Phil Zimmermann

Last updated
Phil Zimmermann
PRZ closeup cropped.jpg
Born (1954-02-12) February 12, 1954 (age 65)
Camden, New Jersey, U.S.
Occupation Professor   Oojs ui icon edit-ltr-progressive.svg
Known forCreator of Pretty Good Privacy
Website philzimmermann.com

Philip R. "Phil" Zimmermann, Jr. (born February 12, 1954) is an American computer scientist and cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. [1] He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone. Zimmermann is co-founder and Chief Scientist of the global encrypted communications firm Silent Circle.

A computer scientist is a person who has acquired the knowledge of computer science, the study of the theoretical foundations of information and computation and their application.

Cryptography practice and study of techniques for secure communication in the presence of third parties

Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

Contents

Background

He was born in Camden, New Jersey. His father was a concrete mixer truck driver. Zimmermann received a B.S. degree in computer science from Florida Atlantic University in Boca Raton, Florida in 1978, and thereafter moved to the San Francisco Bay Area. In the 1980s, Zimmermann worked in Boulder, Colorado as a software engineer and was a part of the Nuclear Weapons Freeze Campaign as a military policy analyst. [2]

Camden, New Jersey City in Camden County, New Jersey, U.S.

Camden is a city and the county seat of Camden County, New Jersey, United States. Camden is located directly across the Delaware River from Philadelphia, Pennsylvania. At the 2010 U.S. Census, the city had a population of 77,344. Camden is the 12th most populous municipality in New Jersey. The city was incorporated on February 13, 1828. Camden has been the county seat of Camden County since the county was formed on March 13, 1844. The city derives its name from Charles Pratt, 1st Earl Camden. Camden is made up of over twenty different neighborhoods.

Computer science Study of the theoretical foundations of information and computation

Computer science is the study of processes that interact with data and that can be represented as data in the form of programs. It enables the use of algorithms to manipulate, store, and communicate digital information. A computer scientist studies the theory of computation and the practice of designing software systems.

Computer science is no more about computers than astronomy is about telescopes.

Florida Atlantic University A state run higher education institution located in Boca Raton, Florida

Florida Atlantic University is a public university in Boca Raton, Florida, with five satellite campuses in the Florida cities of Dania Beach, Davie, Fort Lauderdale, Jupiter, and in Fort Pierce at the Harbor Branch Oceanographic Institution. FAU belongs to the 12-campus State University System of Florida and serves South Florida, which has more than five million people and spans more than 100 miles (160 km) of coastline. Florida Atlantic University is classified by the Carnegie Foundation as a research university with high research activity. The university offers more than 170 undergraduate and graduate degree programs within its 10 colleges. Programs of study cover arts and humanities, the sciences, medicine, nursing, accounting, business, education, public administration, social work, architecture, engineering, and computer science.

PGP

In 1991, he wrote the popular Pretty Good Privacy (PGP) program, and made it available (together with its source code) through public FTP for download, the first widely available program implementing public-key cryptography. Shortly thereafter, it became available overseas via the Internet, though Zimmermann has said he had no part in its distribution outside the United States.

The very first version of PGP included an encryption algorithm, BassOmatic, developed by Zimmermann. [3]

In cryptography, BassOmatic was the symmetric-key cipher designed by Phil Zimmermann as part of his email encryption software PGP. Comments in the source code indicate that he had been designing the cipher since as early as 1988, but it was not publicly released until 1991. After Eli Biham pointed out to him several serious weaknesses in the BassOmatic algorithm over lunch at the 1991 CRYPTO conference, Zimmermann replaced it with IDEA in subsequent versions of PGP.

Arms Export Control Act investigation

After a report from RSA Security, who were in a licensing dispute with regard to the use of the RSA algorithm in PGP, the United States Customs Service started a criminal investigation of Zimmermann, for allegedly violating the Arms Export Control Act. [4] The United States Government had long regarded cryptographic software as a munition, and thus subject to arms trafficking export controls. At that time, the boundary between what cryptography was permitted ("low-strength") and impermissible ("high-strength") for export from the United States was placed such that PGP fell on the too-strong-to-export side of the boundary. The boundary for legal export has since been raised and now allows PGP to be exported. The investigation lasted three years, but was finally dropped without filing charges.

RSA Security American computer and network security company

RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products are the RSA BSAFE cryptography libraries and the SecurID authentication token. RSA is known for allegedly incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

United States Customs Service former customs service of the United States

The United States Customs Service was an agency of the U.S. federal government that collected import tariffs and performed other selected border security duties.

