The importance of encryption
State Secrets
"maddog" recalls some of the history of encryption and PGP and discusses why they should matter to everyone.
At a conference recently, I handed my business card to a young FOSS person, and as he accepted the card he pointed to the PGP ("Pretty Good Privacy") number on the bottom of my business card and asked, "What does this mean?" In the age of Wikileaks, PRISM, and XKeyscore, I find it disturbing that people do not know about PGP and its FOSS offshoot, GPG.
I have been dealing with the US government and issues with encryption for a long time. In the early days of commercial Unix, a lot of companies were shipping either a System V or a BSD version of Unix. Of course, both of these systems rely on encrypted passwords and both systems (at the time) also had a simple crypt(1) command for encrypting data.
Back then, I was working for Digital Equipment Corporation (DEC) and the company was just about to ship its first Unix system for the VAX architecture, when our export department asked the fatal question: "Is there any encryption software in this product?"
At that time, the United States did not allow encryption to be shipped outside the country to many countries, even to some countries we might have considered "friends." After all, the British (yes, they were on the list) did burn our White House in 1814, and there was that nasty skirmish in 1776…
DEC reacted to the encryption rules by removing the crypt(1) command and libraries and putting them in a separate "export restricted" software kit, but we needed the encryption functionality to be linked into the login(1) program and to allow people to change their passwords.
We appealed to the US State Department, but they were firm, so we went back to Bell Laboratories to find out whether they had an argument that would allow the encryption. Bell Labs pointed out that the encryption was basically "one-way" (i.e., it could not be decrypted) and that it was just for authentication. We took this information back to the State Department, and they relented.
After we looked at the issue further, however, we realized that the State Department was really too late. Sun Microsystems was already shipping SunOS all over the world with the encryption in place. System V from Bell Labs and BSD from the University of Berkeley were also being used in many countries with the encryption in place. It was only DEC's export department that raised the issue.
The law around cryptography was so draconian that if DEC had bought a package of encryption software from Canada, had not opened it, but then wanted to sell it back to Canada, we could not have done so. Around that time, I had a good friend working for DEC who was heavily into cryptography. He was Canadian, and because Canada did not have these issues with shipping cryptographic products, he returned to Canada and started a consulting firm around encryption. Some of our best cryptographers were leaving and going to other countries for better opportunities.
Then, in 1991, Phil Zimmerman developed PGP, and when that "escaped" to other countries, all sorts of "investigations" happened. At the time, encryption was considered a "munition," and Phil was investigated for violating the Arms Export Control Act. Somewhere, I still have my t-shirt with the PGP algorithm on the back that says, "I am exporting munitions, so sue me."
Fortunately, President Clinton relaxed this law, and good encryption was able to be shipped. Right after September 11, 2001, however, a senator (who will remain nameless) from my state of New Hampshire ("Live Free or Die") introduced a bill that would reverse President Clinton's decision because some of the planners of 9/11 had used encrypted email. I wrote that senator a four-page letter, discussing encryption and how it is the basis of authentication. I pointed out that most "evil" countries already had knowledge of encryption and that such a law would hurt our allies, not just our enemies. Shortly after I sent my letter, the senator cancelled his bill.
In light of what has recently occurred with the NSA, some major companies are now looking at privacy a little more rigorously than before. Jimmy Wales of Wikipedia, for example, pointed out that his company will be looking at methods and how much data they gather on articles that people read. Jimmy feels that the right of privacy extends to what we read and that no one should be able to see what we have or have not read.
Along these lines, readers might want to review how PGP and GPG work and think about how to use them. Encryption of filesystems might also take a higher priority. Can a determined entity still decrypt encrypted data? Probably, but the careful use of PGP can give you "pretty good" privacy.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.