PGP 30. yaş gününü kutladı. 1991’den önce, uzun mesafelerle güvenli bir şekilde iletişim kurmak için hiçbir araç yoktu. PGP 6 haziran 1991’de bunu sundu.
PGP geliştiricisi Phil Zimmermann yıldönümü ile ilgili olarak yayınladığı mesajında
“30 yıl sonra buradayız ve güçlü kripto her yerde. 1990’larda göz alıcı olan şey artık sıradan. O yıllardan bu yana çok şey değişti. Benim işim uçtan uca güvenli telefon ve yazılı mesajlaşmaya kaydı. Tarayıcılarımızda, VPN’lerde, e-ticaret ve bankacılık uygulamalarında, IoT ürünlerinde, disk şifrelemede, TOR ağında, kripto para birimlerinde ve OpenPGP protokolünün uygulamalarının yeniden canlanmasında güçlü kripto.
Yine de, şimdi tam olarak bu tür uçtan uca şifrelemenin arasına girmeye çalışan pek çok hükümet görüyoruz. Özel görüşme hakkımızı koruma ihtiyacı hiç bu kadar güçlü olmamıştı.
Çoğu demokrasi, popülist otokrasilere doğru kayıyor.Sıradan vatandaşlar ve tabandaki siyasi muhalefet grupları, kendilerini bu ortaya çıkan otokrasilere karşı ellerinden geldiğince korumalıdırlar. Eğer bir otokrasi yaygın bir gözetim altyapısını devralırsa veya inşa ederse, siyasi muhalefetin örgütlenmesi neredeyse imkansız hale gelir. Bunu Çin’de görebiliyoruz. Güvenli iletişim, bu toplumlarda tabandan siyasi muhalefet için gereklidir.
Tehlikede olan yalnızca kişisel özgürlük değil, ulusal güvenliktir. Son şifreleme hakkını korumak için politika alanında sert bir şekilde tepki göstermeliyiz”
Zimmerman’ın mesajının orjinalini aşağıya aldık.
PGP Marks 30th Anniversary
6 June 2021
Today marks the 30th anniversary of the release of PGP 1.0.
It was on this day in 1991 thatPretty Good Privacywas uploaded to the Internet. I had sent it to a couple of my friends for distribution the day before. This set in motion a decade of struggle to end the US export controls on strong cryptographic software. After PGP version 1.0 was released, a number of volunteer engineers came forward and we made many improvements. In September 1992 we released PGP 2.0 in ten foreign languages, running on several different platforms, upgraded with new functionality, including thedistinctive trust modelthat enabled PGP to become the most widely used method of email encryption.
I became the target of a criminal investigation for violating theArms Export Control Actby allowing PGP to spread around the world. This further propelled PGP’s popularity. The government dropped the investigation in early 1996, but the policy debate raged on, until the US export restrictions finally collapsed in 2000. PGP ignited the decade of theCrypto Wars, resulting in all the western democracies dropping their restrictions on the use of strong cryptography. It was a storied and thrilling decade, and a triumph of activism for the right to have a private conversation.
I wanted PGP to be used for human rights applications. I wanted it to spread all over the world, especially to places where people needed protection from their own governments. But I couldn’t say that out loud during the criminal investigation, because it would help the prosecutor prove intent.
The most dramatic PGP stories came from outside the US. PGP helped enable the safe evacuation of 8000 civilians from mortal danger during the Kosovo conflict. While attending the 2014National Cybersecurity Hall of Fameceremony, a guy from theHUMINTcommunity approached me to thank me because he said he had some colleagues who were alive today because of PGP. Human rights groups documenting war crimes in Guatemala, protecting witnesses from reprisals from the military. Human rights workers in the Balkans. Political resistance in Burma in the 1990s. There were so many stories like that over the years.
In 2004,Robert Morris Sr., who had retired from NSA, told me that when PGP first appeared on the scene along with its source code, the NSA was particularly worried that the source code would show a lot of people how to develop strong public key crypto software, and the skills would proliferate.
Here we are, three decades later, and strong crypto is everywhere. What was glamorous in the 1990s is now mundane. So much has changed in those decades. That’s a long time in dog years and technology years. My own work shifted to end-to-end secure telephony and text messaging. We now have ubiquitous strong crypto in our browsers, in VPNs, in e-commerce and banking apps, in IoT products, in disk encryption, in the TOR network, in cryptocurrencies. And in a resurgence of implementations of theOpenPGPprotocol. It would seem impossible to put this toothpaste back in the tube.
Yet, we now see a number of governments trying to doexactly that. Pushing back againstend-to-end encryption. We see it in Australia, the UK, the US, and other liberal democracies. Twenty years after we all thought we won the Crypto Wars. Do we have to mobilize again? Veterans of the Crypto Wars may have trouble fitting into their old uniforms. Remember that scene in The Incredibles when Mr. Incredible tries to squeeze into his old costume? We are going to need fresh troops.
The need for protecting our right to a private conversation has never been stronger. Many democracies are sliding into populist autocracies. Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can. If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China. Secure communication is necessary for grassroots political opposition in those societies.
It’s not only personal freedom at stake. It’s national security. The reckless deployment of Huawei 5G infrastructure across Europe has created easy opportunities for ChineseSIGINT. End-to-end encryption products are essential for European national security, to counter a hostile SIGINT environment controlled by China. We must push back hard in policy space to preserve the right to end-to-end encryption.