Why Use Pretty Good Privacy?


It is more important than ever to bring back anonymity and make more room for personal space - Anitha Bondestam, Director General of the Data Protection Board of Sweden

Those who would sacrifice essential freedoms for temporary safety deserve neither - Benjamin Franklin

PGP, Pretty Good Privacy, is hard encryption. Hard encryption (hard crypto in the trade) is that which is difficult if not impossible to crack.

A measure of the power of PGP is that its author, Phil Zimmermann, has been under three years harassment and investigation by the US Government for the release of PGP. The reason for their action is that not even the security agencies of Uncle Sam, including the top secret NSA, can crack PGP. Such is the level of paranoia surrounding PGP that even those who simply write about it find themselves the subject of unwelcome visits by US Federal Agents.

It's easy to see the reasons for this paranoia. It's like the populace taking a collective decision to arm themselves but instead of Kalashnikovs or AK-47s they each have their own personal magaton nuclear warhead with a guidance system that makes the Gulf War smart bombs look as blind as bats - and that's an understatement. If that isn't enough add in that PGP author Phil Zimmerman is a veteran antinuclear campaigner, has helped train other antinuclear activists and has been involved in direct action at the Nevada test site alongside such prominent anti-war veterans as Daniel Ellsberg and you begin to get the picture.

You may well be thinking 'I don't need encryption, I'm not engaged in espionage, subversive acts against the state or any other dubious activity'. This may be true but then why do you conduct the affairs of your life by letter and not write it all on postcards for all to see, why do you hide away your bank statements, why do you draw your curtains at night, why do you get upset when your name and address falls into the hands of junk mail merchants? The answer to all of these questions is privacy, you value your privacy.

Privacy is not simply a private matter, it is a matter of commercial fidelity. You may be transferring customer or client information, should that fall into the hands of third parties you could be sued. In many countries safeguarding of data is a statutory requirement. You may be planning a megabucks takeover. It is cheaper for a company to steal a march on a competitor by stealing their secrets than it is to carry out some hard work.

Sensitive information should always be kept encrypted, whether or not it is to be transferred to a remote location. There have been too many examples of agents of the state (who should know better) accidentally releasing or losing sensitive data. Police and security service files found on disks sold at car boot sales. A senior Air Force officer on return from a NATO planning meeting left a laptop containing NATO war plans in a car, the car was stolen. In the US, computers used by the Federal Witness Protection Programme were sold. These contained the real identity of witnesses and their current location.

He who controls the information controls the state. This has never been more true than now in an information era.

E-mail has often been likened to postcards - the actual reality is far worse. Would you like to find your personal correspondence pinned up next to the office coffee machine for all to see or posted on the small ads board at the local corner shop? When you send e-mail it hops from computer to computer, where en-route, anyone can intercept it. If you use a dial up connection it sits in a transparent mailbox awaiting your collection.

Prior to e-mail, monitoring a person's activities was very labour intensive. Steaming open mail, tapping into telephones, involves a huge amount of effort - it is costly in terms of time, manpower and resources. Legalities aside there has to be a good reason to justify this huge expenditure of effort. In an electronic era where all business is conducted via e-mail the equation changes dramatically. All that is required is a computer with key word search. The difference is that between fishing with rod and line and an industrial trawler. Governments can now go on a general trawl. With sophisticated search pattern engines it becomes even murkier. Profiles can be drawn of everyone using the 'net, certain types of activity can be looked for. Already there are commercial companies that will provide a profile of you (given your e-mail address and a suitable fee) based on your e-mail activity.

It is possible to screw up these monitoring robots by deliberately including provocative words in your e-mail. Try these - JFK, assassination plot, sex, money laundering, blackmail, hacking, security, encryption, bomb, CIA, NSA, KGB, Russia .....