Arms Export Control Act United States law preventing exported weapons from being used for aggressive warfare

The Arms Export Control Act of 1976 gives the President of the United States the authority to control the import and export of defense articles and defense services. The H.R. 13680 legislation was passed by the 94th Congressional session and enacted into law by the 38th President of the United States Gerald R. Ford on June 30, 1976.

After the government dropped its case without indictment in early 1996, Zimmermann founded PGP Inc. and released an updated version of PGP and some additional related products. That company was acquired by Network Associates (NAI) in December 1997, and Zimmermann stayed on for three years as a Senior Fellow. NAI decided to drop the product line and in 2002, PGP was acquired from NAI by a new company called PGP Corporation. Zimmermann served as a special advisor and consultant to that firm until Symantec acquired PGP Corporation in 2010. [1] Zimmermann is also a fellow at the Stanford Law School's Center for Internet and Society. He was a principal designer of the cryptographic key agreement protocol (the "association model") for the Wireless USB standard.

PGP Corporation company

PGP Corporation was a company that sold Pretty Good Privacy computer software. It was founded in 2002, and acquired by Symantec in 2010.

Symantec company

Symantec Corporation is an American software company headquartered in Mountain View, California, United States. The company provides cybersecurity software and services. Symantec is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bengaluru (India).

The Center for Internet and Society (CIS) is a public interest technology law and policy program founded in 2000 by Lawrence Lessig at Stanford Law School and a part of Law, Science and Technology Program at Stanford Law School. CIS brings together scholars, academics, legislators, students, programmers, security researchers, and scientists to study the interaction of new technologies and the law and to examine how the synergy between the two can either promote or harm public goods like free speech, innovation, privacy, public commons, diversity, and scientific inquiry. CIS strives to improve both technology and law, encouraging decision makers to design both as a means to further democratic values.

Silent Circle

Along with Mike Janke and Jon Callas, in 2012 he co-founded Silent Circle, a secure hardware and subscription based software security company. [2] [5]

Dark Mail Alliance

In October 2013, Zimmermann, along with other key employees from Silent Circle, teamed up with Lavabit founder Ladar Levison to create the Dark Mail Alliance. The goal of the organization is to work on a new protocol to replace PGP that will encrypt email metadata, among other things that PGP is not capable of.

Zimmermann's Law

In 2013, an article on Zimmermann's Law quoted Phil Zimmermann as saying The natural flow of technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months, [6] in reference to Moore's law.

Awards and other recognition

Zimmermann has received numerous technical and humanitarian awards for his pioneering work in cryptography:

Simon Singh's The Code Book devotes an entire chapter to Zimmermann and PGP. [13]

Publications

See also

Related Research Articles

A cypherpunk is any activist advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s.

Clipper chip chipset that was developed and promoted by the NSA

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages" with a built-in backdoor. It was intended to be adopted by telecommunications companies for voice transmission. It can encipher and decipher messages. It was part of a Clinton Administration program to “allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." “Each clipper chip ha[d] a unique serial number and a secret ‘unit key,’ programmed into the chip when manufactured." This way, each device was meant to be different from the next.

Werner Koch German free software developer

Werner Koch is a German free software developer. He is best known as the principal author of the GNU Privacy Guard. He was also Head of Office and German Vice-Chancellor of the Free Software Foundation Europe. He is the winner of Award for the Advancement of Free Software in 2015 for founding GnuPG.

Enigmail OpenPGP data encryption and decryption extension for Mozilla Thunderbird and the SeaMonkey internet suite

Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and the SeaMonkey internet suite that provides OpenPGP public key e-mail encryption and signing. Enigmail works under Microsoft Windows, Unix-like, and Mac OS X operating systems. Enigmail can operate with other mail clients compatible with PGP/MIME and inline PGP such as: Microsoft Outlook with Gpg4win package installed, Gnome Evolution, KMail, Claws Mail, Gnus, Mutt. Its cryptographic functionality is handled by GNU Privacy Guard.

End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.

Secure telephone

A secure telephone is a telephone that provides voice security in the form of end-to-end encryption for the telephone call, and in some cases also the mutual authentication of the call parties, protecting them against a man-in-the-middle attack. Concerns about massive growth of telephone tapping incidents led to growing demand for secure telephones.

PGPfone was a secure voice telephony system developed by Philip Zimmermann in 1995. The PGPfone protocol had little in common with Zimmermann's popular PGP email encryption package, except for the use of the name. It used ephemeral Diffie-Hellman protocol to establish a session key, which was then used to encrypt the stream of voice packets. The two parties compared a short authentication string to detect a Man-in-the-middle attack, which is the most common method of wiretapping secure phones of this type. PGPfone could be used point-to-point over the public switched telephone network, or over the Internet as an early Voice over IP system.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

Below is a timeline of notable events related to cryptography.

