PGP timeline FAQ... comments requested
There seems to be much confusion amongst some of the newer users of PGP who frequent alt.security.pgp, and recently whilst delving in to give my version of how it happened my post got longer and longer, until it grew on the spur of the moment into a sort of FAQ. I got a few comments, and corrections from that post, but I thought there are likely to be people who know more annecdotes and were around at the time that RSA was being published in the face of NSA opposition, etc. Let me have your comments on the accuracy, plus any annecdotes which you think really should go in to give the correct feel for the historical timeline. Thanks, Adam ====================================================================== PGP timeline and brief history ====================================================================== contents: 0 Definitions of acronyms 1 History of crypto as it applies to PGP 2 Birth of PGP 3 USG decides they don't like PRZ 4 PRZ, MIT and RSA sort out earlier patent issues 5 Current legal status 6 ITARs viewed from inside the US 7 ITARs viewed from outside the US ====================================================================== 0 definitions of acronyms ====================================================================== PGP = Pretty Good Privacy PRZ = Phil R Zimmermann, internet folk hero, author of PGP RSA = The RSA public key algorithm as used in PGP RSADSI = rsa.com, RSA Data Security Inc, patent holders of some public key stuff, which they claim means that no one can use RSA without getting a license from them. PKP = public key partners RSADSI plus Cylink (plus others?) (now disbanded) ITAR = International Traffic in Arms Regulations controls export of controlled munitions from the US, things like military aircraft components, biological and chemical weapons, and also (very strangely) cryptographic software. PK = public key (crypto) NSA = US National Security Agency, US govt's largest spook agency. whimsically known as No Such Agency, because until recently the US govt tried to deny they even existed. OTDC = Office of Defense Trade Controls, USG group charged with enforcing ITAR. They consult with the NSA, the NSA has the last word on what gets export approval. ====================================================================== 1 History of crypto as it applies to PGP ====================================================================== 1.1 The year is 1976 a cryptographer, and privacy advocate named Whitfield Diffie, together with mathematician named Martin Hellman discovers public key cryptography. (DH key exchange is still a commonly used key exchange protocol -- DH = Diffie-Hellman). 1.2 1977 Ron Rivest, Adi Shamir, and Len Adleman discover another more general public key system called RSA (after surnames Rivest, Shamir, and Adleman). R, S & A were researchers at MIT (significant later, because MIT had part ownership of patents.) 1.3 NSA tells MIT and R, S & A that they'd better not publish this or else. 1.4 Amusingly Adi Shamir (A from RSA) isn't even a US citizen, he's an Israeli national, and is now back in Israel at the Technicon (is he, anyone know his current affiliation?) Who knows what the NSA would have done about him if they had succeeded in supressing RSA - not allowed him out of the US? 1.5 MIT and R, S & A ignore NSA and publish anyway in SciAm July 1977. Comms ACM (feb 1978, vol 21, no 2, pp 120-126 in case you want to see if it's in your library - it's in Exeter Univ (UK) library). 1.6 Because the publication was a rush job due to the NSA, R,S & A and the later formed PKP and RSADSI lose patent rights to RSA crypto outside the US. This is because most places outside the US, you have to obtain a patent *before* publication, where as in the US, you have one year from the publication date to file for patents. This also had implications for PGP later 1.7 IDEA was developed by Xuejia Lai and James Massey at ETH in Zurich. (Relevant to PGP because IDEA is the symmetric key cipher used together with RSA in PGP). Also crypto politics relevance in that it is another (of many) examples of the fact that crypto knowledge and expertise is worldwide, ie why export restrict something which is available both sides of the ITAR fence, or even originated *outside* it? (Strangely, ITAR applies to importing and then re-exporting a crypto system, even if no modifications are made). There are lots of other symmetric key ciphers, IDEA is one with a good reputation (no known practical attacks better than brute-force to date, and a good key size), and is just referenced here because of its use in PGP. (some years pass...) ====================================================================== 2 Birth of PGP ====================================================================== 2.1 PRZ wrote PGP 2.2 PRZ gave PGP to some friends 2.3 some friends up loaded onto a few bulletin boards (US only) One friend (allegedly Kelly Goen) went around pay-phones with a portable, an acoustic coupler, and a list of BBS phone numbers uploading and then driving on to another area. This cloak and dagger stuff was because at the time the USG had some draconian sounding proposed law on the books which sounded like it was going to outlaw crypto. The intention was to ensure that PGP was available before this law came into effect, and to avoid being stopped if the USG took interest. 