Stern Home

PGP - Pretty Good Privacy

Chapters in Computing in the Information Age, 2nd ed.,
which relate to this topic: Chapters 1, 13

It was only a few years ago when articles appeared daily in newspapers throughout the country recounting horror stories about computer-generated errors. Today, those stories have been largely replaced with tales of Internet abuse. Among many other issues relating to Internet abuse is the issue of security.

Have you read articles that cite people who gain access to someone else's credit information or e-mail or other personal documents - transmitted over the Internet?

One major tool developed specifically to ensure the secure transmission of Internet information is call PGP, an abbreviation for Pretty Good Privacy. PGP is an electronic encryption program developed by Philip Zimmerman at MIT.

PGP generates two encryption keys for each user - a private key known only to the user and a public key that the user is free to distribute as he/she sees fit. If you know someone's public key, you can encrypt a message to that person with the assurance that only he/she can decrypt it. Advocates of PGP say that this is analogous to sending regular mail in an envelope rather than on a postcard - with mail in an envelope you can be relatively assured that only the intended recipient will read it.

In addition to generating encryption keys that make it difficult for others to read email intended for someone else, PGP also generates electronic signatures as an attachment to a message. This digital signature ensures that the person who sent the message actually generated it and that the message was not tampered with. In many companies, PGP signatures are regarded as binding.

PGP can be downloaded free of charge from the Internet. Check the following web site:

umbrella www.web.mit.edu/network/pgp.html

To use PGP with your own email system, you may need a separate utility. Such utilities are widely available for DOS, Windows, Unix and Macintosh systems. Check the following web site:

umbrella world.std.com/~franl/pgp/utilities.html

PGP WinFront, a utility for using PGP with Windows 3.x or Windows 95 is available from:

umbrella netaccess.on.ca/ugali/crypt/index.html

Many government officials are opposed to PGP because it prevents them from accessing transmissions that may be of a criminal nature. These officials believe they need electronic access, just as they have wiretap access to phones, to uncover crimes. The U.S. Congress has a bill pending, HR 5199, which would outlaw public encryption unless the government could override the keys. The federal government feels so strongly about their right to encrypted information that in 1991, when Zimmerman made PGP available over the Internet, he was threatened with prosecution. The charges were finally dropped on January 1, 1996.

For more information about PGP, check the following web sites:

umbrella www.epix.net/~alf/security

umbrella www.yahoo.com/computers_and_internet

For a formal, comprehensive account of PGP, consult Philip Zimmerman, The Official PGP Usr's Guide, MIT Press.

Critical Thinking Questions:

1. What do you think of the government's position regarding PGP?

2. If the government were able to require encryption keys to be decipherable by them, how might this impact international transmissions?/send

Stern Home Click the button and
we'll take you home!