You may not care who reads your e-mail but other people may care what you have said about them. It is all too easy to slag off other people and not pause to think of the consequences. Your thoughts may be intercepted by a third party who for mischievous or possibly malicious reasons decides to broadcast what you thought was a private message far and wide. Like its postal counterpart e-mail can and does go astray. The big difference is that it is open for all to read. You may by mistake have posted your e-mail to the wrong address. There is the classic case of a woman who put in her e-mail that what she liked about it was its privacy, then posted it to a list server! Cyberspace may be the Wild West frontier and not well regulated but the big wide world is. Someone somewhere may consider your comments defamatory, you then have a libel case on your hands.

Encryption has become political. Already it is banned for personal use in France, Russia, Iran and Iraq. There have been several attempts to push legislation through the US Senate the effect of which would be to ban encryption (other than that to which the US government has a back door key). The European Junta is considering a ban. The UK government has been putting its toes in the water to test the public reaction to a ban.

Many governments around the world are pushing for a key escrow system. This is where the government or their agents hold a back door key to the encryption system. Would you trust a government minister with a key to your back door? Key escrow implicitly implies a ban on hard encryption. There is little point in having the back door key if on unlocking the door you find that it's bolted and padlocked from the inside.

You expect the police to produce a Search Warrant should they appear on your doorstep and demand entry to search your house. You do not expect to leave a copy of your keys at the local police station just in case they may one day wish to carry out such a search of your property.

One of the many ironies surrounding encryption is that its lack of use tilts the balance in favour of the cyber criminal. With encryption in place they may be able to hack their way through your security systems (contrary to the advice given by highly paid security consultants) but the only loot they would get away with would be worthless electronic confetti.

Security consultants, at the clients expense, model their security system and show how impervious it is to all forms of attack. An attacker completely oblivious to the security consultant's model exploits an obvious opportunity and hacks into the system with incredible ease.

Hard encryption is being used by criminals for drug dealing and money laundering, but then so are mobile telephones. Given a choice I know which I'd like to see banned.

Were hard encryption to be banned the only people using hard encryption would be the criminals. The citizen would be left to walk naked through cyberspace.

A few of us are fortunate to live in a democracy, or at least what masquerades as a democracy. Don't through your inaction let the tools of a dictatorship slip in by default.

The citizen can fight back by using encryption now. It will be too late to wait until its use is banned. The more people who use encryption now, the harder it will be to introduce a ban at a later date.

The de-facto standard for e-mail encryption is PGP. PGP is a public key encryption system. One key is placed in the public domain, the other key is kept secret. A file locked, or encrypted, with the public key can only be unlocked, or decrypted, with the private or secret key. Compare this with conventional encryption where the same key is used to both lock and unlock a file.

The advantage of a public key cryptosystem is that a secure channel is not needed to transfer the public key. Contrast this with the diplomatic messenger with his case of keys handcuffed to his wrist. You can also set up many channels of communication using the same key. With a conventional cryptosystem you need a separate key to be exchanged for each channel.

Unlike conventional cryptosystems it is not necessary to keep the public key secret, indeed as we shall shortly see there are distinct advantages to be had in making the key as widely available as possible.

The weakness of a public key system is the public key itself. You have to be absolutely certain of the ownership of the public key, otherwise you are encrypting a file for someone else to read, or at the very least denying access to its intended recipient.

When you generate your key pair (private and public keys) ensure that Load it up to a public key server. This need only be done once as they keep each other updated. You need to get your key spread around far and wide fairly rapidly to limit the possibility of criminals circulating a counterfeit copy of your key.

Public key servers have a beneficial side effect. If you have ever tried to obtain a person's e-mail address, other than by contacting them directly, you will be familiar with the problem. If you have reason to believe that they may be using PGP try to obtain their public key. Not only will you get their key, you will also now have their e-mail address.

The only certainty that you have a genuine key is to have obtained it direct, in person, from its claimed owner. Except in a minority of cases this is not going to be possible. The system therefore has a number of built in safeguards.

