Philip Zimmermann and PGP: Privacy Is Not a Crime
PGP
Pretty Good Privacy — The Right to Privacy in the Digital Age
“If privacy is outlawed, only outlaws will have privacy.”
— PHILIP R. ZIMMERMANN
TABLE OF CONTENTS
Philip Zimmermann: The Man Who Built PGP
What Is PGP?
What Does PGP Do?
In Which Fields Is It Used?
How to Use It on Different Devices
Conclusion: When Code Becomes a Manifesto
INTRODUCTION
The Problem of Privacy in the Digital Age
The form that communication has taken in the digital age has fundamentally transformed the meaning of privacy. Words once whispered behind a barn have become electrical signals passing through millions of servers. The physical confidentiality provided by a postal envelope has been rendered ineffective in the face of the transparent nature of electronic communication. This transformation is not merely a technological shift it is a profound matter of freedom.
Historically, cryptography remained a tool used primarily by states to protect their diplomatic and military communications. However, toward the end of the 1980s, as personal computers, modems, and the internet became widespread, this equation began to change. Individuals, journalists, lawyers, and activists who grew increasingly dependent on digital communication found themselves confronted with the need to protect their everyday correspondence. Yet states approached this transformation from an entirely different perspective.
The National Security Agency (NSA) of the United States pursued a systematic policy for decades aimed at keeping cryptography out of civilian use. Even the inclusion of strong encryption algorithms in academic publications was at times suppressed; the export of cryptographic software was treated under the same legal framework applied to the arms trade. This posture was the product of an understanding that prioritized the state’s surveillance capacity over the individual’s right to privacy.
The most concrete manifestation of this understanding was the Clipper Chip project, unveiled by the Clinton administration in 1993. This hardware encryption chip, designed by the NSA and employing the Skipjack algorithm, was planned to be installed in every telephone. But the system had a critical feature: a copy of each device’s encryption key would be held in escrow in a federal database, accessible to the government whenever it deemed necessary. This structure, publicly described as a “back door,” met with fierce opposition from civil liberties organizations, and the Clipper Chip project ultimately never came to fruition.
It was precisely within this tension that PGP — Pretty Good Privacy — presented to the public in 1991 by Philip R. Zimmermann, constituted a historic turning point. PGP is not merely an encryption program; it is the technological expression of the individual’s right to privacy in the face of the state. This essay examines what PGP is, how it works, and upon what intellectual foundations it was built drawing on texts written by Zimmermann himself from an academic perspective.
· · ·
SECTION 01
Philip Zimmermann: The Man Who Built PGP
“Advances in technology will not permit the maintenance of the status quo, as far as privacy is concerned. If we do nothing, new technologies will give the government new automatic surveillance capabilities that Stalin could never have dreamed of.”
— PHILIP R. ZIMMERMANN
Philip R. Zimmermann, born in 1954 in the United States, is a computer scientist and software engineer. Throughout his career he focused on secure communications systems; but the work that inscribed his name in history was Pretty Good Privacy — PGP — which he released to the public free of charge in 1991.
Zimmermann did not develop PGP out of commercial interest, nor out of academic curiosity. What drove him to act was the political atmosphere of the time. Senate Bill 266, a comprehensive anti-crime bill under consideration in the US Senate in 1991, contained a provision that would have forced manufacturers of secure communications equipment to insert back doors into their products. Zimmermann viewed this provision as a direct threat to the individual’s right to privacy. In his own words:
“PGP was published as freeware, in an effort to preempt the possibility that the Government could suppress this technology later.”
The software was developed without any institutional support or funding, under time pressure and in difficult conditions. Zimmermann based part of the code on a multiprecision integer library he first wrote in late 1986. After the first version of PGP was published in 1991, many software engineers from around the world contributed voluntarily to the project; Peter Gutmann, Branko Lankester, and Jean-loup Gailly stood out among them.
Zimmermann’s motivation throughout the development of PGP was not merely technical it carried a deeply political and philosophical character. In his view, privacy is not a privilege but an indispensable element of a democratic society:
“You don’t have to distrust the government to want to use cryptography. Your business can be wiretapped by business rivals, organized crime, or foreign governments.”
