Why Do You Need PGP?

03/14/2014

**** Editor's Note****

In light of recent developments in the media, I dug this out of my archives. I had this up about 2 years ago. I haven't been taking my own advice (encrypting my own email) mostly because I felt there just were not enough people out there familiar enough with the process. And no one sends mail they don't want to be read.

But alas, it's a brave new world. And people need to get up to speed to cope with it. I have the newest version of PGP in the Resources section, and I suggest everyone download, install and learn to use it. While I can receive unencrypted email. All replies to said mail will be encrypted from now on.

And now, on to the story...

******************************************************************************************************************

What is Pretty Good Privacy?
PGP or Pretty Good Privacy is as the name suggest a package that guarantees privacy or in other words it is an encryption package. PGP was developed by Phil Zimmermann.

Conventional encryption (also known as symmetric cypher) uses a single key. The same key is used to encrypt and decrypt a message. This key has to be kept secret otherwise the scheme is compromised. The main problem is how to distribute the secret key and ensure that it remains secret. 

PGP is a dual-key or public-key cryptosystem (also known as asymmetric cypher). One key is kept secret, the other key is made public. To communicate with the owner of the secret key a message is encrypted with the corresponding public key, this message can only be decrypted using the secret key. 

A dual-key encryption system gets around the problem of key distribution as anyone and everyone may have a copy of the public key. This though merely substitutes one problem with another. Unless the key is obtained direct in person from the owner of the key one can never be certain as to the authenticity of the key. 

Why should you use it?

It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having an illicit affair. Or you may be doing something that you feel shouldn't be illegal, but is. Whatever it is, you don't want your private electronic mail (E-mail) or  confidential documents read by anyone else. There's nothing wrong with asserting your privacy. 

Privacy is as apple-pie as the Constitution.  

Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug  testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you  hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail?

What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world (yet),  because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in  numbers. 

Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity. 

Today, if the Government wants to violate the privacy of ordinary citizens, it has to expend a certain amount of expense and labor to intercept and steam open and read paper mail, and listen to and possibly transcribe spoken telephone conversation. This kind of labor-intensive monitoring is not practical on a large scale. This is only done in important cases when it seems worthwhile.  

More and more of our private communications are being routed through electronic channels. 

Electronic mail is gradually replacing conventional paper mail. E-mail messages are just too easy to intercept and scan for interesting keywords. This can be done easily, routinely, automatically, and undetectably on a grand scale. International cablegrams are already scanned this way on a large scale by the NSA (National Security Agency).

We are in a time when the nation is crisscrossed with high capacity fiber optic data networks linking together all our increasingly ubiquitous personal computers. E-mail is the norm for everyone, not the novelty it once was. The Government protects our E-mail with Government designed encryption protocols. Most people acquiesce to that. But perhaps some people will prefer their own protective measures.

Senate Bill 266, a 1991 omnibus anti-crime bill, had an unsettling measure buried in it. If this non-binding resolution had become real law, it would have forced manufacturers of secure communications equipment to insert special "trap doors" in their products, so that the Government can read anyone's encrypted messages. It reads: "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall insure that communications systems permit the Government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." This measure was defeated after rigorous protest from civil libertarians and industry groups. 

In 1992, the FBI Digital Telephony wiretap proposal was introduced to Congress. It would require all manufacturers of communications equipment to build in special remote wiretap ports that would enable the FBI to remotely wiretap all forms of electronic communication from FBI offices. 

Although it never attracted any sponsors in Congress in 1992 because of citizen opposition, it was reintroduced in 1994.

Most alarming of all is the White House's bold new encryption policy initiative, under development at NSA since the start of the Bush administration, and  unveiled April 16th, 1993. 

The centerpiece of this initiative is a Government built encryption device, called the "Clipper" chip, containing a classified NSA encryption algorithm. The Government is encouraging private industry to design it into all their secure communication products, like secure phones, secure FAX, etc. AT&T is now putting the Clipper into their secure voice products. The catch: At the time of manufacture, each Clipper chip will be loaded with its own unique key, and the Government gets to keep a copy, placed in escrow. Not to worry, though the Government promises that they will use these keys to read your traffic only when duly authorized by law. Of course, to make Clipper completely effective, the next logical step would be to outlaw other forms of cryptography.

If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable "military grade" public-key cryptographic technology. 

Until now.

PGP empowers people to take their privacy into their own hands. There's a growing social need for it.

You can download the latest version of PGP for free here.  (This is the latest FREE version. It's gone through several revisions in the last two years, and you have to buy those at your nearest Staples, or computer store.)