Date: Sat, 27 Nov 93 10:07:52 -0500
From: Anonymous <nowhere@bsu-cs.bsu.edu>
Subject: Pretty Good Hero? (Boardwatch excerpt)


excerpted from:

 
         B  O  A  R  D  W  A  T  C  H      M  A  G  A  Z  I  N  E
 
                   Guide to the World of Online Services
 
 Editor: Jack Rickard   Volume VII: Issue 11   ISSN:1054-2760   November 1993
 
 ==============
 LEGALLY ONLINE
 ==============
 by Lance Rose
 
Phil Zimmermann is a computer programmer and good citizen with an earnest
desire to help others. For much of his adult life he expressed his concern
through political activism, from marches in the 70's through teaching classes
in military policy in the 80's. Along the way, Zimmermann became a computer
network user. As the 90's began, he saw a new threat to our civil rights
surface: a movement to curtail the ability of network users to discuss
matters in private. Many others on the net saw the same thing, but Zimmermann
actually did something about it. He melded his humanitarian ideals with his
programming and cryptographic skills to create an e-mail encryption program
for Everyman called Pretty Good Privacy, or PGP. He did this at no small cost
to himself. An independent computer consultant, Zimmermann shelved most of
his paying gigs while finishing up PGP, missing five mortgage payments on his
family's home in the process.
 
Zimmermann finished PGP in early 1991, released it in the U.S. on the
Internet from his home in Colorado, and it instantly achieved worldwide
popularity among network cognoscenti. PGP is free, and its customers get a
lot more than they bargained for. It uses a powerful RSA public key
encryption system, in which each participant owns one or more private
key/public key pairs. Messages encrypted by one key in the pair can only be
decrypted using the other key. The great advantage of public key encryption
is that, unlike older schemes, like DES, (the current U.S. standard), you can
publicly circulate the key for encrypting messages sent to you by others,
since only your secret private key can decrypt those messages. When someone
sends you a private message using PGP, first it encrypts the message text
using the IDEA algorithm, (the International Data Encryption Algorithm,
developed in Europe and comparable to DES), and generates a unique,
confidential key just for decrypting the message (we'll call it the "text
key"). Then he or she uses the RSA public key they received from you to
encrypt the text key, and sends you both the IDEA-encrypted message and the
RSA-encrypted text key. You would then use your RSA private key to decrypt
the text key, and finally use the text key in turn to decrypt IDEA-encrypted
message.
 
It would be conceptually simpler to use only the RSA public and private keys
for encrypting and decrypting the text, and cut out the IDEA encryption step,
but there is a practical cost. Text encryption using RSA requires far more
computer processing time and power than IDEA-based encryption. Zimmermann
wanted to give people the full benefit of PGP without wasting time watching
their computers crunch numbers, so he used the far easier to process, (but
still highly secure), IDEA technique for message texts, and saved the public
key RSA process for encrypting only the IDEA text keys, which are a mere 128
bits long. Thus, PGP creates securely encrypted texts, gives people the
ability to distribute their public keys far and wide with no compromise in
security, and extends strong encryption capabilities to those with small
computers.
 
After its release PGP became something of a community development project,
and it is now in version 2.3. Other programmers and cryptographers work on
enhancing the source code, creating foreign language translations of the user
interface, and porting PGP from its original DOS platform to other popular
computer platforms such as Mac, Vax, and most flavors of Unix, further
increasing its usefulness to network users of all stripes. In the past two
months, however, some dramatic new chapters swiftly opened in the ongoing
saga of Phil Zimmermann and PGP.
 
First, on the positive side, some patent-related questions nagging PGP from
the very beginning finally may be close to resolution. As soon as PGP
appeared, a West Coast company called Public Key Partners, headed by Jim
Bidzos, claimed it violated a patent they held in computer implementations of
the RSA encryption algorithm. While Bidzos did not rush into court, he did
seek to suppress PGP's distribution. Among other things, he sought out the
major online distribution points for PGP, such as large online services like
CompuServe and GEnie BBS's including The Well, and requested that they
immediately remove the PGP files from distribution because they infringed on
his patents. Most services discontinued providing PGP,and it soon became an
underground classic, difficult to find unless you asked the right people.
Fortunately, there were many such spread across the net. Rather than
challenge the patent claim, which some net observers think a worthwhile
effort, Zimmermann made many requests to Bidzos to obtain a license to use
RSA without hassle in PGP. Eventually, network community and industry leaders
tried to obtain some sort of compromise between Zimmermann and Bidzos. Bidzos
refused all entreaties and continues to oppose PGP.
 