Following the release of PGP, Zimmermann spent three years under federal criminal investigation on the grounds that he had violated US State Department export restrictions. The spread of the software overseas via the internet was treated by the government as equivalent to arms export. Zimmermann reflected on this process as follows:
“Oddly enough, the US Government may have inadvertently contributed to PGP’s spread by making it more popular because of my case.”
The investigation was dropped in 1996 when it was determined there were no grounds for prosecution. But the process made Zimmermann a defining figure in the struggle for cryptographic freedom. Writing in the air between Bucharest and Budapest in 1994, he described a profound transformation:
“In Bucharest, I saw the terrible legacy of a system designed by men who craved certainty, not trusting the people with individual freedom. Those men would have loved the Clipper chip.”
Zimmermann’s story is not merely the story of a piece of software it is the story of an individual’s struggle to exist in the face of the state in the digital age. In his hands, PGP became far more than a tool; it became a manifesto.
· · ·
SECTION 02
What Is PGP?
“It uses public key cryptography to let you communicate securely with people you’ve never met, without the prior exchange of keys over secure channels.”
— PHILIP R. ZIMMERMANN
Pretty Good Privacy — PGP for short is an encryption program developed by Philip Zimmermann in 1991, based on the principle of public key cryptography. Its primary function is to protect digital communications and files, most notably electronic mail, from unauthorized access. It remains to this day the most widely used software in the world for email encryption.
In public key cryptography, each user possesses two mathematically linked keys: a public key open to everyone, and a private key held only by its owner. The person wishing to send a message encrypts it using the recipient’s public key. Only the recipient’s private key can decrypt that encrypted message. This means that the two parties need not have communicated previously for secure communication to take place.
PGP version 2.6.2 employs a hybrid architecture in which multiple algorithms work in concert. The RSA algorithm is used for key management and digital signatures, the IDEA cipher for bulk data encryption, the MD5 hash function for integrity verification, and the ZIP compression algorithm to reduce data size prior to encryption.
Another critical function of PGP is the digital signature. A digital signature provides mathematical proof that a message was genuinely sent by the person claimed, and that it was not altered in transit. The sender signs the message with their own private key; the recipient verifies that signature using the sender’s public key.
In developing PGP, Zimmermann deliberately chose algorithms available in the open academic literature that had been subjected to the broadest peer review. The conditions under which the code was written were far from ideal. Zimmermann acknowledged this openly:
“The trying conditions of PGP’s development led to expedient approaches to implementation, sometimes at a cost of elegance. Global variables are used more than they should be, there are many cases of redundant code, and there are many intermodule dependencies.”
Yet these technical shortcomings in no way compromised the cryptographic quality of the software. PGP’s quality of cryptography and key management drew the serious attention of certain circles within the US Government as well as a number of foreign governments.
· · ·
SECTION 03
What Does PGP Do?
“It’s personal. It’s private. And it’s no one’s business but yours.”
— PHILIP R. ZIMMERMANN
Zimmermann articulated the core vulnerability of digital communication with a remarkably striking analogy:
“Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don’t you always send your paper mail on postcards?”
An unencrypted email is just like a postcard. Every point in the transmission chain can read it. PGP addresses this gap through three core functions.
Encryption is PGP’s most fundamental function. A message or file is encrypted using the recipient’s public key and rendered decryptable only by the recipient’s private key. Even if the message is intercepted in transit, its contents cannot be read.
Digital signatures are PGP’s second critical function. The sender signs the message with their own private key. The recipient verifies this signature using the sender’s public key, providing mathematical proof that the message was not altered in transit.
Authentication is PGP’s third core function. PGP’s trust network model, known as the Web of Trust, allows users to verify each other’s identities without relying on a central authority. Zimmermann summarized these functions as follows:
“Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.”
· · ·
SECTION 04
In Which Fields Is It Used?
“You may be planning a political campaign, discussing your taxes, or having an illicit affair. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don’t want your private electronic mail or confidential documents read by anyone else.”
