Phil Zimmermann

Last updated
Phil Zimmermann
PRZ closeup cropped.jpg
Born1954 [1]
Camden, New Jersey, U.S. [1]
Occupation Professor   OOjs UI icon edit-ltr-progressive.svg
Known forCreator of Pretty Good Privacy
Website philzimmermann.com

Philip R. Zimmermann [2] (born 1954) [1] is an American computer scientist and cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. [2] He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone. Zimmermann is co-founder and Chief Scientist of the global encrypted communications firm Silent Circle.

Contents

Background

He was born in Camden, New Jersey. [1] Zimmermann received a B.S. degree in computer science from Florida Atlantic University in Boca Raton, Florida in 1978. [2] In the 1980s, Zimmermann worked in Boulder, Colorado as a software engineer on the Nuclear Weapons Freeze Campaign as a military policy analyst. [3]

PGP

In 1991, he wrote the popular Pretty Good Privacy (PGP) program, and made it available (together with its source code) through public FTP for download, the first widely available program implementing public-key cryptography. Shortly thereafter, it became available overseas via the Internet, though Zimmermann has said he had no part in its distribution outside the United States.

The very first version of PGP included an encryption algorithm, BassOmatic, developed by Zimmermann. [4]

Arms Export Control Act investigation

After a report from RSA Security, who were in a licensing dispute with regard to the use of the RSA algorithm in PGP, the United States Customs Service started a criminal investigation of Zimmermann, for allegedly violating the Arms Export Control Act. [5] The United States Government had long regarded cryptographic software as a munition, and thus subject to arms trafficking export controls. At that time, PGP was considered to be impermissible ("high-strength") for export from the United States. The maximum strength allowed for legal export has since been raised and now allows PGP to be exported. The investigation lasted three years, but was finally dropped without filing charges after MIT Press published the source code of PGP. [6]

In 1995, Zimmermann published the book PGP Source Code and Internals as a way to bypass limitations on exporting digital code. Zimmermann's introduction says the book contains "all of the C source code to a software package called PGP" and that the unusual publication in book form of the complete source code for a computer program was a direct response to the U.S. government's criminal investigation of Zimmermann for violations of U.S. export restrictions as a result of the international spread of PGP's use. [7]

After the government dropped its case without indictment in early 1996, Zimmermann founded PGP Inc. and released an updated version of PGP and some additional related products. That company was acquired by Network Associates (NAI) in December 1997, and Zimmermann stayed on for three years as a Senior Fellow. NAI decided to drop the product line and in 2002, PGP was acquired from NAI by a new company called PGP Corporation. Zimmermann served as a special advisor and consultant to that firm until Symantec acquired PGP Corporation in 2010. [2] Zimmermann is also a fellow at the Stanford Law School's Center for Internet and Society. He was a principal designer of the cryptographic key agreement protocol (the "association model") for the Wireless USB standard.

Silent Circle

Along with Mike Janke and Jon Callas, in 2012 he co-founded Silent Circle, a secure hardware and subscription based software security company. [3] [8]

Dark Mail Alliance

In October 2013, Zimmermann, along with other key employees from Silent Circle, teamed up with Lavabit founder Ladar Levison to create the Dark Mail Alliance. The goal of the organization is to work on a new protocol to replace PGP that will encrypt email metadata, among other things that PGP is not capable of.

Okuna

Zimmermann was also involved in the social network Okuna, formerly Openbook, which aimed to be an ethical and privacy-friendly alternative to existing social networks, especially Facebook. [9] He sees today's established social media platforms as a threat to democracy and privacy, because of their profit-oriented revenue models that "are all about exploiting our personal information" and "[deepen] the political divides in our culture", and hoped Okuna would help solve these problems. [10]

Zimmermann's Law

In 2013, an article on "Zimmermann's Law" quoted Phil Zimmermann as saying "The natural flow of technology tends to move in the direction of making surveillance easier", and "the ability of computers to track us doubles every eighteen months", [11] in reference to Moore's law.

Awards and other recognition

Zimmermann has received numerous technical and humanitarian awards for his pioneering work in cryptography:

Simon Singh's The Code Book devotes an entire chapter to Zimmermann and PGP. [20] In 2022 Steven Johnson covered his story and achievements in Zimmermann's profile for Hidden Heroes - The Crypto Wars: How Philip Zimmermann Fought for Our Right to Privacy. [21]

Publications

See also

Related Research Articles

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s.