2.4 somehow PGP leaked outside the US via the internet. Information wants to be free, as someone said: `trying to control the free flow of information on the internet is like trying to plug a sieve with a hole in it'. Also Tim May's quote 'National borders are just speedbumps on the information superhighway' expresses the point very nicely. 2.5 people all over the world (yeah outside the US too) start using PGP 2.6 RSA complains to PRZ that PGP violates their PK patents 2.7 PRZ tells RSA to get stuffed, says its the users problem to get a license 2.8 PGP is considered potentially patent infringing because of 2.6 2.9 Illegality taint increases the spread of PGP, generates news, more people get a copy to see what the fuss is about (some time passes, PGP gets real popular...) ====================================================================== 3 USG decides they don't like PRZ ====================================================================== 3.1 US govt decides that they don't like PRZ because the NSA can't tap all those internet mail messages anymore. (the NSA part is speculation, but in my opinion likely true). 3.2 US govt begins investigating PRZ for alleged aiding with ITAR violation. 3.3 Phil Zimmermann legal defense fund set up to cover his legal expenses 3.4 still on going... (concurrently...) ====================================================================== 4 PRZ, MIT and RSA sort out earlier patent issues ====================================================================== 4.1 MIT and PRZ work with RSA to sort out patent issue. 4.2 A solution is obtained in that RSA agree that PGP can use RSA provided that their RSAREF library is used. 4.3 PGP2.5 is written which uses RSAREF in place of MPILIB (also has backwards compatibility with older versions impaired to discourage use of older allegedly patent infringing versions - to keep RSA happy) 4.4 RSAREF may be slower, but at least with some negotiating by PRZ and MIT, PGP is now 100% legal in the US 4.5 MIT begins acting as official US distributor of PGP 4.6 As usual, a few milli-seconds (well okay, minutes) after the official release of a new version of PGP, it gets exported from the US. 4.7 The deal with RSA over RSAREF has fixed the patent related problems in the US, but it has created a copyright related problem outside the US, (recall 0.6). RSAREF is a software package copyrighted by RSA, and RSA is not allowed to export it because of ITAR, and their license agreement says as much (ie it says that you must not export it, and if you do export, you, and the subsequent users of it, are in breach of license). It is therefore supposed that RSA could if they wanted complain about this (who knows that they would want to, or what conceivable benefit it would give them if they did). This isn't enough to bother most people, but commercial users, and big organisations have lawyers, and are wary of such things. 4.8 Staale Schaumaker put together pgp26i to avoid this problem. Main difference between pgp26x and pgp26xi is that pgp26xi uses PRZs original big integer library MPILIB, which is any case faster than RSADSI's RSAREF, and the lack of the legal kludge noted in 3.3. ====================================================================== 5 Current legal status ====================================================================== 5.1 PGP is legal both inside and outside the US. You just need to use pgp26 versions inside the US, and pgp26xi versions outside the US. 5.2 In the US if you are using PGP in a commercial setting, and care about patents, you should purchase a copy of ViaCrypt pgp2.7 5.3 Commercial use outside the US: RSA is free, in the PGP docs (pgp262i & pgp262) Ascom-Tech are quoted as saying that currently no license is required for commercial use of PGP outside the US as far as they are concerned. Ascom-Tech are the patent holders of IDEA (see 1.7), the symmetric crypto system used by PGP. ====================================================================== 6 ITARs viewed from inside the US ====================================================================== 6.1 ITAR means that if you are in the US you should not export PGP. (Yeah it's already available on a few thousand ftp sites around the free world, so another export isn't going to make any difference, but the NSA and the ODTC might not see it in that light). 6.2 Even though controlling the export of freeware software available worldwide might seem incredibly stupid (not to mention pointless), you should bear in mind that the penalties for getting successfully prosecuted for violating ITAR are rather steep. Up to $1,000,000 (US$) fine, and and up to10 years imprisonment per count of export. 