— PHILIP R. ZIMMERMANN
PGP’s fields of use are not limited to technical users or privacy enthusiasts. In an era when digital communication has permeated every domain of life, the need for protection PGP offers extends across an equally broad spectrum.
Journalism and Press Freedom
Journalists must protect the identities of their informants and sources. Zimmermann explained the press interest in his case as follows:
“Journalists realize that if an American can be imprisoned for electronically publishing something in the United States, then journalists may themselves be at risk in tomorrow’s world of electronic newspapers on the information highway.”
Law and Legal Practice
Attorney-client privilege is one of the foundational principles of the legal system. Transmitting legal correspondence in unencrypted form over digital channels effectively renders this principle void. PGP is widely used by lawyers and law firms seeking to ensure the confidentiality of legal communications.
Healthcare and Medicine
Patient information, medical histories, and correspondence regarding treatment processes require strict confidentiality, both ethically and legally. PGP provides an effective solution for protecting digital communications between healthcare institutions and physicians.
Corporate Communications and Trade Secrets
In commercial life, competitive advantage depends greatly on the confidentiality of information. Correspondence concerning product development, pricing strategies, and acquisition negotiations may be targeted by business rivals, organized criminal organizations, and foreign state intelligence agencies.
Political Activism and Human Rights
In regions under authoritarian regimes, dissident voices cannot sustain themselves without encrypting their communications. Zimmermann witnessed this reality firsthand:
“The people there now are glad to have their freedom, and they understand my concern about the power of Government. They already get it — and they don’t understand why we Americans don’t.”
Academia and Research
Unpublished research data, scientific correspondence, and academic collaborations may also be considered sensitive information. Researchers turn to PGP to protect their data against unauthorized access or tampering.
Individual Privacy
Finally, and perhaps most fundamentally, PGP is a tool for ordinary individuals to protect their everyday digital correspondence. In Zimmermann’s words:
“There’s nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.”
· · ·
SECTION 05
How to Use It on Different Devices
“PGP empowers people to take their privacy into their own hands. There has been a growing social need for it. That’s why I wrote it.”
— PHILIP R. ZIMMERMANN
No matter how robust PGP’s theoretical foundations are, they serve no purpose if the software is not used in practice. Today, PGP is available on many platforms from desktop computers to smartphones through a variety of applications.
Android
The most widespread and reliable solution for PGP use on Android is OpenKeychain. It can be downloaded free of charge from the Google Play Store. OpenKeychain handles key pair generation, importing and exporting public keys, uploading to key servers, and file encryption.
Email clients compatible with OpenKeychain:
K-9 Mail — The open-source email client with the most established integration with OpenKeychain. Available free on the Google Play Store and F-Droid.
Thunderbird for Android — The Android version of Mozilla’s powerful desktop email client. Supports OpenKeychain integration.
FairEmail — A privacy-focused open-source email client with OpenKeychain integration. Available on Google Play Store and F-Droid.
iOS
PGP support on Apple’s iOS platform has historically been more limited compared to Android. However, several solutions have been developed in recent years.
iPGMail — A paid application long available on the App Store, offering PGP key management and encryption functions. Does not integrate directly with an email client.
Canary Mail — A modern email client for iOS and macOS with built-in PGP support, allowing encryption and signing directly from the email interface.
PGPro — A free, open-source PGP tool on the App Store providing basic key management and text encryption.
FlowCrypt — Designed for Gmail users. On iOS it can integrate with the Gmail web interface via Safari.
macOS
The most established approach to PGP on macOS is the GPG Suite package, developed by the GPG Tools team. Available from gpgtools.org.
GPG Keychain — The graphical interface for key management.
GPGMail — Integrates with Apple Mail for encryption and signing directly from the mail interface. Requires a paid subscription on current macOS versions.
GPG Services — A system-wide component allowing text to be encrypted or signed by right-clicking in any application.
Canary Mail — Available on macOS with built-in PGP support, a modern alternative to Apple Mail.
Thunderbird for macOS — Offers built-in OpenPGP support since version 78. Free, available from thunderbird.net.
