT4QQjxB8OOaCfpxLIbCa
2lnISYXKZuQ=
=WrGh
- -----END PGP SIGNATURE-----


========================================================================
Appendix VI - A Statement from ViaCrypt Concerning ITAR
              Reproduced by Permission
========================================================================

- -----BEGIN PGP SIGNED MESSAGE-----

The ITAR (International Traffic in Arms Regulations) includes
a regulation that requires a manufacturer of cryptographic
products to register with the U.S. State Department even if the
manufacturer has no intentions of exporting products.  It appears
that this particular regulation is either not widely known, or
is widely ignored.

While no pressure was placed upon ViaCrypt to register, it is the
Company's position to comply with all applicable laws and regulations.
In keeping with this philosophy, ViaCrypt has registered with the
U.S. Department of State as a munitions manufacturer.

- -----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLQ+DfmhHpCDLdoUBAQGa+AP/YzLpHBGOgsU4b7DjLYj8KFC4FFACryRJ
CKaBzeDI30p6y6PZitsMRBv7y2dzDILjYogIP0L3FTRyN36OebgVCXPiUAc3Vaee
aIdLJ6emnDjt+tVS/dbgx0F+gB/KooMoY3SJiGPE+hUH8p3pNkYmhzeR3xXi9OEu
GAZdK+E+RRA=
=o13M
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBL+kBF7nwkw8DU+OFAQEEWwP/S1EZ+HmzibikWKPDwkqSd4gXsDTM7Zu5
ePC0Pl0PwJoByXnrhDInMorD5oHSFf8mior+SRZubmgUq0plWhI1Ip5DUp+NYVbg
k4Eah/P4q57mExNimBlWCwpb72yYs6HKL60eqEZzQP83DpVJ7VvA7bfMiggZLa1r
Z8Nk1Nrwcc0=
=I8Z9
-----END PGP SIGNATURE-----