In the meantime, a software company named ViaCrypt obtained a license a year
or two ago from Public Key Partners, (who appear willing to license virtually
anyone but Zimmermann), to use the RSA algorithm in software. ViaCrypt took
some time after securing the rights to figure out how it would use them.
Finally, last August, it approached Zimmermann with a proposal to create a
commercial version of PGP. This was a great business opportunity. ViaCrypt
could use its license to legitimize PGP for the commercial market, and both
could profit from PGP's high profile among companies interested in
encryption. To bring PGP within ViaCrypt's license from Bidzos, Zimmermann
and ViaCrypt have been replacing PGP's existing RSA encryption subroutines
with comparable licensed subroutines developed by ViaCrypt. Bidzos, through
his attorney, publicly expressed some doubt about whether the new ViaCrypt
product will fall within its RSA license rights. Anticipating this
possibility, ViaCrypt shrewdly trumped it in advance by securing a legal
opinion from Brown and Bain, considered by many computer lawyers, (this
author included), to be the leading computer law firm in the country, that
the hybrid product is within the scope of ViaCrypt's license from Public Key
Partners. The new program, tentatively brand named ViaCrypt PGP, is scheduled
for rollout on November 8th of this year.
 
If ViaCrypt PGP succeeds in the market, Zimmermann will make some money,
though he was never really was in it for the money. He is also working on a
new approach to the free version of PGP that may end the patent threats that
continually hinder its open distribution on the net. His current efforts
center on a set of encryption subroutines called RSAREF, released by Bidzos
through another of his companies, RSA Data Securities Inc. (RSADSI). There is
a license to the public to use the RSAREF subroutines free for noncommercial
purposes: you can't make money selling it, and you can't use it for
commercial messaging. By replacing PGP's custom RSA subroutines with publicly
licensed equivalents from RSAREF, Zimmermann could end the patent
infringement problem.
 
RSAREF was designed to let programmers develop privacy-enhanced mail (PEM)
programs using a scheme similar to that used by PGP. The text is encrypted
using an easy-to-process encryption algorithm involving a single key, ending
the patent infringement problem may not have been as easy at it first seemed.
The text key is encrypted using the processing-intensive RSA public key
scheme. The problem is that for the text encryption stage, RSADSI chose the
DES algorithm instead of the IDEA algorithm used in PGP.
 
DES was not perceived as a problem cipher until August of this year, at a
cryptographers' trade show called Crypto 93. A respected Bell Northern
Research scientist named Michael Weiner dropped a bombshell on the conference
by asserting, in essence, that DES was dead, as a dependably secure
encryption algorithm. Weiner had designed a high-speed "inside-out" DES
processor chip that could test 50 million keys per second, and serve as a the
basis for a highly effective DES-cracking machine. He had also priced
production of the chip with a chip fabricator, and in large but not enormous
quantities it would cost about $10.50 per chip. Using these figures, he said
a computer with 7,000 such chips would cost a vast amount, and could find the
key to any DES-encrypted message within 7 hours by testing every possible key
within that time, with a mean key-cracking time of 3.5 hours per encrypted
message. For $100 million, well within intelligence agency budgets, a
computer could be built that would crack the keys for DES-encrypted messages
at a clip of two minutes per key. This result would be achieved for texts
encrypted with 56 bit DES keys, where the decryptor has a little bit of plain
text he knows would be in the encrypted message, such as someone's name, or a
word or two. There are DES encryption schemes using longer keys, but the 56
bit key is the U.S. government standard, and the official or de facto
standard in many industry applications as well.
 