Windows
The standard solution for PGP on Windows is the Gpg4win package, available free from gnupg.org.
Kleopatra — The graphical interface of Gpg4win for key management, file encryption, and digital signing.
GpgOL — Integrates with Microsoft Outlook, adding encryption and signing buttons.
GpgEX — Integrates with Windows Explorer for right-click encryption of any file.
Thunderbird for Windows — Available with built-in OpenPGP support, a strong free alternative to Outlook.
Linux
Linux is the platform with the most mature ecosystem for PGP support. GnuPG comes pre-installed on nearly all Linux distributions.
# To generate a key pair: gpg --full-generate-key # To encrypt a file: gpg --encrypt --recipient user@example.com file.txt # To decrypt an encrypted file: gpg --decrypt file.txt.gpg
Seahorse — Graphical key management tool for the GNOME desktop environment.
Kleopatra — Graphical interface for the KDE desktop environment.
Thunderbird for Linux — Available with built-in OpenPGP support in most Linux distribution repositories.
Web-Based Solutions
FlowCrypt — A browser extension integrating with Gmail. Available on Chrome and Firefox. Mobile applications for iOS and Android are also available.
ProtonMail — An email service applying end-to-end encryption server-side. PGP-based, with encryption running automatically in the background. Communications between ProtonMail accounts are encrypted automatically.
· · ·
SECTION 06 · CONCLUSION
When Code Becomes a Manifesto
“A book comprised entirely of thousands of lines of source code looks pretty dull. But, then, so does a nondescript fragment of concrete — unless it happens to be a piece of the Berlin Wall, which many people display on their mantles as a symbol of freedom opening up for millions of people.”
— PHILIP R. ZIMMERMANN
In 1991, Philip Zimmermann developed a piece of software without any funding, under time pressure, and in difficult conditions. His purpose was straightforward: to protect the individual’s digital privacy before the state could intervene. He was thinking only of this:
“If we do nothing, new technologies will give the government new automatic surveillance capabilities that Stalin could never have dreamed of. The only way to hold the line on privacy in the information age is strong cryptography.”
PGP spread rapidly across the world. Yet this spread brought Zimmermann not freedom, but a federal criminal investigation. The US State Department treated PGP’s spread overseas via the internet as equivalent to arms export. The investigation, which lasted three years, was dropped in 1996.
US law prohibited the electronic export of cryptographic software across borders. But the same laws placed no restriction on the export of a printed book. Zimmermann recognized this legal gap and in 1995 published PGP Source Code and Internals. The book contained the entire C source code of PGP, printed across thousands of lines. Zimmermann explained this initiative as follows:
“It would be politically difficult for the Government to prohibit the export of a book that anyone may find in a public library or a bookstore. So, we’re putting the PGP source code in a book, which may be scanned in with optical character recognition (OCR) software.”
This move was not merely a legal maneuver. It was also a profound philosophical message: information is free, and must remain free. In the preface to the book, written in the air between Bucharest and Budapest, Zimmermann describes a deep personal transformation:
“In Bucharest, I saw the terrible legacy of a system designed by men who craved certainty, not trusting the people with individual freedom. Those men would have loved the Clipper chip. The people there now are glad to have their freedom, and they understand my concern about the power of Government. They already get it — and they don’t understand why we Americans don’t.”
Why I Wrote PGP — the text Zimmermann appended to the PGP User’s Guide in 1991 and updated in 1999 — goes far beyond a software document. And he asks:
“Why don’t you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something?”
Today, PGP retains its place at the center of digital privacy debates, more than thirty years after its release. The Clipper Chip is consigned to history, export restrictions have been largely lifted — yet surveillance technologies have reached dimensions Zimmermann could not have imagined in 1991.
PGP is not merely an encryption program. It is a declaration of belief. And the story of Philip Zimmermann is the most striking testament to how the conscience of a software engineer can leave its mark upon history.
“Perhaps in the long run, this book will help open up the US borders to the free flow of information.”
— PHILIP R. ZIMMERMANN
If you liked this article, you might also like my other work:
Comments
Post a Comment