Encryption and verification package Pretty Good Privacy (PGP) has celebrated a troubled 30 years of securing secrets and giving cypherpunks an excuse to meet in person, with original developer and security specialist Phil Zimmermann toasting a world where encryption is common but, he warns, still under threat.
It was on this day (6 June) in 1991 that Pretty Good Privacy was uploaded to the Internet, Zimmermann wrote in a piece published over the weekend. I had sent it to a couple of my friends for distribution the day before. This set in motion a decade of struggle to end the US export controls on strong cryptographic software.
I became the target of a criminal investigation for violating the Arms Export Control Act by allowing PGP to spread around the world. This further propelled PGP’s popularity. The government dropped the investigation in early 1996, but the policy debate raged on, until the US export restrictions finally collapsed in 2000. PGP ignited the decade of the Crypto Wars, resulting in all the western democracies dropping their restrictions on the use of strong cryptography. It was a storied and thrilling decade, and a triumph of activism for the right to have a private conversation.
PGP’s workaround for these export restrictions, the US International Traffic in Arms Regulations (ITAR), is storied. Realising that the nation enjoyed a constitutional right to free speech which extended to published work, the source code was published as a printed book – a protected work under the 1st Amendment to the US Constitution – and distributed abroad, where it was scanned through an optical character recognition system and compiled into a freely distributable international variant.