6.3 They'd probably never do anything to you, PRZ is just a scape goat (someone they can symbolically persecute to discourage others). I have personally seen several people from US sites post crypto source and binaries (nautilus, PGP itself even). Plus of course this: #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2) has probably been exported a few hundred thousand times by now. (It's an implementation of RSA encrypt and decrypt in perl and dc - a real crypto system, which has every right to claim ITAR status if anyting does, and yet benefits from being more convienient to use as a .sig than a uuencoded PGP binary) ====================================================================== 7 ITARs viewed from outside the US ====================================================================== 7.3 If you are outside the US, ITAR probably doesn't apply to you. You could, if you could be bothered, down load PGP from a US site, and short of attempting an extradition for violating a regulation which only applies in the US, there would be nothing the NSA, or USG could do about it. Most extradition treaties tend to rely on the action being prosecuted being illegal in both countries. 7.4 Yeah, I know `tell that to Manuel Noriega' (a Panama citizen who was kidnapped by a USG undercover agents and brought to the US to face trial for importing/exporting drugs from Panama into the US. He broke no Panamanian laws, he is a citizen of Panama, and was in Panama when he committed his crime, and he is now languishing in a US jail). However, he was kidnapped for a number of reasons: 1. the USG thought they could get away with it (Panama owed them a few favours) 2. politically easy to pass of acts of aggression (kidnap by civilised countries in this day and age?) in the name of the `War on Drugs' 3. they thought it was worth it. Some of these criteria are likely to be missing if there was an attempt to extradite a non-US citizen outside the US for breaking ITAR. One big problem is that crypto is not controlled as much in most of the free world. Also the fact that the USG haven't bothered other people within the US who have similarly exported crypto software (examples cited in 6.3) would make the whole situation look rather silly. 7.5 A more important consideration is that although a non-US downloader of PGP from a US site would be effectively immune to the ITAR nonsense, the owner of the (US based) ftp/www site may not be. You might get the site owner in trouble for not taking adequate precautions. So politeness demands that you don't do it. 7.6 Indeed why bother anyway, because PGP is available from literally thousands of ftp sites, there is bound to be a closer (and hence likely faster download) copy, without any hoops to jump though. ====================================================================== Long live the Pretty Good revolution, Adam Back <aba@dcs.ex.ac.uk>
I've embedded a couple of comments that might be useful. 1.4 Amusingly Adi Shamir (A from RSA) isn't even a US citizen, he's an Shamir is the 'S' from RSA, not the 'A'. 1.6 Because the publication was a rush job due to the NSA, R,S & A and the later formed PKP and RSADSI lose patent rights to RSA crypto outside the US. This is because most places outside the US, you have to obtain a patent *before* publication, where as in the US, you have one year from the publication date to file for patents. This also had implications for PGP later This is only half true. US Patent law was developed independently of most of the rest of the world's, and allowed patents like this. The Australian patent office would, at the time, have rejected the patent anyway on the grounds that you can't patent a mathematical formula. ====================================================================== 3 USG decides they don't like PRZ ====================================================================== You haven't defined USG as an acronym yet. To me it means Unix Support Group. It does come clear later though. regards, Greg.
-----BEGIN PGP SIGNED MESSAGE----- Not to belittle something that is the obvious result of painstaking work; but I think the timeline FAQ can be improved in two general ways: (1) More of the specific events should be specifically dated; and (2) I think it would be appropriate to include a version history of PGP. Among other things, I think it appropriate to note the distinction between PRZ's own Bass-o-matic conventional encryption in the earliest versions and the use of IDEA in later versions. These comments aside, you've done an excellent job, and the facts you present jibe well with my own understanding. - -- Alan Bostick | SWINDON: What will history say? Seeking opportunity to | BURGOYNE: History, sir, will tell lies as usual. develop multimedia content. | George Bernard Shaw, THE DEVIL'S DISCIPLE Finger abostick@netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMNxVXeVevBgtmhnpAQHJ1QMAmkcQCxoXN5RW4TaviA6yN8BG4aKF2kHh 98/+2WJDrht15SBNna7M1cclT3k0nb4bY2gTIQpCi080vw6tZVhYMRs+lvBjgbLm 7lGyDvdAzAr6azliI6DKwrL7n8aflRiB =dPNR -----END PGP SIGNATURE-----
participants (3)
-
aba@atlas.ex.ac.uk -
abostick@netcom.com -
Greg Rose