Feds Target Software Expert Who Developed Code to Encrypt Data : Computers: Among some civil libertarians, Phillip Zimmerman has achieved a kind of cult-hero status in the growing debate over electronic-privacy issues.


To some civil libertarians, Phillip Zimmerman is a hero. To the government, he is a suspect. To one corporation, he is a flouter of patents.

It is possible, in fact, that this self-employed computer software consultant is all these things; on the Information Highway, the distinctions blur. What is clear is that Zimmerman is in trouble.

This is what Zimmerman did:

He developed a program--Pretty Good Privacy, or PGP--which encrypts electronic files in a virtually unbreakable code. He gave PGP to a friend. The friend made it available on the worldwide network of computer systems.


As a result, he has been targeted in a federal criminal investigation to determine whether he violated a law prohibiting the export of encryption software. And he has run afoul of RSA Data Security Inc., which owns a patent on the mathematical algorithm used in PGP.

But among civil libertarians, Zimmerman has achieved a kind of cult-hero status in the growing debate over electronic privacy issues.

“Two hundred years ago when they wrote the Constitution, they never thought it was necessary to put a special amendment in the Bill of Rights for the right to have a private conversation. You would just go out behind the barn and talk,” Zimmerman said.

“But today, you have copper wires and glass fibers carrying our conversations. So, do we want to sacrifice our privacy because of that? Our civil liberties are eroding because of the Information Age. Cryptography will bring them back.”


There are hundreds of computer software programs like PGP that encrypt communications. Most are based on a “public-key” technology: Users are given a widely distributed “public key” and one the user keeps confidential. The technology allows a message encoded with a user’s public key only to be decoded by the private key.

Attorneys, financial consultants and others in business use PGP to protect documents and electronic mail. Human rights activists in some Third World countries use it to encode data about government tyranny, said Daniel Salcedo of the American Assn. for the Advancement of Science.

But Zimmerman said he has heard of a case in which a man later convicted of child molestation used it to keep some documents secret.

That irks law enforcement authorities, who say encryption prevents police from monitoring illegal activities, from drug networks to terrorism.


One solution to the police dilemma is the Clinton Administration’s proposed “clipper chip.” It would scramble computer or telephone communications, but the government would retain a set of decoding keys to enable court-approved electronic surveillance. Manufacturers would be asked to voluntarily install the chip in their products.

Civil libertarians and most computer industry officials oppose Clinton’s proposal, and Vice President Al Gore has indicated that the Administration is willing to compromise. Without secure encryption, Zimmerman says, the government could theoretically set up computers to scan networks for subversive words--sort of a high-tech “drift-net fishing.”

For now, the “clipper chip” is just a proposal. And the federal government is trying to rein in programs like PGP--an effort akin to picking up a bead of mercury with your bare hands.

In 1993, two years after Zimmerman finished PGP, he was informed of a federal investigation into its transmission overseas, said Boulder attorney Phillip DuBois, who represents Zimmerman.


Federal prosecutors in San Jose, Calif., who are spearheading the probe, declined comment. If Zimmerman were to be indicted and convicted of the export law violation, he could receive up to 51 months in federal prison.

“We have a situation in which the law has not kept pace with technology,” said DuBois. “I personally don’t see that Mr. Zimmerman committed any federal, state or any other kind of felony or misdemeanor or anything.”

Zimmerman points out that PGP could be legally exported overseas if it were published in a book instead of sent electronically.

“It’s like dandelion seeds blowing in the wind; you can’t contain biology and you can’t contain information,” he said.


Zimmerman also has run into problems with RSA Data Security. Zimmerman didn’t sell the software initially; he advised users to get a patent license from RSA.

Zimmerman later reached agreement with ViaCrypt of Phoenix to sell a commercial version of PGP. ViaCrypt has a license from RSA.

Jim Bidzos of RSA called Zimmerman’s actions “spineless,” but declined to say if he is considering legal action.

“There have been so many violations of that patent through the distribution of PGP. . . . My only comment would be, let the user beware,” he said.


Zimmerman is undeterred by any threat. A fervent believer in civil liberties, Zimmerman was a peace activist in the 1980s, an acolyte of Daniel Ellsberg, leaker of the Pentagon Papers. He once was arrested with Ellsberg and Carl Sagan while protesting in Nevada.

Now, he’s working on an encryption program for real-time voice communications using multimedia computers.

“Phil is just a guy who did a neat thing,” said Stephen Walker, president of Trusted Information Systems Inc. of Glenwood, Md., which specializes in computer security. “He built a piece of software that somehow got overseas and they are using him as a scapegoat.”