Part of the Original 1991 PGP User's Guide (updated in 1999)

"Whatever you do will be insignificant, but it is very important that you do it."
-Mahatma Gandhi

It's personal. It's private. And it's no one's business but yours. You may be planning
a political campaign, discussing your taxes, or having a secret romance. Or you may
be communicating with a political dissident in a repressive country. Whatever it is,
you don't want your private electronic mail (email) or confidential documents read by
anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-
pie as the Constitution.

The right to privacy is spread implicitly throughout the Bill of Rights. But when the
United States Constitution was framed, the Founding Fathers saw no need to
explicitly spell out the right to a private conversation. That would have been silly.
Two hundred years ago, all conversations were private. If someone else was within
earshot, you could just go out behind the barn and have your conversation there. No
one could listen in without your knowledge. The right to a private conversation was a
natural right, not just in a philosophical sense, but in a law-of-physics sense, given
the technology of the time.

But with the coming of the information age, starting with the invention of the
telephone, all that has changed. Now most of our conversations are conducted
electronically. This allows our most intimate conversations to be exposed without our
knowledge. Cellular phone calls may be monitored by anyone with a radio. Electronic
mail, sent across the Internet, is no more secure than cellular phone calls. Email is
rapidly replacing postal mail, becoming the norm for everyone, not the novelty it was
in the past.

Until recently, if the government wanted to violate the privacy of ordinary citizens,
they had to expend a certain amount of expense and labor to intercept and steam
open and read paper mail. Or they had to listen to and possibly transcribe spoken
telephone conversation, at least before automatic voice recognition technology
became available. This kind of labor-intensive monitoring was not practical on a large
scale. It was only done in important cases when it seemed worthwhile. This is like
catching one fish at a time, with a hook and line. Today, email can be routinely and
automatically scanned for interesting keywords, on a vast scale, without detection.
This is like driftnet fishing. And exponential growth in computer power is making the
same thing possible with voice traffic.

Perhaps you think your email is legitimate enough that encryption is unwarranted. If
you really are a law-abiding citizen with nothing to hide, then why don't you always
send your paper mail on postcards? Why not submit to drug testing on demand?
Why require a warrant for police searches of your house? Are you trying to hide
something? If you hide your mail inside envelopes, does that mean you must be a
subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have
any need to encrypt their email?

What if everyone believed that law-abiding citizens should use postcards for their
mail? If a nonconformist tried to assert his privacy by using an envelope for his mail,
it would draw suspicion. Perhaps the authorities would open his mail to see what he's
hiding. Fortunately, we don't live in that kind of world, because everyone protects
most of their mail with envelopes. So no one draws suspicion by asserting their
privacy with an envelope. There's safety in numbers. Analogously, it would be nice if
everyone routinely used encryption for all their email, innocent or not, so that no one
drew suspicion by asserting their email privacy with encryption. Think of it as a form
of solidarity.

Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling measure buried in
it. If this non-binding resolution had become real law, it would have forced
manufacturers of secure communications equipment to insert special "trap doors" in
their products, so that the government could read anyone's encrypted messages. It
reads, "It is the sense of Congress that providers of electronic communications
services and manufacturers of electronic communications service equipment shall
ensure that communications systems permit the government to obtain the plain text
contents of voice, data, and other communications when appropriately authorized by
law." It was this bill that led me to publish PGP electronically for free that year,
shortly before the measure was defeated after vigorous protest by civil libertarians
and industry groups.

The 1994 Communications Assistance for Law Enforcement Act (CALEA) mandated
that phone companies install remote wiretapping ports into their central office digital
switches, creating a new technology infrastructure for "point-and-click" wiretapping,
so that federal agents no longer have to go out and attach alligator clips to phone
lines. Now they will be able to sit in their headquarters in Washington and listen in
on your phone calls. Of course, the law still requires a court order for a wiretap. But
while technology infrastructures can persist for generations, laws and policies can
change overnight. Once a communications infrastructure optimized for surveillance
becomes entrenched, a shift in political conditions may lead to abuse of this new-
found power. Political conditions may shift with the election of a new government, or
perhaps more abruptly from the bombing of a federal building.

