There's no time to wallow in the mire."
-- Jim Morrison, THE DOORS
Photo from Wikimedia Commons
|
| "The time to hesitate is through, There's no time to wallow in the mire." -- Jim Morrison, THE DOORS Photo from Wikimedia Commons |
 |
| André in Cap Ferrat, France |
---BEGIN PGP SIGNED MESSAGE--- Copyright/André Bacard 2007 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5 iQCVAwUBQnGv7t6pT6nCx/9/AQH9CgQAs wD8hrhthFAQPPzYi8dlR9C8gpXX74dqR3 7DjIUFbygy51xsuZ0S54CPujd7+cclCmc iuelkd95p39ruad8ekfj4pq04QHim246s pLOvcMJPZSw= =Foix ---END PGP SIGNATURE---
 |
| Hunger for Power |
 |
| Computer Privacy Handbook |
[This nontechnical overview of PGP, first published circa 1994, can help you decide whether or not to use this globally popular computer software to safeguard your computer files and e-mail. I have written this especially for persons with a sense of humor. You can find technical FAQs and download information at the PGP links at Bacard's Privacy Page. You may distribute this (unaltered) FAQ for non-commercial purposes. Copyright by André Bacard in 2007.]
PGP (also called "Pretty Good Privacy") is a computer program that encrypts (scrambles) and decrypts (unscrambles) data. This data can include text, images, files, etc.
Suppose I want to email you a confidential message: "I agree to pay you $5.00". If I PGP encrypt this message, your mailbox will contain a message which resembles this:
-----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5 qANQR1DBwU4D7aTCodJ4powQCACrP9roVxMnHORtj4Y8ou3w5HVI5q4iDzRsmJYQ nxEsjhkFUEWKKv1wwllu62okW9dPikF2I700nnxqqYj51yqUZZk4crX+eRry8s8V T84CtKnlM8CnPx+9nP3pKWNeEpDrTBAUdzRZxqoR75e1QZzx+rTQ/mr0OQ+jM/dx p6VlfCWc10mitgvnPIhZuJCR0Dd4lRE49IbGSPu1ey8a1FYc9SxihQszpVxGM5ZL Bkjx176PdnEqbz+eTnMnPoEgoCyRZTx+Y6ioutYw9rfpFWwuyHFfsEyvaYuuXnIJ rF5PBV7ft/YAEETNBScu0xuNF6PXgpUNZXWjXN4quTtsg3O5B/91jlof/2ZfdVjH 7RBwL4AD9NVjBPlEBIywrZ6SQbkFFo8um5oOQd7eSmvyedmxXoKevHnWorITdTWI R7UOoxPG+dmSXxGlaEGvrsfrWPFy+7IchRXXeKW0ZTp82XQTwpy1tWvrz+W1qqmR /Y2WnhVwA7HJNmrceWAh73pC5U9toZU436pkm+hsPy+pVThz+Id2Xn2/a0+/sPBW 53XdOIi0EQVrsVevL0+Y1rzTeAms4Y6aFbfNWSfvkXEE8jjZkppFrpH+b6bR/jhI gvAg0JCQ9wsZ409jJC15XUHzpWQEVp87JqxM9DH2cvkNVDBAtMKwHzkTqXIi0M2X sBNH7vGyyTbfsgTXueQ+SWOMGehVBCsJUhmOgpw+wyZ6lGY0lkkTlHOanuigSACW UdgTJPQarb58NM08BpA= =AxmZ -----END PGP MESSAGE----
The pattern of symbols above means nothing to our naked eyes. This, precisely, is the beauty of encryption. PGP, like magic, can decrypt (unscramble) these symbols back into "I agree to pay you $5.00".
