The Codemaker

Phil Zimmermann

Silent Circle and Blackphone Coder

Phil Zimmermann is in the Internet Hall of Fame and has been named as one of the world’s top 50 tech visionaries. The code he first published as an anti-nuclear activist 25 years ago has been adopted by almost all of the world’s intelligence agencies. His latest venture, Silent Circle, makes the ultra sophisticated Blackphone, and was founded with former US Navy Seals. Yet the 62-year-old firmly believes snoopers know too much about us all – worse, their tactics may be leaving us wide open to criminals.

Phil Zimmermann is responsible for bringing privacy to the Internet. As an anti-nuclear campaigner in the Eighties he feared the US Government was snooping on him and other protestors who opposed nukes.

His simple idea was to write a piece of code that would make his communications and files invisible to their attentions.

His encryption was light-heartedly named Pretty Good Privacy and published in 1991. It took its moniker from Ralph’s Pretty Good Groceries, a fictional store on a US radio programme by Garrison Keillor.

But the results were better than pretty good. Much better. The free software for encrypting emails worked by assigning one public key to be shared, with one private key, known only to the individual for decoding their emails.

It was passed around, first across anti- nuclear groups in the US, before rapidly spreading internationally across countries where dissidents of all types feared government snooping.

Its success enraged the US Government, who had been planning new laws governing access to emails and other data.

So just two years after its release, they moved to prosecute Phil, then 38, for export of ‘munitions’ – as encryption software was categorised at the time.

The prosecution spent three years building their case, only for Phil to ingeniously escape trial when he published his entire code in a book – where its contents were protected under the First Amendment.

Today the same code is now the most widely used encryption software in the world, and also used by almost every intelligence agency on the planet.

Meanwhile Phil himself has turned his hand to uncrackable phone technology, as a founder of the Geneva-based communications company Silent Circle.

In a strange turn of events, the son of a concrete mixer driver, has also been hailed by those who once worked to destroy him – with the head of the United States National Security Agency presenting an award to enter him into the Cyber Security Hall of Fame.

The incredible turnaround has come as encryption has gone from “almost forbidden to required in America and Europe”, he says.

“We had to fight all through the 1990s. If you were using strong crypto (code) then you had to explain yourself: ‘Why are you using strong crypto – are you a criminal? What have you got to hide? You must be up to no good.’

“But today if you’re not using it, you have to explain. If you are a doctor or a clinic and you don’t protect your patient records with encryption you are in violation of the law.”

Despite creating virtually uncrackable codes, the cyber world has not become more secure. Phil says, “Is there a perfect level of security? No, It’s an arms race!

“The very best cryptography is now much stronger than the very best analysis. But the reverse is true in cyber security.

“The really difficult problem is how to prevent your computer from being attacked by malware. If someone can seize control of your computer through hostile software it doesn’t matter how good your encryption is.

“Is there a perfect level of security? No, it’s an arms race!”

“By the early 2000s we won the ‘crypto- wars’. But maybe the codemakers should have asked why. Cryptographers thought we had presented our opponents with math problems.

“But the US National Security Agency were able to change the problems. They realised that they only needed to figure out a way to get control of the computer – then who cares how hard the math problems are? You’re bypassing all that.

“We all knew as security professionals these vulnerabilities were there, but it wasn’t until the Snowden revelations that we discovered how breath-takingly sweeping the NSA was – it had just completely owned everything.

“The enormous depth and breadth of it – we didn’t think it was anything like that.

“It’s like if your house has a thick steel door. You might be thinking about making it thicker, but right beside it is a glass window and all you’ve got to do is break through that to get in.

But, he adds, proudly: “If you look at Snowden’s documents they have a list of all the things the NSA has ever broken into – conspicuously absent was anything I’ve ever worked on.

“The NSA was spying on the American public on a mammoth scale, not just the meta data (the name, subject name and timing of e-mails), but the actual traffic. That’s the moral difference that is producing so many whistleblowers.”

He warns: “For many years, I have lectured that Moore’s Law is a threat to privacy. The human population is not doubling every two years. but the ability for computers to keep track of us is.

“Moore’s Law is behind the cameras. There is facial recognition software behind that and Optical Character Recognition software that reads licence plates.”

Phil, who ironically says he seldom uses email, believes governments should not be ‘interfering’ with computer security because “it opens the door for bad guys to get into our computers.

“It’s like the police saying, ‘We don’t want you to have locks on your doors because it’s more difficult for us to come in.’ But we need the locks to keep out the criminals!

“Google had back doors on their servers for law enforcement purposes, but the Chinese used those same back doors to survey their dissidents.

“When you put back doors in they will be used by other people!”