Each key has a fingerprint. The fingerprint obtained through a different source, preferably tamper proof such as a letter, appearance in a publication, fax, telephone conversation, can be used to verify that you have the genuine key.

My public key fingerprint

User ID:  Keith Parkins <10 GU14 6QJ England>
Key Size: 1024	bits
Date:     22 April 1996
Key ID:   B09CC89D
Key fingerprint: 2A 66 6A 8F 91 42 48 C8  48 98 38 AD 2F D3 45 08

And that of Phil Zimmermann

UserID:   Philip R. Zimmermann <prz@acm.org>
Key Size: 1024 bits
Date:     21 May 1993
KeyID:    C7A966DD
Key fingerprint: 9E 94 45 13 39 83 5F 70  7B E7 D8 ED C4 BE 5A A6

Phil Zimmerman's public key fingerprint is published in MIT Press The Official PGP User's Guide - Philip R Zimmermann. A personally signed copy of my fingerprint can be obtained direct from myself post free price £1-00 (one pound sterling).

Public keys are usually signed by several signatories. If you have the public key of one or more of these signatories you will be able to verify the signed key.

Never trust a key downloaded from a public key server. There are no checks as to the identity of the person uploading the key, the server could be attacked, the channel of transfer is not secure. Public key servers are a great convenience and very useful for widely disseminating your own public key but always treat them with caution.

You should regularly check your own public key held on a server as only you are the ultimate authority on that key.

PathServer is an experimental key service running at AT&T Research that goes someway to increasing the confidence in an unknown key. Given a trusted key (your own, or one that you have been given in person) and a key of unknown or dubious validity it will attempt to draw a path between the two, in other words it traces the filaments of the web of trust. It is not a panacea but it does go someway to increasing the confidence in an unknown key. For increased security it is advisable to download the intervening keys from alternative sources and run your own checks with PGP.

Death Star links up with guerrilla software - whew!

If someone you know hands you their business card with their key fingerprint and tells you from where you can obtain their public key that is as good as being given their public key in person as you have the means to validate the authenticity of the downloaded key.

There is the temptation to cover your key with dozens of signatures. Don't, few if any of those signatures will be of use to anyone. Instead, have a few key people sign your key, then when you pass on your key ask the recipient to sign your key. There will now be keys radiating from you with different signatures but these will be of more use for the particular paths taken. Keys will radiate from people further down the paths, the paths cross and interlace forming a complex interlocking 'web of trust'.

The signatures on your public key will normally be that of your friends and acquaintances as these are the people with whom you will be in regular communication. Occasionally you will wish to communicate outside of this circle. This is where a Certifying Authority is useful. Such an authority is a trusted individual who acts in the same manner as a Public Notary. Presence of a signature from a certifying authority would enable you to establish the validity of a key.

A certifying authority is used to supplement the regular signatories, not to replace them.

I am proposing the setting up of a chain of local certifying authorities. These could be computer shops, 'net cafes, activist groups, legal advice centres et cetera. For a nominal fee they would sign a key. The owner of that key would be required to produce three forms of ID one of which must be a passport. It would also help if the person was introduced by a person already known to the certifying authority. If there is any doubt the key should not be signed. I will act as the ultimate certifying authority and certify the local centres.

Organisations may wish to set up their own internal certifying authorities.

A known signature on a key is sufficient to use that key. It is not sufficient evidence to sign that key. Always require additional external evidence before signing a key. Other people will be relying upon your integrity and judgement.

We live in a society where to rip people off and to profit from the naivety of others is not only the norm, it is seen as a virtue. Those willing to help their fellow man are seen at best as foolish, at worse displaying a strange abnormality. PGP relies upon us exercising our judgement and integrity. It also asks us to rate the degree to which we trust those whose keys we add to our keyring. Maybe, and it's a very big maybe, users will show a little more integrity when they know they are being constantly evaluated each time their key is added to a keyring. If it does, then PGP will have had a very unusual and beneficial side effect.

