Tech Insider					     Technology and Trends


			      USENET Archives

Newsgroups: sci.crypt
Path: sparky!uunet!destroyer!ncar!sage.cgd.ucar.edu!prz
From: p...@sage.cgd.ucar.edu (Philip Zimmermann)
Subject: PGP and real criminals
Message-ID: <1992Nov17.001101.21926@ncar.ucar.edu>
Sender: ne...@ncar.ucar.edu (USENET Maintenance)
Organization: Climate and Global Dynamics Division/NCAR, Boulder, CO
Date: Tue, 17 Nov 1992 00:11:01 GMT
Lines: 135

Lately there has been much discussion on this newsgroup concerning
the implications of child molesters using cryptography to hide their
crime.  The first posting on this issue came from Terry Ritter, who
posed it as a hypothetical question for our examination.  The second
thread came form Jim Wenzel, who operates a BBS that carries PGP, who
was contacted by a police detective who wanted to download PGP
because they seized a computer with PGP files from a suspected child
molester.  Some people have questioned the apparent coincidence of
these two threads appearing so close together. 

Let me give you all some background context.  This started last week,
when I was contacted by a police detective from California who wanted
to know if PGP had a back door, because they had just seized a
computer from a suspected child molester.  I was sorry to tell him
that there was no back door.  I discussed other options with him,
such as looking for unused disk sectors that might contain old
plaintext.  They had already done that, with some partial success.  I
told him he should read the PGP manual to fully understand the
problems he faced.  The child molester had inconsiderately deleted
the PGP manual from his disk before the police seized the computer,
so I had to tell them where they could download a copy, from Jim
Wenzel's BBS in Arkansas.

Later that day, Terry Ritter called me about an unrelated matter, and
I told him about the case, and discussed the moral questions of PGP
being available to people like this.  The next day, Terry posted the
question of how to address these issues in public debate.

Since then, I have read some interesting well-thought-out responses
to Terry's initial posting.  I have also read some insensitive
fanatical remarks from some people who seem to be so blinded by
ideology that they don't think before they open their mouths.

Some of the remarks were along these lines:

1)  It's obvious to any idiot that the poor guy is innocent, a victim
of those nasty cops trying to trump up some evidence against him,
because the cops obviously have NOTHING else to go on except some PGP
files they found on his computer.  I actually read words to that
effect in someone's message.

2)  It's obvious to any idiot that going after this guy will not help
comfort the child victims, so why bother?  Or words to that effect.

3)  It's obvious to any idiot that a child molester would never
be so dumb as to write down details of his crime, so there could not
possibly be anything relevent in those PGP-encrypted files.

4)  It's obvious to any idiot that cryptography has nothing to do
with this case, it's just one thing this guy did besides molest
children, that outlawing cryptography because child molesters encrypt
is like outlawing breathing because child molesters breathe.

It seems that so many of the points that you people raise contain the
word "obviously" somewhere, either literally or implied.  Things just
don't seem so obvious to me.

First, on item (1):  This guy is a repeat offender, who just started
using PGP after getting out of jail from last time.  Carefully
evaluating everything the cop told me, I was convinced the guy was
probably guilty.  But these cases are hard to prove in court, and as
most people know, there are usually a lot more facts known in a case
than what is admissible in court.  Ah, you say, that was not
explained.  But even so, why should you be so sure of yourself when
you so glibly assert that the cops had absolutely nothing on this guy
except the fact that he had some encrypted files?

Item (2):  This is just plain dumb.  Why do I have to bother
explaining why we need to prosecute child molesters?

Item (3):  Child molesters usually keep diaries of their crimes.  This
is a fact.  It is part of their nature.  That's usually how police
convict them. 

Item (4):  Cryptography is uniquely relevant to this issue, because
of item (3), and the fact that he encrypted his diary.  A conviction
may be too difficult to achieve without that diary.

I would hope that my political credentials are above suspicion, since
I went through all the trouble to develop PGP and published my 
opinions on the role of cryptography in a free society.  But perhaps
these credentials would not be enough for some hardliners.

If we are to prevent the electorate from backing legislation that
will make cryptography a crime, we must have articulate agruments
that will reach normal people with normal values.  Some of what I've
seen lately does not meet that requirement.

Back in the early to mid 1980's, I worked in the Nuclear Freeze
movement.  I know-- some of you may find that distasteful, but you
know, it's interesting how the left and the right have common
interests in civil liberties and privacy.  I've made a lot of new
friends on the libertarian right since I published PGP.  The first
article on PGP was published in a local newspaper by a guy who also
writes for Soldier of Fortune-- a friend of mine, as a matter of
fact.  Anyway, I did a lot of public speaking for the Freeze, and I
was highly effective because I deeply learned the opposition's point
of view.  Very few of my leftist friends who were also active in the
Freeze were nearly as effective as me-- they never read Aviation
Week, they never read Air Force Magazine, they never read the
military policy material from the other side.  They simply had their
knee-jerk answers to complex questions on military policy.  And they
were pitifully ineffective in debate with the other side.  

What I now read from some of you folks smacks of the same level of
fanaticism as my old marginalized hardliner leftist friends with their
Politically Correct preaching to the choir.  They used to incessantly
bicker amongst themselves over who had the most orthodox P.C.
position.  We used to have a joke--  "Q: How do you make a leftist
firing squad?  A: Line everyone up in a big circle."   Sound
familiar?  How are we ever going to reach the electorate?

If we are to succeed in the inevitable public debate to come, we must
lead with arguments that will appeal to the average person-- not just
to hardliner gun-toting survivalists, whose deepest philosophical
readings are from Robert Heinlein (I used to buy into Heinlein too,
when I was a teenager).  Mind you, I'm a supporter of the Second
Amendment too, and I like some of Perry Metzger's articulate remarks
on this topic, so don't get bent out of shape because I used the
phrase "gun-toting".  I'm mainly trying to say that hardliners, be
they left or right, are rarely effective in reaching the mainstream
electorate.  They don't even reach me.  My support for the Second
Amendment is not quite as strong today as it was before I read all
these postings from such rabid hardliners.  Do I really want to be on
the same side as these people on this issue?

I suppose these remarks will disillusion some of my PGP fans.  Oh well. 

I'm going to be out of town for a few days this week.  I dread the
500 backlogged testosterone-driven sci.crypt postings that will
certainly be piled up when I return.  Damn.  When will the newsgroup
ever get back to normal?

-Philip Zimmermann

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO vs IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or
research.

Electronic mail:			       WorldWideWeb:
   tech-insider@outlook.com			  http://tech-insider.org/