Newsgroups: sci.crypt Path: sparky!uunet!destroyer!ncar!sage.cgd.ucar.edu!prz From: p...@sage.cgd.ucar.edu (Philip Zimmermann) Subject: PGP and real criminals Message-ID: <1992Nov17.001101.21926@ncar.ucar.edu> Sender: ne...@ncar.ucar.edu (USENET Maintenance) Organization: Climate and Global Dynamics Division/NCAR, Boulder, CO Date: Tue, 17 Nov 1992 00:11:01 GMT Lines: 135 Lately there has been much discussion on this newsgroup concerning the implications of child molesters using cryptography to hide their crime. The first posting on this issue came from Terry Ritter, who posed it as a hypothetical question for our examination. The second thread came form Jim Wenzel, who operates a BBS that carries PGP, who was contacted by a police detective who wanted to download PGP because they seized a computer with PGP files from a suspected child molester. Some people have questioned the apparent coincidence of these two threads appearing so close together. Let me give you all some background context. This started last week, when I was contacted by a police detective from California who wanted to know if PGP had a back door, because they had just seized a computer from a suspected child molester. I was sorry to tell him that there was no back door. I discussed other options with him, such as looking for unused disk sectors that might contain old plaintext. They had already done that, with some partial success. I told him he should read the PGP manual to fully understand the problems he faced. The child molester had inconsiderately deleted the PGP manual from his disk before the police seized the computer, so I had to tell them where they could download a copy, from Jim Wenzel's BBS in Arkansas. Later that day, Terry Ritter called me about an unrelated matter, and I told him about the case, and discussed the moral questions of PGP being available to people like this. The next day, Terry posted the question of how to address these issues in public debate. Since then, I have read some interesting well-thought-out responses to Terry's initial posting. I have also read some insensitive fanatical remarks from some people who seem to be so blinded by ideology that they don't think before they open their mouths. Some of the remarks were along these lines: 1) It's obvious to any idiot that the poor guy is innocent, a victim of those nasty cops trying to trump up some evidence against him, because the cops obviously have NOTHING else to go on except some PGP files they found on his computer. I actually read words to that effect in someone's message. 2) It's obvious to any idiot that going after this guy will not help comfort the child victims, so why bother? Or words to that effect. 3) It's obvious to any idiot that a child molester would never be so dumb as to write down details of his crime, so there could not possibly be anything relevent in those PGP-encrypted files. 4) It's obvious to any idiot that cryptography has nothing to do with this case, it's just one thing this guy did besides molest children, that outlawing cryptography because child molesters encrypt is like outlawing breathing because child molesters breathe. It seems that so many of the points that you people raise contain the word "obviously" somewhere, either literally or implied. Things just don't seem so obvious to me. First, on item (1): This guy is a repeat offender, who just started using PGP after getting out of jail from last time. Carefully evaluating everything the cop told me, I was convinced the guy was probably guilty. But these cases are hard to prove in court, and as most people know, there are usually a lot more facts known in a case than what is admissible in court. Ah, you say, that was not explained. But even so, why should you be so sure of yourself when you so glibly assert that the cops had absolutely nothing on this guy except the fact that he had some encrypted files? Item (2): This is just plain dumb. Why do I have to bother explaining why we need to prosecute child molesters? Item (3): Child molesters usually keep diaries of their crimes. This is a fact. It is part of their nature. That's usually how police convict them. Item (4): Cryptography is uniquely relevant to this issue, because of item (3), and the fact that he encrypted his diary. A conviction may be too difficult to achieve without that diary. I would hope that my political credentials are above suspicion, since I went through all the trouble to develop PGP and published my opinions on the role of cryptography in a free society. But perhaps these credentials would not be enough for some hardliners. If we are to prevent the electorate from backing legislation that will make cryptography a crime, we must have articulate agruments that will reach normal people with normal values. Some of what I've seen lately does not meet that requirement. Back in the early to mid 1980's, I worked in the Nuclear Freeze movement. I know-- some of you may find that distasteful, but you know, it's interesting how the left and the right have common interests in civil liberties and privacy. I've made a lot of new friends on the libertarian right since I published PGP. The first article on PGP was published in a local newspaper by a guy who also writes for Soldier of Fortune-- a friend of mine, as a matter of fact. Anyway, I did a lot of public speaking for the Freeze, and I was highly effective because I deeply learned the opposition's point of view. Very few of my leftist friends who were also active in the Freeze were nearly as effective as me-- they never read Aviation Week, they never read Air Force Magazine, they never read the military policy material from the other side. They simply had their knee-jerk answers to complex questions on military policy. And they were pitifully ineffective in debate with the other side. What I now read from some of you folks smacks of the same level of fanaticism as my old marginalized hardliner leftist friends with their Politically Correct preaching to the choir. They used to incessantly bicker amongst themselves over who had the most orthodox P.C. position. We used to have a joke-- "Q: How do you make a leftist firing squad? A: Line everyone up in a big circle." Sound familiar? How are we ever going to reach the electorate? If we are to succeed in the inevitable public debate to come, we must lead with arguments that will appeal to the average person-- not just to hardliner gun-toting survivalists, whose deepest philosophical readings are from Robert Heinlein (I used to buy into Heinlein too, when I was a teenager). Mind you, I'm a supporter of the Second Amendment too, and I like some of Perry Metzger's articulate remarks on this topic, so don't get bent out of shape because I used the phrase "gun-toting". I'm mainly trying to say that hardliners, be they left or right, are rarely effective in reaching the mainstream electorate. They don't even reach me. My support for the Second Amendment is not quite as strong today as it was before I read all these postings from such rabid hardliners. Do I really want to be on the same side as these people on this issue? I suppose these remarks will disillusion some of my PGP fans. Oh well. I'm going to be out of town for a few days this week. I dread the 500 backlogged testosterone-driven sci.crypt postings that will certainly be piled up when I return. Damn. When will the newsgroup ever get back to normal? -Philip Zimmermann