Phil Zimmermann's act in giving away a powerful encryption package could be seen in the same light, though how he is seen depends upon the viewpoint. The US Government sees him as a dangerous subversive giving succour to their enemies, RSA Data Security Inc as someone who has ripped-off one of their algorithms. To the Internet user community he is seen as a folk hero.

Apart from encryption PGP has another use. It can be used to sign files. Files are signed using your secret key. This gives two advantages. First, the file can not be altered; second, it proves the file has originated from you.

Digital signatures have uses far beyond being able to affix a signature to your e-mail. I design software, which I distribute as shareware. If you obtain this direct from myself all well and good, you know it's the real thing. But what if it has come from a third party? With my signature it matters not what the route nor how many hands it has past through, you can check that it has not been altered and that it originates from me.

PGP uses the RSA encryption algorithm, developed by Rivest, Shamir & Adleman, and depends for its security on the mathematics of prime numbers. A prime number is an integer that can not be evenly divided by any integer other than itself (eg 1, 2, 3, 5, 7, 11, 13, 17 ...). It is relatively easy to generate large random prime numbers. About 1 hour on a PC/XT for a prime number of 1024 binary digits (about a minute on a Pentium based system). Multiply two such prime numbers together and with today's computing power and present knowledge of the mathematics of prime numbers it would take several centuries to find the factors.

In 1977 Ron Rivest (the 'R' of RSA) issued what has become known as the RSA-129 challenge. A message was encrypted using an RSA key of 129 digits. This was finally cracked in 1994 using the distributed power of Internet, the estimated computing power was 5,000 mips-years. To apply the same computing power to an RSA key of 1024 binary digits would take many millions of years to crack.

A single mips-year is a computer continuously number crunching at the rate of a million instructions per second for one year.

The ultimate security of PGP relies upon the security of your own key pair. This implicitly assumes that your keyrings are tamper proof. Physical security is necessary but not sufficient. You also need to guard against Trojans and viruses. Some form of separate integrity checking is required to enable you to periodically check your keyrings. A backup copy of your keyrings should be taken and stored in a very safe place. If you lose your secret key you will be denied access - the ultimate security nightmare.

For more information on protection from viruses and Trojans read

Virus: A computer malaise - Keith Parkins

PGP can be obtained from a number of sources but beware. Phil Zimmermann has warned that there are a number of Trojan versions floating around. I have put together a PGP starter kit. It contains PGP, masses of information files including a PGP workshop, a Windows front end for those who can't cope with DOS and my public key. I'm making this available on 3.5 inch floppy disk - price 5-00 (post free). Obtain direct from myself.

Keith Parkins
10 Church Road East
FARNBOROUGH
Hants GU14 6QJ
England

No matter where you obtain PGP from use it. Pass it on to your friends, encourage them to use it. If you obtain it direct from myself, sign my key before passing it on. The more people who are using PGP the more difficult it will be to ban its use.

There are a few potential legal pitfalls to the use of PGP, its use in the States may involve patent violations, the US and Canada forbid the export of hard cryptosystems, several governments ban or restrict the use of hard crypto, many more are thinking of going down that route, some networks forbid or restrict the use of encrypted traffic (FIDOnet for example).

The murky legal situation can be summarised as

Commercial use outside of US & Canada will require a licence fee to be paid to Ascom Systec AG for the use of the IDEA encryption algorithm.

Phil Zimmermann stipulates that PGP must be distributed with all its associated documentation. He also stipulates that no modified version of PGP be distributed without his permission.

If the demand exists I'm willing to run a few PGP Workshops.

Phil Zimmermann has, at great personal sacrifice, made public key encryption available to the masses. It is now up to the masses to take up his gift and use it.

(c) Keith Parkins August 1996 rev 13


This paper is also available as a signed text file.


Home ~ Index ~ PGP ~ What is PGP ~ Web of Trust ~ Quick Reference ~ My Key
(c) Keith Parkins 1996-1997 -- September 1997 rev 10