A year after the CALEA passed, the FBI disclosed plans to require the phone
companies to build into their infrastructure the capacity to simultaneously wiretap 1
percent of all phone calls in all major U.S. cities. This would represent more than a
thousandfold increase over previous levels in the number of phones that could be
wiretapped. In previous years, there were only about a thousand court-ordered
wiretaps in the United States per year, at the federal, state, and local levels
combined. It's hard to see how the government could even employ enough judges to
sign enough wiretap orders to wiretap 1 percent of all our phone calls, much less hire
enough federal agents to sit and listen to all that traffic in real time. The only
plausible way of processing that amount of traffic is a massive Orwellian application
of automated voice recognition technology to sift through it all, searching for
interesting keywords or searching for a particular speaker's voice. If the government
doesn't find the target in the first 1 percent sample, the wiretaps can be shifted over
to a different 1 percent until the target is found, or until everyone's phone line has
been checked for subversive traffic. The FBI said they need this capacity to plan for
the future. This plan sparked such outrage that it was defeated in Congress. But the
mere fact that the FBI even asked for these broad powers is revealing of their
agenda.

Advances in technology will not permit the maintenance of the status quo, as far as
privacy is concerned. The status quo is unstable. If we do nothing, new technologies
will give the government new automatic surveillance capabilities that Stalin could
never have dreamed of. The only way to hold the line on privacy in the information
age is strong cryptography.

You don't have to distrust the government to want to use cryptography. Your
business can be wiretapped by business rivals, organized crime, or foreign
governments. Several foreign governments, for example, admit to using their signals
intelligence against companies from other countries to give their own corporations a
competitive edge. Ironically, the United States government's restrictions on
cryptography in the 1990's have weakened U.S. corporate defenses against foreign
intelligence and organized crime.

The government knows what a pivotal role cryptography is destined to play in the
power relationship with its people. In April 1993, the Clinton administration unveiled
a bold new encryption policy initiative, which had been under development at the
National Security Agency (NSA) since the start of the Bush administration. The
centerpiece of this initiative was a government-built encryption device, called the
Clipper chip, containing a new classified NSA encryption algorithm. The government
tried to encourage private industry to design it into all their secure communication
products, such as secure phones, secure faxes, and so on. AT&T put Clipper into its
secure voice products. The catch: At the time of manufacture, each Clipper chip is
loaded with its own unique key, and the government gets to keep a copy, placed in
escrow. Not to worry, though–the government promises that they will use these keys
to read your traffic only "when duly authorized by law." Of course, to make Clipper
completely effective, the next logical step would be to outlaw other forms of
cryptography.

The government initially claimed that using Clipper would be voluntary, that no one
would be forced to use it instead of other types of cryptography. But the public
reaction against the Clipper chip was strong, stronger than the government
anticipated. The computer industry monolithically proclaimed its opposition to using
Clipper. FBI director Louis Freeh responded to a question in a press conference in
1994 by saying that if Clipper failed to gain public support, and FBI wiretaps were
shut out by non-government-controlled cryptography, his office would have no
choice but to seek legislative relief. Later, in the aftermath of the Oklahoma City
tragedy, Mr. Freeh testified before the Senate Judiciary Committee that public
availability of strong cryptography must be curtailed by the government (although no
one had suggested that cryptography was used by the bombers).

The government has a track record that does not inspire confidence that they will
never abuse our civil liberties. The FBI's COINTELPRO program targeted groups that
opposed government policies. They spied on the antiwar movement and the civil
rights movement. They wiretapped the phone of Martin Luther King. Nixon had his
enemies list. Then there was the Watergate mess. More recently, Congress has
either attempted to or succeeded in passing laws curtailing our civil liberties on the
Internet. Some elements of the Clinton White House collected confidential FBI files
on Republican civil servants, conceivably for political exploitation. And some
overzealous prosecutors have shown a willingness to go to the ends of the Earth in
pursuit of exposing sexual indiscretions of political enemies. At no time in the past
century has public distrust of the government been so broadly distributed across the
political spectrum, as it is today.
Throughout the 1990s, I figured that if we want to resist this unsettling trend in the
government to outlaw cryptography, one measure we can apply is to use
cryptography as much as we can now while it's still legal. When use of strong
cryptography becomes popular, it's harder for the government to criminalize it.
Therefore, using PGP is good for preserving democracy. If privacy is outlawed, only
outlaws will have privacy.

It appears that the deployment of PGP must have worked, along with years of steady
public outcry and industry pressure to relax the export controls. In the closing
months of 1999, the Clinton administration announced a radical shift in export policy
for crypto technology. They essentially threw out the whole export control regime.
Now, we are finally able to export strong cryptography, with no upper limits on
strength. It has been a long struggle, but we have finally won, at least on the export
control front in the US. Now we must continue our efforts to deploy strong crypto, to
blunt the effects increasing surveillance efforts on the Internet by various
governments. And we still need to entrench our right to use it domestically over the
objections of the FBI.

PGP empowers people to take their privacy into their own hands. There has been a
growing social need for it. That's why I wrote it.