<span class="mw-page-title-main">GNU Privacy Guard</span> Complete implementation of the OpenPGP and S/MIME standards

GNU Privacy Guard is a free-software replacement for Symantec's PGP cryptographic software suite. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is however expected to break compliance with the upcoming revision of OpenPGP and thus with other implementations that will continue to comply.

<span class="mw-page-title-main">Clipper chip</span> Encryption device promoted by the NSA in the 1990s

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

<span class="mw-page-title-main">Werner Koch</span> German free software developer (born 1961)

Werner Koch is a German free software developer. He is best known as the principal author of the GNU Privacy Guard. He was also Head of Office and German Vice-Chancellor of the Free Software Foundation Europe. He is the winner of Award for the Advancement of Free Software in 2015 for founding GnuPG.

<span class="mw-page-title-main">Export of cryptography from the United States</span> Transfer from the United States to another country of technology related to cryptography

The export of cryptography from the United States to other countries has experienced various levels of restrictions over time. World War II illustrated that code-breaking and cryptography can play an integral part in national security and the ability to prosecute war. Changes in technology and the preservation of free speech have been competing factors in the regulation and constraint of cryptographic technologies for export.

<span class="mw-page-title-main">Secure telephone</span> Telephone that provides encrypted calls

A secure telephone is a telephone that provides voice security in the form of end-to-end encryption for the telephone call, and in some cases also the mutual authentication of the call parties, protecting them against a man-in-the-middle attack. Concerns about massive growth of telephone tapping incidents led to growing demand for secure telephones.

PGPfone was a secure voice telephony system developed by Philip Zimmermann in 1995. The PGPfone protocol had little in common with Zimmermann's popular PGP email encryption package, except for the use of the name. It used ephemeral Diffie-Hellman protocol to establish a session key, which was then used to encrypt the stream of voice packets. The two parties compared a short authentication string to detect a Man-in-the-middle attack, which is the most common method of wiretapping secure phones of this type. PGPfone could be used point-to-point over the public switched telephone network, or over the Internet as an early Voice over IP system.

<span class="mw-page-title-main">PGP Corporation</span>

PGP Corporation was a company that sold Pretty Good Privacy computer software. It was founded in 2002, and acquired by Symantec in 2010, and by Broadcom in 2019.

Below is a timeline of notable events related to cryptography.

Zfone is software for secure voice communication over the Internet (VoIP), using the ZRTP protocol. It is created by Phil Zimmermann, the creator of the PGP encryption software. Zfone works on top of existing SIP- and RTP-programs, but should work with any SIP- and RTP-compliant VoIP-program.

ZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. It uses Diffie–Hellman key exchange and the Secure Real-time Transport Protocol (SRTP) for encryption. ZRTP was developed by Phil Zimmermann, with help from Bryce Wilcox-O'Hearn, Colin Plumb, Jon Callas and Alan Johnston and was submitted to the Internet Engineering Task Force (IETF) by Zimmermann, Callas and Johnston on March 5, 2006 and published on April 11, 2011 as RFC 6189.

Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.

In cryptography, BassOmatic is the symmetric-key cipher designed by Phil Zimmermann as part of his email encryption software PGP. Comments in the source code indicate that he had been designing the cipher since as early as 1988, but it was not publicly released until 1991. After Eli Biham pointed out to him several serious weaknesses in the BassOmatic algorithm over lunch at the 1991 CRYPTO conference, Zimmermann replaced it with IDEA in subsequent versions of PGP.

<span class="mw-page-title-main">Adam Back</span> British cryptographer and cypherpunk (born 1970)

Adam Back is a British cryptographer and cypherpunk. He is the CEO of Blockstream, which he co-founded in 2014. He invented Hashcash, which is used in the Bitcoin mining process.

Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders, and it provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients are personally identified and transactions are logged by the secure email platform.

<span class="mw-page-title-main">Jon Callas</span> American computer security expert

Jon Callas is an American computer security expert, software engineer, user experience designer, and technologist who is the co-founder and former CTO of the global encrypted communications service Silent Circle. He has held major positions at Digital Equipment Corporation, Apple, PGP, and Entrust, and is considered "one of the most respected and well-known names in the mobile security industry." Callas is credited with creating several Internet Engineering Task Force (IETF) standards, including OpenPGP, DKIM, and ZRTP, which he wrote. Prior to his work at Entrust, he was Chief Technical Officer and co-founder of PGP Corporation and the former Chief Technical Officer of Entrust.

