Phil Zimmermann and PGP: Privacy for the People

Zusammenfassung

In June 1991, a software engineer and anti-nuclear activist named Phil Zimmermann posted a free encryption program to the internet, beginning one of the most consequential episodes in the history of civil liberties and technology. Pretty Good Privacy combined public-key cryptography with a practical user interface for the first time, making strong encryption available to anyone with a computer. The U.S. government’s response — a three-year federal criminal investigation treating cryptographic software as a weapon — turned Zimmermann into an unexpected symbol of the right to privacy, and the battle over PGP’s legality defined the first Crypto Wars.

A Political Problem, A Technical Solution

Philip Zimmermann was not, in 1991, primarily a cryptographer. He was a software engineer in Boulder, Colorado, who had spent years in the nuclear freeze movement, organizing against the arms race and worrying about government power. His technical skills were real — he had been programming since the 1970s and had worked on telecommunications software — but his motivation for building an encryption tool was explicitly political.

The immediate catalyst was a bill moving through the U.S. Senate in 1991, introduced as part of an anti-crime package, that would have required manufacturers of secure communications equipment to build in backdoors for law enforcement. Zimmermann read the bill and concluded that if it passed, private communication would become legally impossible. He decided to release strong encryption as free software before the bill could pass, placing it beyond any government’s ability to restrict. The bill died in committee, but Zimmermann finished the software anyway.

PGP 1.0 appeared in June 1991, posted to the Usenet newsgroup sci.crypt and uploaded to servers from which it could be downloaded freely. The program was not original cryptography — it combined RSA (public-key encryption) with a symmetric cipher of Zimmermann’s own design, Bass-O-Matic. (After Eli Biham pointed out weaknesses in Bass-O-Matic, Zimmermann replaced it with the IDEA cipher in PGP 2.0 in 1992.) What was original was the integration: PGP made it possible, for the first time, for an ordinary user to encrypt email with security that would take longer than the age of the universe to break by brute force.

The program’s core workflow was straightforward. Each user generated a key pair: a public key that could be distributed openly and a private key kept secret. To send an encrypted message, you obtained the recipient’s public key, encrypted the message with it, and sent the ciphertext. Only the recipient’s private key — which had never been transmitted anywhere — could decrypt it. PGP also supported digital signatures: signing a message with your private key allowed recipients to verify, using your public key, that you had actually sent it and that it had not been altered in transit.

The Web of Trust

One of PGP’s most distinctive features was its answer to a question that RSA alone could not solve: how do you know that a public key actually belongs to who it claims to belong to? A certificate authority model — as used in SSL/TLS — relies on a hierarchy of trusted institutions to vouch for key ownership. Zimmermann’s answer was the web of trust: a decentralized, peer-to-peer system in which users signed each other’s public keys, creating a network of attestations. If Alice trusted Bob, and Bob had signed Carol’s key, Alice could extend partial trust to Carol.

The web of trust was elegant in theory and difficult in practice. It required users to physically meet and verify each other’s identity — or rely on trust chains that could be hard to verify — before signing keys. In the pre-internet era of physical computing communities (bulletin board systems, local user groups, hacker conferences), this was barely feasible. On the global internet, it was too much friction for most users. The web of trust remains one of the great underimplemented ideas in computer security: the right model in principle, perpetually defeated by human logistics.

Munitions: The Federal Investigation

Within months of PGP’s release, copies had spread to servers outside the United States. This created a legal problem with serious consequences: under the International Traffic in Arms Regulations (ITAR), strong encryption software was classified as a munition — in the same category as tanks and missiles — and exporting it without a license was a federal crime carrying penalties up to ten years in prison.

The U.S. Customs Service opened a criminal investigation of Zimmermann in 1993. The theory was simple and alarming: Zimmermann had posted PGP to the internet, foreign nationals had downloaded it, and this constituted illegal export of a munition. Zimmermann had not intentionally exported anything; he had simply made it available, and the internet had done the rest. But the government’s legal position was that this distinction did not matter.

The investigation lasted three years, from 1993 to 1996. Zimmermann could not travel internationally without risk of arrest. He could not obtain work as a contractor on sensitive projects. He retained legal counsel and waited, while the question of whether mathematical knowledge could be treated as a weapon dragged through the bureaucratic machinery.

Software as Speech

Zimmermann and his supporters argued that source code was protected expression under the First Amendment — that a cryptographic algorithm printed in a book was speech, and that prosecuting its publication was a prior restraint. To dramatize the point, MIT Press published PGP Source Code and Internals (1995), with the complete PGP source code printed in machine-readable type. The book was legally exported under First Amendment protection. People overseas OCR’d the pages and compiled working PGP software from the printout — legally, because the export of a book was not an arms export. The “munitions T-shirt,” printed with the RSA algorithm in Perl, appeared at the same time, worn at security conferences by activists demonstrating the absurdity of treating mathematical text as ordnance.

