It was in 1991 when Phil saw the unmet need and brought into fruition a much needed way to encrypt human readable text. Coincidentally, the Internet had begun to unfold and his method of encryption soon gained in popularity.
Mr. Zimmerman became, as a result, the target of a criminal investigation, brought by the U.S. Customs Service and RSA charged with violating provisions of the Arms Export Control Act. Charges, however serious, ultimately were dropped in 1996 and Mr. Zimmerman went on to form the PGP Corporation which was bought by Network Associates in 1997.
You see, email is clear text. Yes. Naked. When you casually press 'send' on an email, it travels across the mail transfer agents to its destination as a stream of human readable text which makes it child's play for interception and viewing by any agency or individual. Essentially, you are placing your correspondence in the mail without an envelope.
Seems odd when it's put that way doesn't it?
We go to great lengths to assure the safety of all paper mail delivery (warnings on mailboxes even) as we diligently place our correspondences in an envelope for what? Privacy, of course. There are Federal laws on the books to protect your paper mail but none for the electronic equivalent.
So it begs the question: Why isn't email encrypted by default?
It seems that no one really thought that question through, or, at least there was a time when the email RFC 2822 (supercedes RFC 822) was used only by a small population of technology-elite individuals. Times have since changed and along with change the RFC was never updated to contemplate electronic privacy. Nor, has there been a Federal Mandate for such, which might have funded meeting a new email privacy standard.
Worse, is the now all too well-known fact that the email RFC standard can be exploited. How so?
SPAM. No, not the kind you eat. Email RFC sending id field can be forged and Spammers exploit that design deficiency and insert forged sending email addresses into emails sent from compromised PCs, which unbeknownst to the user (usually a compromised Windows PC), is running a deamon process (svchost) spambot in the background, sending out literally millions of emails a day, all forged.
Thus, unless you have a spam filter program installed, your email in-box may be filled with unsolicited emails some of which are benign, others contain attachments which if opened will trigger a script to run on the victim's machine, which may be designed to gain administrative rights and install yet another trojan spambot, or, worse ransomware or keyloggers.
It's all fairly well-understood but nothing, to date, has ever been done to correct the RFC standard.
Phil Zimmerman has always been a privacy advocate, and while he developed PGP, others fortunately saw fit to follow and extend his work and developed an open source and compatible equivalent, called Gnu Privacy Guard (GnuPG).
Today, GnuPG or GPG is the linch-pin for the vast majority of Linux Distributions (Distros) and provides a 'keyring' feature to ensure that software obtained from a Distro's repository will be guaranteed to be safe from tampering (trojan horses, viral code insertions). So, too, GPG is compatible with PGP email and allows users to encrypt (envelope) their email correspondences to guarantee privacy.
Thus far, however, the implementation of low-cost or free, 'easy-to-use' email systems with standard encryption have been few, so there truly is a huge unmet need here--world-wide.
As more users embrace the Internet and become comfortable incorporating it into their daily lives, they have also come to understand the crucial importance of privacy. In fact, many feel that such privacy is their given right. I agree with that. The right to privacy is implicit and incorporated into our nation's Bill of Rights. It's no different than the paper mail envelope analogy I gave above.
So, as I read about Phil Zimmerman in recent news, I thought, here is a Man who is passionate and truly believes in what he is doing. You see, Mr. Zimmerman has surfaced once again, only this time he is building is own infrastructure available to the general public to use as a turnkey encrypted easy to use email service, an expansion of a company he opened last year called Silent Circle.
From the story at TheRegister.uk, Chief Technology Officer for Silent Circle elaborates on this new service:
"Email is fundamentally broken," Jon Callas, Silent Circle's CTO, tells The Register, pointing out that security was not a serious factor in the original protocols. Wrapping messages in the best possible encryption will give a measure of security, and the team have spent nearly two years honing their product.
"We believe we've got it as good as we can get it," he said. "Nothing is perfect, and anything we find there's a problem with, we'll fix it."
To further test the system's mettle, Silent Circle has put its source code up on Github for analysis by the security community. So far, Callas said, three possible problems have been found. None of them were serious, and all have since been fixed or ameliorated.
The new email service will take the best of this encryption, plus some extra special sauce and tools from PGP, and aims to offer secure service to subscribers across the world.
It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.
The right to privacy is spread implicitly throughout the Bill of Rights. But when the United States Constitution was framed, the Founding Fathers saw no need to explicitly spell out the right to a private conversation. That would have been silly. Two hundred years ago, all conversations were private. If someone else was within earshot, you could just go out behind the barn and have your conversation there. No one could listen in without your knowledge. The right to a private conversation was a natural right, not just in a philosophical sense, but in a law-of-physics sense, given the technology of the time.
But with the coming of the information age, starting with the invention of the telephone, all that has changed. Now most of our conversations are conducted electronically. This allows our most intimate conversations to be exposed without our knowledge. Cellular phone calls may be monitored by anyone with a radio. Electronic mail, sent across the Internet, is no more secure than cellular phone calls. Email is rapidly replacing postal mail, becoming the norm for everyone, not the novelty it was in the past.
Until recently, if the government wanted to violate the privacy of ordinary citizens, they had to expend a certain amount of expense and labor to intercept and steam open and read paper mail. Or they had to listen to and possibly transcribe spoken telephone conversation, at least before automatic voice recognition technology became available. This kind of labor-intensive monitoring was not practical on a large scale. It was only done in important cases when it seemed worthwhile. This is like catching one fish at a time, with a hook and line. Today, email can be routinely and automatically scanned for interesting keywords, on a vast scale, without detection. This is like driftnet fishing. And exponential growth in computer power is making the same thing possible with voice traffic.