Privacy software is software built to protect the privacy of its users. The software typically works in conjunction with Internet usage to control or limit the amount of information made available to third parties. The software can apply encryption or filtering of various kinds.

Zfone is software for secure voice communication over the Internet (VoIP), using the ZRTP protocol. It is created by Phil Zimmermann, the creator of the PGP encryption software. Zfone works on top of existing SIP- and RTP-programs, but should work with any SIP- and RTP-compliant VoIP-program.

ZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over Internet Protocol (VoIP) phone telephony call based on the Real-time Transport Protocol. It uses Diffie–Hellman key exchange and the Secure Real-time Transport Protocol (SRTP) for encryption. ZRTP was developed by Phil Zimmermann, with help from Bryce Wilcox-O'Hearn, Colin Plumb, Jon Callas and Alan Johnston and was submitted to the Internet Engineering Task Force (IETF) by Zimmermann, Callas and Johnston on March 5, 2006 and published on April 11, 2011 as RFC 6189.

Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders and provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients are personally identified and transactions are logged by the secure email platform.

Jon Callas American computer security expert

Jon Callas is an American computer security expert, software engineer, user experience designer, and technologist who is the co-founder and former CTO of the global encrypted communications service Silent Circle. He has held major positions at Digital Equipment Corporation, Apple, PGP, and Entrust, and is considered "one of the most respected and well-known names in the mobile security industry." Callas is credited with creating several Internet Engineering Task Force (IETF) standards, including OpenPGP, DKIM, and ZRTP, which he wrote. Prior to his work at Entrust, he was Chief Technical Officer and co-founder of PGP Corporation and the former Chief Technical Officer of Entrust.

Silent Circle SA is an encrypted communications firm based in Le Grand-Saconnex, Switzerland. Silent Circle provides multi-platform secure communication services for mobile devices and desktop. Launched October 16, 2012, the company operates under a subscription business model. The encryption part of the software used is free software/open source and peer-reviewed. For the remaining parts of Silent Phone and Silent Text, the source code is available on GitHub, but under proprietary software licenses.

The Blackphone is a smartphone built to ensure privacy, developed by SGP Technologies, a wholly owned subsidiary of Silent Circle. Originally, SGP Technologies was a joint venture between the makers of GeeksPhone and Silent Circle. Marketing is focused upon business users, stressing that employees often conduct business using private devices and services that are not secure and that the Blackphone service readily provides users with options that ensure confidentiality when needed. Blackphone provides Internet access through VPN. The device runs a modified version of Android called SilentOS that comes with a bundle of security-minded tools. On 30 June 2014, the Blackphone began to ship advance orders.

References

  1. 1 2 "Phil Zimmerman's Homepage: Background" . Retrieved 2012-01-12.
  2. 1 2 Ranger, Steve (23 June 2015). "Defending the last missing pixels: Phil Zimmermann speaks out on encryption, privacy, and avoiding a surveillance state". TechRepublic.
  3. Mollin, Richard A. (2007). An introduction to cryptography. CRC Press. p. 227. ISBN   9781420011241.
  4. Sussman, Vic (March 26, 1995). "Lost in Kafka Territory". US News & World Report. Archived from the original on 16 June 2013. Retrieved 27 May 2012.
  5. "Silent Circle". Silent Circle. Private By Design. Archived from the original on 11 June 2015. Retrieved 25 June 2015.
  6. Om Malik (2013-08-11). "Zimmermann's Law: PGP inventor and Silent Circle co-founder Phil Zimmermann on the surveillance society — Tech News and Analysis". GigaOM . Retrieved 2013-08-20.
  7. 2012 Inductees, Internet Hall of Fame website. Last accessed April 24, 2012
  8. "Top 50 Tech Visionaries"
  9. 25 Most Influential and Innovative Products introduced since the invention of the PC in 1981 [ permanent dead link ]
  10. 35 Heroes of Freedom Reason, December 2003 Retrieved April 10, 2007
  11. CRN Industry Hall of Fame Archived 2004-04-05 at the Wayback Machine
  12. "Top 10 Innovators in E-business" Archived 2008-07-24 at the Wayback Machine .
  13. Singh, Simon (2000). The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (US paperback ed.). Doubleday. ISBN   0-385-49532-3.
  14. Zimmermann, Philip (1995). The Official PGP User's Guide. MIT Press. ISBN   0-262-74017-6.
  15. Zimmermann, Philip (1995). PGP Source Code and Internals. MIT Press. ISBN   0-262-24039-4.