Weiner's brute force approach would be marvelously effective despite its lack
of elegance. For PEM computer programs using RSAREF in its current form,
there can no longer be dependable privacy. All texts encrypted using RSAREF's
standard 56 bit DES approach will, from this point forward, be vulnerable to
cracking at some point by a Weiner-type supercomputer. It will be pointless
to hide the DES key inside RSA encryption. Owners of the supercomputer could
find the key directly from the text, and need not bother with the encrypted
key. As Phil puts it, the RSA encryption of the DES key is like those little
secure boxes for holding front-door keys that realtors mount on houses being
shown to prospective buyers. The little box may be nearly impossible to break
into without the proper code, but there's always another possibility for
getting into the house without permission: break down the door or smash in
the window.
 
There's a way to avoid this with RSAREF, by invoking deeper subroutines in
the package to create PEM programs that use text encryption schemes more
dependable than the suddenly-reduced DES, such as the IDEA algorithm used
today in PGP. IDEA uses a 128 bit key instead of the 56 bit key standard in
DES, and its security has not been seriously questioned to date, despite
spirited attacks by some of the world's mightiest cryptographers.
Unfortunately, the current RSAREF public license only permits programmers to
use the high-level routines that require DES, and prohibits using the deeper
routines to bring in other encryption algorithms - the very use necessary for
PGP to remain dependably secure. However, after the Weiner revelation, RSAREF
will not be in much demand if it continues to restrict PEM programmers to 56
bit DES. Accordingly, it is rumored that a public license to the deeper,
roll-your-own algorithm subroutines in RSAREF may soon be forthcoming from
RSADSI. If this new license is issued, Zimmermann may finally be home free in
his quest to create a free, effective PGP with no specter of patent
infringement hovering over it. It is possible that by the end of this year or
early in the next, we will see both a commercial ViaCrypt PGP, and a free PGP
for personal noncommercial use.
 
That's the good news. The bad news is that Phil Zimmermann is now the target
of an investigation by the U.S. attorney's office into violations of the
International Traffic in Arms Regulations, or ITAR. ITAR is a set of laws
administered by the State Department, designed to keep war-grade weapons from
being exported out of the U.S. to certain foreign countries. While ITAR
mainly regulates weapons-like parts for tanks, jets and submarines, it also
regulates encryption devices, including encryption software, as "munitions"
due to their military intelligence value. The U.S. attorney is not commenting
at this early stage, but observers agree the investigation relates to PGP's
worldwide distribution through the Internet. This distribution constituted a
clean end run around the State Department's normal procedure of placing a
roadblock against all cryptography exports, until they are reviewed by the
National Security Agency for military potential. What is unclear, is whether
Zimmermann did anything wrong by placing PGP on the Internet on computers
located within the U.S.
 
There are very good reasons for saying that Zimmermann's actions were totally
legal, and that he should not have this cloud over his head. For one thing,
Zimmermann did not intend for PGP to be exported. He was never motivated to
put out an international encryption standard. To the contrary, his motivation
was the perception that political forces within the U.S. seemed to be pushing
towards outlawing private encryption in this country. In fact, he acted
specifically to put PGP into circulation quickly while it was still legal in
this country, before any laws might go into place prohibiting domestic use of
privately developed encryption software.
 
For another, Internet users outside the U.S. helped themselves to PGP.
Zimmermann did not send PGP anywhere outside the country. He made it
available on computers within U.S. borders, which is perfectly legal in
itself. By analogy, I could legally go door-to- door in this country selling
devices enabling people to encrypt their telephone discussions. I can even
leave an open box of them in front of my house in New Jersey, and tell all my
neighbors to pick one up for their own use. If some foreign tourists take a
few and spirit them back into their own countries, why should I be held
guilty for export violations?
 
In addition, Zimmermann and all the users of PGP in this country have their
First Amendment rights. Zimmermann has the right to freely publish the PGP
program in this country. The Constitution says Congress will enact "no law"
restricting freedom of speech and of the press. There are no Amendments to
the Constitution that contain exceptions for speech or press distributed
through the Internet. Additionally, people who send electronic messages to
each other have the right to send them encrypted without government
interference, and legal action against PGP would certainly interfere with
such activities. In this instance, PGP's free speech rights derive from its
assistance of PGP users in exercising their own rights of free speech. This
kind of derivative free speech protection is very powerful. It is analogous
to the protection of speech distributors applied in the past by the Supreme
Court and other federal courts to book sellers, magazine distributors, and
even CompuServe.
 