PGP is a type of "public key cryptography." When you start using PGP, the program generates two "keys" that belong uniquely to you. Think of these keys as computer counterparts of the keys in your pocket. One PGP key is SECRET and stays in your computer. The other key is PUBLIC. You give this second key to your correspondents. Here is a sample PUBLIC KEY:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 5.0 mQCNAi44C30AAAEEAL1r6ByIvuSAvOKIk9ze9yCK+ZPPbRZrpXIRFBbe+U8dGPMb 9XdJS4L/cy1fXr9R9j4EfFsK/rgHV6i2rE83LjOrmsDPRPSaizz+EQTIZi4AN99j iBomfLLZyUzmHMoUoE4shrYgOnkc0u101ikhieAFje77j/F3596pT6nCx/9/AAUR tCRBbmRyZSBCYWNhcmQgPGFiYWNhcmRAd2VsbC5zZi5jYS51cz6JAFUCBRAuOA6O 7zYZz1mqos8BAXr9AgCxCu8CwGZRdpfSs65r6mb4MccXvvfxO4TmPi1DKQj2FYHY jwYONk8vzA7XnE5aJmk5J/dChdvfIU7NvVifV6AF =GQv9 -----END PGP PUBLIC KEY BLOCK-----
Suppose the PUBLIC KEY listed above belongs to you and that you e-mail it to me. I can store your PUBLIC KEY in my PGP program and use your PUBLIC KEY to encrypt a message that only you can read. One beauty of PGP is that you can advertise your PUBLIC KEY the same way that you can give out your telephone number. If I have your telephone number, I can call your telephone; however, I cannot answer your telephone. Similarly, if I have your PUBLIC KEY, I can send you mail; however, I cannot read your mail. This PUBLIC KEY concept might sound a bit mysterious at first. However, it becomes very clear when you play with PGP for a while.
Suppose I signed this FAQ with my PGP "digital signature". This would allow persons who have PGP and my PUBLIC KEY to verify that 1) I, André Bacard, (not a Sports Illustrated superstar pretending to be me!) wrote this document, and 2) Nobody has altered this text since I signed it. PGP signatures might be helpful for signing contracts, transferring money, and verifying a person's identity.
Suppose I use my PUBLIC PGP key to sign and verify that "I agree to pay you $5.00". Your mailbox will receive a message similar to:
-----BEGIN PGP SIGNED MESSAGE----- I agree to pay you $5.00 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5 iQCVAwUBQma8V96pT6nCx/9/AQEUYgP/UPQdTwNfl10vQrggARka1SO8kP5lEkIQ c9kve4Hp7TFZb4fnm1s4dp3+3nPbT3Rk89aaDhRWDc/Y0ChHPWeS9P1vBlPb0WDM Pi0Xl5PFF2NlKyceKHt5Ysapl6tfOWplOkhzKdM+SXW/PjIY7KwzBP5ebpUyrpg0 Vaoqm+G8wEM= =Bgbi -----END PGP SIGNATURE-----
By using PGP, you could guarantee that I, André Bacard, am the person who sent you the email "I agree to pay you $5.00."
Philip Zimmermann wrote the initial program. Phil, a hero to many pro-privacy activists, worked as a computer security consultant in Boulder, Colorado during the original days of PGP. Other programmers around the globe created subsequent PGP versions and/or shells. Subsequent versions of PGP were created by a California based corporation called Network Associates, which bought a previous company, co-founded by Zimmerman, called PGP, Inc. Corporate mergers are so commonplace in America. Who knows who will control PGP by the time you read this?
People who value privacy use PGP. Politicians running election campaigns, taxpayers storing IRS records, therapists protecting clients' files, entrepreneurs guarding trade secrets, journalists protecting their sources, and people seeking romance are a few of the law abiding citizens who use PGP to keep their computer files and their e-mail confidential.
Businesses also use PGP. Suppose you're a corporate manager and you need to e-mail an employee about his job performance. You may be required by law to keep this e-mail confidential. Suppose you're a saleswoman, and you must communicate over public computer networks with a branch office about your customer list. You may be compelled by your company and the law to keep this list confidential. These are a few reasons why businesses use encryption to protect their customers, their employees, and themselves.
PGP also helps secure financial transactions. For example, the Electronic Frontier Foundation uses PGP to encrypt members' charge account numbers, so that members can pay dues via e-mail.
Thomas G. Donlan, an editor at Barron's [a financial publication related to The Wall Street Journal], wrote a full-page editorial in the April 25, 1994 Barron's entitled "Privacy and Security: Computer Technology Opens Secrets, And Closes Them." Mr. Donlan wrote, in part:
"Without security, the Internet is little more than the world's biggest bulletin board. With security, it could become the information supermarket of the world. [Encryption] lets people and banks feel secure putting their credit-card numbers on the public network. Although it still seems that computers created an age of snoopery, the age of privacy is at hand."