Silent Circle is an encrypted communications firm based in Washington DC. Silent Circle provides multi-platform secure communication services for mobile devices and desktop. Launched October 16, 2012, the company operates under a subscription business model. The encryption part of the software used is free software/open source and peer-reviewed. For the remaining parts of Silent Phone and Silent Text, the source code is available on GitHub, but under proprietary software licenses.

<span class="mw-page-title-main">Vincent Moscaritolo</span> American computer security expert

Vincent (Vinnie) Moscaritolo is a retired American computer security expert known for his work in encryption applications for mobile devices. After decades in the computer industry, he now volunteers as a search and rescue professional. He holds NREMT, WFR, and Amateur Radio Extra Class and a General Radiotelephone Operator with Ships Radar License.

<span class="mw-page-title-main">Blackphone</span> Smartphone made to ensure privacy

The Blackphone is a smartphone built to ensure privacy, developed by SGP Technologies, a wholly owned subsidiary of Silent Circle. Originally, SGP Technologies was a joint venture between the makers of GeeksPhone and Silent Circle. Marketing is focused upon business users, stressing that employees often conduct business using private devices and services that are not secure and that the Blackphone service readily provides users with options that ensure confidentiality when needed. Blackphone provides Internet access through VPN. The device runs a modified version of Android called SilentOS that comes with a bundle of security-minded tools.

References

  1. 1 2 3 4 Garfinkel, Simson (1994). PGP: Pretty Good Privacy. O'Reilly & Associates. p. 85. ISBN   0585032211. OCLC   45730291.
  2. 1 2 3 4 "Phil Zimmerman's Homepage: Background" . Retrieved 2012-01-12.
  3. 1 2 Ranger, Steve (23 June 2015). "Defending the last missing pixels: Phil Zimmermann speaks out on encryption, privacy, and avoiding a surveillance state". TechRepublic.
  4. Mollin, Richard A. (2007). An introduction to cryptography. CRC Press. p. 227. ISBN   9781420011241.
  5. Sussman, Vic (March 26, 1995). "Lost in Kafka Territory". U.S. News & World Report. Archived from the original on 16 June 2013. Retrieved 27 May 2012.
  6. Zimmermann, Philip R. (1995). PGP Source Code and Internals. MIT Press. ISBN   0262240394.
  7. "Author's preface to the book: "PGP Source Code and Internals"" . Retrieved 2020-05-26.
  8. "Silent Circle". Silent Circle. Private By Design. Archived from the original on 11 June 2015. Retrieved 25 June 2015.
  9. "Okuna | Ethical social network". about.okuna.io. Retrieved 2021-01-21.
  10. "Phil Zimmermann on Openbook". YouTube. Retrieved 2021-01-21.
  11. Om Malik (2013-08-11). "Zimmermann's Law: PGP inventor and Silent Circle co-founder Phil Zimmermann on the surveillance society — Tech News and Analysis". GigaOM . Archived from the original on 2013-08-15. Retrieved 2013-08-20.
  12. ULB’s honorary doctorates
  13. 2012 Inductees, Internet Hall of Fame website. Last accessed April 24, 2012
  14. "Top 50 Tech Visionaries". Archived from the original on 2008-05-28. Retrieved 2008-05-21.
  15. EDITORS, eWEEK (August 14, 2006). "The 25 Most Influential Products of the Past 25 Years". eWEEK.
  16. 35 Heroes of Freedom Archived 2007-09-12 at the Wayback Machine Reason, December 2003 Retrieved April 10, 2007
  17. "CRN Industry Hall of Fame". Archived from the original on April 5, 2004.
  18. "Top 10 Innovators in E-business" Archived 2008-07-24 at the Wayback Machine .
  19. "Past Szasz Award Recipients". Center for Independent Thought.
  20. Singh, Simon (2000). The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (US paperback ed.). Doubleday. ISBN   0-385-49532-3.
  21. Steven Johnson (2022). "The Crypto Wars: How Philip Zimmermann Fought for Our Right to Privacy". Hidden Heroes. Retrieved September 6, 2022.
  22. Zimmermann, Philip (1995). The Official PGP User's Guide. MIT Press. ISBN   0-262-74017-6.
  23. Zimmermann, Philip (1995). PGP Source Code and Internals. MIT Press. ISBN   0-262-24039-4.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.