Скачать или смотреть Phil Zimmermann: Protecting the Confidentiality of Private Communications | Security Change Agents

ESG Senior Analyst Jon Oltsik presents his nomination of Phil Zimmermann as a Security Change Agent. Phil is the creator of PGP and a pioneer of email encryption. His work has had a huge impact on privacy and was a major driver in the consumerization of encryption software. From the Snowden incident to the FBI's recent stance against consumer device encryption, Phil's contributions to security are still highly relevant today.

Read Jon's full nomination below or at http://www.digitalguardian.com/about/....

Protecting the Confidentiality of Private Electronic Communications

by Jon Oltsik, Senior Principal Analyst, ESG

Remember the term, “Internet time?” It was used to describe the pace of Internet innovation with the assumption that what happened last week, last month, or last year was ancient history and no longer applicable. I’m mentioning this concept as I nominate Phil Zimmermann, creator of Pretty Good Privacy (PGP) as a leading Security Change Agent. Zimmermann introduced PGP in 1991, which is the technology equivalent of like the Mesozoic Era when dinosaurs ruled the earth. Nevertheless, Zimmermann’s impact, contribution, and personal involvement were so significant that he deserves to be mentioned in any list of information security pioneers.

Zimmermann was fascinated by codes and cyphers from childhood and after learning about Public Key Infrastructure (PKI), he decided to see if he could develop privacy software for early personal computers. Alas, he realized he lacked some of the higher mathematical skills needed for this project and tabled his effort for a number of years.

After hearing Daniel Ellsberg speak at a rally in 1982, Zimmermann became much more active politically in a number of causes. Around the same time, Zimmermann made a serendipitous connection with a man named Charlie Merritt who complemented his software development skills with the math skills he was lacking for his PKI software project. The two formed a bond and Zimmermann proceeded forward.

In 1992, there was a watershed event which greatly influenced Zimmermann and his commitment to his project. The U.S. Senate Judiciary Committee was working on an intelligence bill (SB 266) which contained language mandating that communication systems permit the government to obtain plaintext voice, data, and other content. Zimmermann was outraged that the Feds would demand “backdoors” just as cryptographic technology was becoming mainstream. In fact, the language in SB 266 was so offensive to Zimmermann that he decided to finish his project as quickly as possible and get it out in the public domain before any “big brother” type of legislation was passed.

Through passion, hard work, and a dogmatic commitment to freedom of speech and privacy, Zimmermann completed PGP version 1.0 in 1991. The software was posted on several Internet sites and the rest as they say is history. PGP was quickly downloaded and used all over the world to protect the confidentiality of private electronic communications. PGP 2.0, a much improved version with more advanced encryption algorithms and certificate management was introduced a few years later.

PGP’s contribution to security and privacy came with a fair amount of personal risk to Zimmermann himself. He faced patent infringement charges from RSA Technologies (i.e. the predecessor to RSA Security, a division of EMC Corporation). Zimmermann was also investigated by the U.S. Customs Service for a possible violation of the International Traffic in Arms Regulation (ITAR). After several years however, the charges were dropped.

Just last year, Edward Snowden reignited the debate about government surveillance and its impact on personal privacy. By exposing NSA programs to the public, Snowden has had a profound impact on U.S. government intelligence, foreign relations, and even U.S.-based technology companies. Long before Snowden, Phil Zimmermann and the introduction of PGP had a similar influence, and ultimately contributed to the consumerization of encryption software. In this way, Zimmermann changed the way the world addresses electronic security and thus deserves to be considered a Security Change Agent and technology icon in the history of cybersecurity.