Your computer files (unless encrypted) can be read by anyone with access to your machine. E-mail is notoriously unsafe. Typical e-mail travels through many computers. The persons who run these computers can read, copy, and store your mail. Many competitors and voyeurs are highly motivated to intercept e-mail. Sending your business, legal, and personal mail through computers is even less confidential than sending the same material on a postcard. PGP is one secure "envelope" that keeps busybodies, competitors, and criminals from victimizing you.
Show me a human being who has no secrets from her family, her neighbors, or her colleagues, and I'll show you someone who is either an extraordinary exhibitionist or an incredible dullard. Show me a business that has no trade secrets or confidential records, and I'll show you a business that is not very successful.
On a lighter note, a college student wrote me the following:
"I had a part-time job at a dry cleaner. One day I returned a diamond ring that I'd found in a man's coat pocket to his wife. Unfortunately, it was NOT her ring! It belonged to her husband's girlfriend. His wife was furious and divorced her husband over this incident. My boss told me: 'Return jewelry ONLY to the person whose clothes you found it in, and NEVER return underwear that you find in pockets!' Until that moment, I thought my boss was a finicky woman. But she taught me the need for PGP."
Privacy, discretion, confidentiality, and prudence are hallmarks of civilization.
The next time you hear someone say this, ask him if he wants to outlaw the likes of Thomas Jefferson, the "Father of American Cryptography," who wrote the American Declaration of Independence.
Many governments, corporations, and law enforcement agencies use encryption to hide their operations. Yes, a few criminals also use encryption. Criminals are more likely to use cars, gloves, and ski-masks to evade capture.
PGP is "encryption for the masses." It gives average law abiding citizens a few of the privacy rights which governments and corporations insist that they need for themselves.
For many years, the PGP computer code has been published so that security experts can examine it for "back doors" (hidden ways to break into PGP messages).
Perhaps your government or your mother-in-law can "break" PGP messages by using supercomputers and\or pure brilliance. I have no way of knowing. Three facts are certain. First, top-rate civilian cryptographers and computer experts have tried unsuccessfully to break PGP. Second, whoever proves that he or she can unravel PGP will earn quick fame in crypto circles. He or she will be applauded at banquets and attract grant money. Third, PGP's most knowledgeable users around the world will broadcast this news at once."
Almost daily, someone posts a notice such as "PGP Broken by Omaha Teenager." Take these claims with a grain of salt. The crypto world attracts its share of paranoids, provocateurs, and UFO aliens. To date, nobody has publicly demonstrated the skill to outsmart or outmuscle PGP.
Yes. However, it is ILLEGAL to export PGP out of the United States without the proper government approval. Do not even think of doing so! To communicate with friends in, say, England, have your friends get PGP from sources outside the United States.
PGP's legality, like a host of subjects from alcohol drinking to zebra farming, varies from country to country. Plus, laws constantly change around the globe. It's smart to check the laws where you live.
PGP is easier to use than, say, a word processing program. Most versions let you encrypt and decrypt data with a simple mouse click.
Versions are available for many platforms including Microsoft Windows. Many persons are working to expand PGP's usability. Read the Usenet <alt.security.pgp> news group for the latest developments.
In general, yes. For example, a document encrypted with PGP using Windows can decrypted with someone using PGP on a Unix machine. You will also find that the "international" versions of PGP are compatible with the "domestic" (United States) versions.
PGP is easy to download on the Internet. I recommend you go to Bacard's Privacy Page and check the PGP links for both "domestic" and "international" sources.
Many PGP versions are "freeware." This means that they are free. People from New Zealand to Mexico use these versions every day. The commercial versions of PGP are normally priced software. Again, follow the PGP links at Bacard's Privacy Page.
 |
| Lake Tahoe André reading Michael J. GELB's How to Think Like Leonardo da Vinci |
We personally thank the generosity of
Business Week,
Newsweek,
Playboy,
Wired,
MicroTimes,
USA Today,
Kiplinger's Personal Finance Magazine,
CNet Online,
the New York Times,
the G. Gordon Liddy Show
and WEB links around the globe for bringing you here.