The importance of encryption
State Secrets
"maddog" recalls some of the history of encryption and PGP and discusses why they should matter to everyone.
At a conference recently, I handed my business card to a young FOSS person, and as he accepted the card he pointed to the PGP ("Pretty Good Privacy") number on the bottom of my business card and asked, "What does this mean?" In the age of Wikileaks, PRISM, and XKeyscore, I find it disturbing that people do not know about PGP and its FOSS offshoot, GPG.
I have been dealing with the US government and issues with encryption for a long time. In the early days of commercial Unix, a lot of companies were shipping either a System V or a BSD version of Unix. Of course, both of these systems rely on encrypted passwords and both systems (at the time) also had a simple crypt(1) command for encrypting data.
Back then, I was working for Digital Equipment Corporation (DEC) and the company was just about to ship its first Unix system for the VAX architecture, when our export department asked the fatal question: "Is there any encryption software in this product?"
At that time, the United States did not allow encryption to be shipped outside the country to many countries, even to some countries we might have considered "friends." After all, the British (yes, they were on the list) did burn our White House in 1814, and there was that nasty skirmish in 1776…
DEC reacted to the encryption rules by removing the crypt(1) command and libraries and putting them in a separate "export restricted" software kit, but we needed the encryption functionality to be linked into the login(1) program and to allow people to change their passwords.
We appealed to the US State Department, but they were firm, so we went back to Bell Laboratories to find out whether they had an argument that would allow the encryption. Bell Labs pointed out that the encryption was basically "one-way" (i.e., it could not be decrypted) and that it was just for authentication. We took this information back to the State Department, and they relented.
After we looked at the issue further, however, we realized that the State Department was really too late. Sun Microsystems was already shipping SunOS all over the world with the encryption in place. System V from Bell Labs and BSD from the University of Berkeley were also being used in many countries with the encryption in place. It was only DEC's export department that raised the issue.
The law around cryptography was so draconian that if DEC had bought a package of encryption software from Canada, had not opened it, but then wanted to sell it back to Canada, we could not have done so. Around that time, I had a good friend working for DEC who was heavily into cryptography. He was Canadian, and because Canada did not have these issues with shipping cryptographic products, he returned to Canada and started a consulting firm around encryption. Some of our best cryptographers were leaving and going to other countries for better opportunities.
Then, in 1991, Phil Zimmerman developed PGP, and when that "escaped" to other countries, all sorts of "investigations" happened. At the time, encryption was considered a "munition," and Phil was investigated for violating the Arms Export Control Act. Somewhere, I still have my t-shirt with the PGP algorithm on the back that says, "I am exporting munitions, so sue me."
Fortunately, President Clinton relaxed this law, and good encryption was able to be shipped. Right after September 11, 2001, however, a senator (who will remain nameless) from my state of New Hampshire ("Live Free or Die") introduced a bill that would reverse President Clinton's decision because some of the planners of 9/11 had used encrypted email. I wrote that senator a four-page letter, discussing encryption and how it is the basis of authentication. I pointed out that most "evil" countries already had knowledge of encryption and that such a law would hurt our allies, not just our enemies. Shortly after I sent my letter, the senator cancelled his bill.
In light of what has recently occurred with the NSA, some major companies are now looking at privacy a little more rigorously than before. Jimmy Wales of Wikipedia, for example, pointed out that his company will be looking at methods and how much data they gather on articles that people read. Jimmy feels that the right of privacy extends to what we read and that no one should be able to see what we have or have not read.
Along these lines, readers might want to review how PGP and GPG work and think about how to use them. Encryption of filesystems might also take a higher priority. Can a determined entity still decrypt encrypted data? Probably, but the careful use of PGP can give you "pretty good" privacy.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.