By CHARLES ARTHUR
c.1996 The Independent, London
LONDON - It was one small defeat for the US government, but a big
victory for the Internet. After three years of investigation, a US
district attorney has announced that he has decided not to prosecute
Philip Zimmermann, the American programmer who wrote a piece of
encryption software now widely used in cyberspace to keep messages
secret.
The software is so effective that the US government classifies it as a
munition and bans its export without a licence. Breaking the ban
carries a maximum prison sentence of 51 months.
Zimmermann, who was told of the decision by fax last Monday, declared
himself ``ecstatic'' and ``elated''. Users of the Internet have
quickly adopted his program - called Pretty Good Privacy (PGP) - both
to render private messages and files virtually uncrackable, and to
give their public messages a unique electronic ``signature''.
In the long term, the decision could help US software companies such
as Microsoft and Netscape. They have been lobbying the government to
let them compete with international rivals which already sell
``strong'' encryption packages resembling PGP. Previously, the
government had resisted their calls. But the wide availability of a
free uncrackable encryption program will make their case hard to deny.
Although Zimmermann was never charged with any offence, he had been
under investigation since 1993 by Michael Yamaguchi, the US district
attorney in San Francisco, after copies of PGP began to be widely
available on the Internet.
The program was copied to the Internet in 1991 by a friend of
Zimmermann's, who sent it to a number of computer bulletin boards from
his laptop computer over public payphones. Almost simultaneously, a
rumour swept the Internet's discussion groups suggesting that the US
government would soon outlaw such ``strong encryption''. However,
Yamaguchi said that he will not be prosecuting any individuals
following the investigation.
PGP uses an encryption technique that is comparatively easy to perform
with a standard PC, yet virtually impossible to crack with even the
most powerful systems.
It starts from two very large prime numbers, which are used to produce
the ``public'' and ``private'' keys. Each user of the program
generates their own pair of keys, and then makes the public key
available to anyone. To encrypt a message, the sender uses his private
key and the receiver's public key.
The message can then only be decrypted by the intended receiver. To
anyone who intercepts it - such as US government officials - the
content is just a meaningless jumble of numbers. However, there have
been claims that though PGP can have positive uses it also appeals to
criminals.
NYT-01-13-96 1614EST