The Crypto Wars

Zimmermann’s case was the most prominent but not the only front in what became known as the Crypto Wars — the conflict between government agencies wanting access to encrypted communications and technologists, civil libertarians, and businesses wanting strong, unbreakable encryption.

The Clipper chip proposal (1993) was the government’s affirmative case: offer strong encryption, but with government-accessible key escrow. Zimmermann testified before Congress against it, alongside Whitfield Diffie and Martin Hellman and other cryptographers. The core argument was that a backdoor designed for law enforcement was a backdoor available to anyone — that mathematical security did not have a “government exception.”

In January 1996, the Clinton administration dropped the criminal investigation of Zimmermann without filing charges. No explanation was given. Legal experts believed the government had concluded that prosecuting Zimmermann would require arguing, before a court, that mathematics was a weapon — a position unlikely to survive First Amendment scrutiny, and one that would generate enormous publicity.

The same year, the export control regulations on cryptographic software were substantially relaxed. The munitions classification that had threatened Zimmermann was quietly reduced for mass-market software meeting certain criteria. By the late 1990s, browsers could ship 128-bit SSL encryption without export licenses. The Crypto Wars’ first round had ended in something close to a civilian victory.

For the broader context of government surveillance and privacy battles, see The Privacy War.

Network Associates and the OpenPGP Standard

In 1997, Zimmermann’s company Pretty Good Privacy Inc. was acquired by Network Associates (later renamed McAfee), one of the largest security software vendors. The acquisition was intended to give PGP a commercial future; what it actually produced was a period of corporate confusion in which PGP development slowed, the free version was discontinued, and users watched their privacy tool being absorbed into a software conglomerate whose priorities were enterprise sales.

Zimmermann had anticipated this risk. Before the acquisition, he worked to ensure that PGP’s protocols were standardized independently of any single company. The result was OpenPGP, standardized in RFC 2440 (1998) and later updated in RFC 4880 (2007). OpenPGP specified the message format and cryptographic conventions of PGP in a way that any software could implement without licensing restrictions. This meant that even if the commercial PGP product became unusable, the standard would survive.

The most important implementation of that standard was GnuPG (GNU Privacy Guard), written by German programmer Werner Koch and released in 1999 under the GPL. Koch worked largely alone for years, funded intermittently by the German government and by donations. GnuPG became the reference implementation of OpenPGP — the version used by journalists, activists, and Linux distributions worldwide. When the Edward Snowden revelations in 2013 triggered a surge of interest in encrypted communications, GnuPG was the tool journalists reached for, running on laptops in hotel rooms and newspaper offices across the world. Koch received enough donations in the aftermath to fund continued development. GnuPG remains the dominant free OpenPGP implementation.

The Limits of PGP’s Victory

PGP achieved its political goal — it demonstrated, definitively, that strong encryption could not be suppressed — while largely failing at its user goal: making encrypted email ubiquitous.

The key management problem proved insurmountable for mainstream adoption. Understanding the difference between a public key and a private key, managing keyrings, verifying fingerprints, understanding the web of trust — these were tasks that technical users could manage and that most users could not. Email clients that integrated PGP — Thunderbird with Enigmail, later native OpenPGP support — existed, but the setup process remained intimidating. As late as 2013, when Snowden wanted to contact journalist Glenn Greenwald, Greenwald had to spend weeks learning PGP before the communication could begin. The tool that was supposed to give ordinary people access to strong encryption was primarily used by extraordinary people.

The Signal Protocol, developed by Moxie Marlinspike and Open Whisper Systems and deployed in Signal (2014) and later integrated into WhatsApp, solved the key management problem by making it automatic: users never see keys, never manage keyrings, never think about trust. Signal’s end-to-end encryption is mathematically comparable to PGP’s but requires nothing of the user. Zimmermann’s philosophical heirs were not the PGP users typing key fingerprints into command lines; they were the two billion WhatsApp users who had encrypted communications without knowing it.

Phil Zimmermann After PGP

After leaving Network Associates, Zimmermann continued to work at the intersection of privacy and technology. He co-founded Zfone (2005), a protocol for encrypting VoIP calls, later standardized as ZRTP. He was a Fellow at the Stanford Law School’s Center for Internet and Society and joined the board of the Freedom of the Press Foundation. He continued to testify before Congress and parliaments on encryption policy, making essentially the same arguments he had made in 1991: that backdoors cannot be restricted to legitimate users, that mathematical security is absolute or it is nothing, and that surveillance capacity accumulated for good reasons is inevitably used for bad ones.

The question Zimmermann had asked in 1991 — whether private communication is a right or a privilege governments may revoke — has not been answered. The government’s surveillance programs revealed by Edward Snowden in 2013 (see The Privacy War) demonstrated that the state’s appetite for encrypted communications had not diminished; only the methods had changed. The Crypto Wars that Zimmermann helped start never quite ended.