Finally, there are privacy considerations. This is not really a legal
argument, as much as a question of the limits of appropriate government
intrusion into peoples' private lives. The question comes up almost daily
these days, in settings ranging from the privacy of employee e-mail to the
swelling commercial market for extensive data on each citizen in our country
of consumers. A government push against the availability of PGP, regardless
of the legal cause, would count as yet another blow against the dwindling
ability of us all to retain a modicum of personal privacy. As the cypherpunks
are often heard to say, "if privacy becomes outlawed, only outlaws will have
privacy."
 
Powerful as these and other arguments are, they will not deter government
action on their own. The government can offer the fairly standard legal
argument that Zimmermann "knew or should have known," that placing PGP on the
Internet would result in worldwide export in violation of the ITAR. After
speaking with Zimmermann, I am not sure he actually knew, in particular, that
there was a law called ITAR, or that it applied to encryption software. As
mentioned above, he certainly was not out to distribute PGP worldwide.
Whether the government proceeds will depend as much on political factors as
on its view of the legalities involved.
 
The investigation is at an early stage, and in fact, has not been directed
formally at Zimmermann. The only activity in public view so far was the
service of subpoenas for document production by the U.S. Attorney's office in
San Jose, CA on Viacrypt in Phoenix, AZ and another company named Austin Code
Works in Austin, TX. Austin Code Works distributes PGP and other free
software for encryption and other uses in source code form, for little more
than the price of a computer disk. According to Zimmermann, he has no
business relationship with Austin Code Works. He also had no idea they were
distributing PGP until he read about the subpoena served on them. As soon as
Austin Code Works was served, its president, Grady Ward, went public on the
Internet with a ringing defense of its position. Ward claims they do not
distribute executable programs, but only "source code algorithmic
descriptions" of encryption techniques, thus falling under a "technical data"
exception to ITAR. The State Department publicly countered that position, and
is requiring Austin Code Works to register as a munitions dealer.
 
There is no telling whether the investigation will proceed to charges against
Zimmermann or others, but Zimmermann and others in the network community
intend to be prepared. Phil Zimmermann's attorney, Colorado criminal lawyer
Philip Dubois, is accepting contributions for Zimmermann's defense, (He can
be reached at Philip Dubois, Esq., 2305 Broadway, Boulder, CO 80304,
(303)444-3885, dubois@csn.org). The Electronic Frontier Foundation is also
stepping forward in Zimmermann's defense, with financial commitments from EFF
and several of its individual board members, and efforts to rally public
support for Zimmermann and PGP.
 
A lingering question in the current investigation is why the government
waited over two years after PGP's release to start it up. Some speculate it
is due to a link between the investigation and the government's efforts to
establish a new encryption standard named CLIPPER as the replacement for the
aging DES standard. The government has repeatedly stated it will not seek to
make Clipper the only legal encryption standard in this country by outlawing
all others. But if it proceeds to charge Zimmermann and PGP as a result of
the current investigation, it could have the effect of using the government's
legal artillery to blow away one of Clipper's most prominent competitors.
 
Speculation aside, PGP's legal situation is slowly maturing, and within
another year or so we should know for sure whether it's legal or illegal in
the U.S. By that time, it will be in the hands of millions of people the
world over, each using PGP to create his or her own private communications
channel. Hopefully, we will not have to witness the ironic spectacle of PGP
being banned in the country of its birth, while freely in use in the rest of
the world.
 
[Lance Rose is an attorney practicing high-tech and information law in
Montclair, NJ. He can be found on the Internetat elrose@well.sf.ca.us, and on
Compuserve at 72230,2044. He is also author of SysLaw, the legal guide for
online service providers, available from PC Information Group at
800-321-8285.
 
Pretty Good Privacy is available in it's latest July 1, 1993 release as
PGP23A.ZIP with C language source code in PGP23ASR.ZIP. Phil Zimmermann can
be reached at Boulder Software Engineering, 3021 Eleventh Street, Boulder,
Colorado 80304; (303)541-0140 voice/fax; or via Internet at prz@acm.org
 
ViaCrypt will make the commercial PGP available at an intro price of $100.
ViaCrypt, 2104 W. Peoria, Phoenix, AZ 80209, (602) 944-1543. - Editor