Internet crimes to be proud of

Thanks to Pretty Good Privacy encryption creator Phil Zimmermann for software that undermines suppression -- and for keeping me out of jail

When does a passionate advocate for securing the Internet find himself pulling for Internet criminals? When the "crime" is running afoul of a perverse definition of the law. Of course I'm talking about people purposefully ignoring their country's illegitimate attempts to censor or monitor otherwise legitimate Internet use.

Recent events have reinforced the justifiable need for software and sites that can ensure that citizens can continue to communicate freely and confidentially, even when that right is taken away. I especially support people who circumvent the heavy-handed enforcement of questionable censorship laws that exist solely to protect the figureheads in power from the influence of the people they supposedly govern.

[ Your laptop data isn't safe. Follow InfoWorld's encryption-based data-protection plan, which can safeguard your most at-risk PCs. ]

Bypassing censorship filters can be accomplished by using regular services not blocked by the censorship software (such as Twitter) or by using any of the plethora of anonymous proxy services. To get a list of the latter, just search on "anonymous proxies" using any Internet search engine. The best ones encrypt the connection between the originator and proxy so that the information cannot be inspected by intervening filters.

Pretty great privacy
The availability of free, reliable encryption software should be a basic human right. From the beginning of computer science, the makers of computer ciphers have considered protecting communications from an oppressive government's prying eyes to be one of the primary uses of their software.

Certainly Phil Zimmermann, the creator of Pretty Good Privacy (PGP) encryption software, had this on his mind as a central theme when he first coded PGP in 1991. He spoke about this need frequently and even covered it in his documentation, FAQ, and book.

At the time, as a citizen who took the freedoms of the United States for granted, I didn't realize the importance of his declaration. Mr. Zimmermann did. He was investigated by the U.S. government for many years -- facing the prospect of a lengthy prison sentence and possibly even the serious charge of treason (punishable by death) -- for making PGP widely available for the world to use. He spent hundreds of thousands of dollars fighting the investigation, and in the face of overwhelming adversity and the opposition's unlimited monetary resources, he didn't back down.

By 1994, even I recognized the importance of PGP to all freedom-loving peoples. In my youthful exuberance, I was enraged that Zimmermann, who I had personally e-mailed a few times, was being accused of being an American traitor. I came up with a scheme, that upon reflection, was either incredibly ballsy or can only be attributed to adolescent arrogance. My plan was to intentionally violate the U.S. federal statues against distributing encryption programs to foreign governments. This was a charge that Mr. Zimmermann had craftily and legally avoided for good reason.

I was going to create a Web site that would allow any visitor to easily send a copy of PGP to a random foreign e-mail address recipient with a carbon copy of the transfer automatically sent to the White House, along with a protest letter. My idea was to get millions of visitors to violate our "stupid" software encryption laws on purpose and see how the U.S. Justice Department could handle a million violations. My fantasy included the government realizing how ignorant it was, forcing it to change the laws, and to drop the charges against Zimmermann.

[ See what Roger Grimes thinks of President Obama's plan for Internet security | Learn how to secure your systems with Security Adviser newsletter. ]

Pretty bad protest
This wasn't just a silent fantasy. I had created the bare bones of the Web site and contacted Newsweek magazine. I had been profiled in a March 1992 issue regarding the popular Michelangelo virus and the newly emerging Dark Avenger's polymorphic virus mutation engine, and I'd established friendly inside contacts. The magazine's computer and science associate editor loved my idea and promised to give it coverage.

I even understood the potential legal consequences of my actions. I knew I could end up in jail or, at the very least, wasting a lot of money in my defense. I had told my new wife and mother of my first daughter of my idea and the possible consequences. As you can imagine, she was not very supportive of my risking my good job, our house, and our comfortable life. But I was that emotionally driven. At the time I was fond of quoting, "You can take my right to privacy out of my cold, dead hands!" This from a guy who's never held a gun.

Although the exact details are a bit hazy now, I remember nervously dialing Zimmermann for the first time, with the Newsweek editor listening in. I knew getting Zimmermann's support would lock in the magazine's commitment and get me the publicity I would need to get large numbers of visitors willing to join me in my privacy fight.

When I explained my intentions to my crypto hero, instead of embracing my idea as I had expected, he scolded me. He told me that I was stupid for what I was trying -- and that I didn't understand the real consequences of what I was doing. He explained how much time, money, and effort he had put into his own legal defense, and he finished by saying that he did not support my project and would no longer communicate with me.

I was stunned and embarrassed. But fortunately, his admonishment was enough to get me to drop my plans, much to the relief of my family and friends. Years later, the charges against Zimmermann that so offended me were dropped (or more accurately, never filed). His legal defense against the federal investigation helped define the legal treatment of subsequent encryption software as it proliferated around the globe.

Since then, Phil Zimmermann has developed other encryption products, most recently an innovative, free plug-in product, Zfone, which works with a variety of IP telephony software clients. Listening to Zimmermann speak about his latest project at a security conference last year, I was amazed to hear him again reassert the need for encryption products to ensure people's freedom.

As I watched the recent political struggles of a suppressed people and learned how they used the Internet to circumvent a repressive regime, it made me realize the importance of contributions from people like Zimmermann.

So although this is too long overdue, thank you, Phil Zimmermann. Thank you for your free encryption products. Thank you for standing up to our federal government when it was wrong and for battling on behalf of those without a voice. And personally, thanks for steering me clear of a run-in with the feds.

Copyright © 2009 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!