Not many technologists receive e-mail from their users saying the only thing standing between them and an oppressive government is your technology, but that's exactly the kind of e-mail Phil Zimmermann evokes, thanks to his creation Pretty Good Privacy (PGP). Released in 1991, PGP has been used the world over to encrypt data and keep it safe in places such as Kosovo, Sarajevo, Croatia, and Guatemala. But, Zimmermann is quick to point out, although using PGP to keep the secret police at bay is vitally important, the security provided by PGP is also vital to the life of any enterprise.
At the time of its release, PGP dramatically changed the security landscape.
"Before PGP, there was no way for two ordinary people to communicate over long distances without the risk of interception," Zimmermann says. "Not by phone, not by FedEx, not by fax."
But PGP changed all that by providing easy-to-use encryption that could still stand up to the best in cracking technology. Fifty-six-bit DES encryption was the strongest encryption used by the private sector, which wasn't secure enough given the resources a government could bring to cracking.
"The NSA [National Security Agency] was the presumed opponent," Zimmermann says.
The idea for PGP started back in 1984. PGP gradually evolved as Zimmermann mastered the complex math needed for encryption.
In February 1993, the government informed Zimmermann that he was being investigated for violating its restriction on the export of encryption technologies. After an arduous three years, in January 1996 the government finally dropped its case against him. Zimmermann attributes that to several factors, but he's never actually been told the reasons the government dropped its case. As a condition of being told the reasons, Zimmermann would not have been able to tell anyone about it.
"I wasn't willing to agree to that," says Zimmermann, who at the time was speaking to the press five times a week about the case.
With the government case over, Zimmermann was free to found PGP Inc. to commercialize his software for business. At the end of 1997, Network Associates bought the company and turned PGP into one of its primary products for the enterprise. Now he juggles a schedule of consulting, public speaking, and keeping a hand in PGP's development.
To Zimmermann, robust security goes hand in hand with a healthy business.
"The threat model used to be you protected yourself from your competitors," Zimmermann says. But in today's world of global business, that's inadequate. "Intelligence agencies of countries have been reassigned to spying on companies. To compete in a global world, you need cryptography strong enough to stop governments."
Next up, Zimmermann is working on updating PGP Phone, a product that encrypts voice traffic on a computer.
Casting an eye toward the technology horizon, he sees a bold future for wireless technology.
"We'll be accessing the Internet all the time," Zimmermann says, "which means a dramatic increase in security requirements."
Current position: Senior fellow, Network Associates Inc.
Technology prediction: Wireless is it