A Pretty Bad Problem

Foreword to PGP User's Guide by Phil Zimmerman

by John Perry Barlow

I love irony, and there lies in this book an irony as striking as any I know. It is this: that a computer program with the cute li'l ol' name of Pretty Good Privacy, written by an apparently unformidable gnome on a tight budget, now terrifies a security monolith that required half a century, uncounted billions of dollars, and the collective IQ's of a few thousand geniuses to develop.

This book and the software it describes, as brief and modest as its author, could very well be the root tendril that will grow into the National Security State and shatter it. It that is true, it's probably only a little hyperbolic to claim that you are holding a work as liberating as Common Sense, or, viewed through another set of bunker slits, as socially disruptive as Mein Kampf.

That doubtless sounds like a pretty disruptive statement itself, but it's not unconsidered. It seems to me that the combination of distributed digital technology and robust encryption has brought informatized society to a very sharp balance point between two lousy choices. On one side lies a technological foundation upon which the most massive totalitarianism could be built. On the other is a jungle in which any number of anarchic guerrillas might hide, upon whom little order could ever be imposed.

Assuming I'm not simply raving here, what leads me to this conclusion? Have things really gotten this weird? I honestly believe they may have.

At present most of us unwittingly leave a highly visible and nearly indelible trail in Cyberspace. Every time we make a modern financial transaction, use the telephone, send an e-mail message, we leave a path of bits from which anyone who's interested and properly equipped can assemble the detailed informational ghosts of our naked selves. If you have something you'd rather hide, don't hide it there.

Furthermore, the tools of surveillance are becoming far more sophisticated and conducive to centralization. Massive pattern recognition engines can be applied to the Net from, say, Washington, DC or Beijing, and specifically tuned to recognize certain kinds of activities. Or even beliefs.

Any government that can automatically generate an intimate profile of every one of its citizens is a government endowed with a potential for absolute power that will eventually, to use Lord Acton's phrase, corrupt absolutely. Few civil liberties are likely to survive such capacities in the hands of the increasingly panicky authoritarians who run the embattled old bureaucracies of the Meat World.

Worse, their panic may be justified. An equally apprehensive and growing lot of cyber-libertarians now have at their disposal tools as unbalancingly powerful in their power to conceal as are the other side's in the service of revelation. One of these sabots goes by the mild name of Pretty Good Privacy.

Any number of citizens armed with PGP and such of its relations as digital cash and anonymous Net remailers can simply vanish from the governmental radar. They are at greater liberty than ever before to conduct any endeavor, including something that, as Phil frankly puts it at the beginning of this book, "shouldn't be illegal, but is." They can exempt themselves from taxes and yet maintain precise accounting records. In many ways, they can effectively resign from the community of the governed and enter a condition in which their actions ordered by conscience and culture alone.

And we may get a chance to find out just how well these are going to work as the primary templates for social order. There is no question that the patterns of unwritten code that arise from culture can work when the society in question is small, simple, or highly homogeneous.

For example, I come from a part of Wyoming where something like the Code of the West is still more important than the law or its instruments. It works pretty well. I don't have a key to my house, and through many years in the cattle business, I signed few contracts and was never knowingly cheated.

Something similar obtains in Japan, a much larger and more complex society which is nevertheless monocultural enough to resist chaos far more by general consent than by any order that police might enforce. And it is nearly crime free.

The emergent social orders of both Japan and Wyoming strongly support the idea that a less legalistic approach to the vicissitudes of life among the humans will work. What it less well known is whether it is possible to return to such a condition and whether truly diverse societies, such as we have in America, can ordered primarily by cultural norms.

Present evidence from both the former Soviet Union and the former Yugoslavia is not so promising. After 70 years of the most heroic efforts to force order by imposed regulation, the great iron lid is off. And it is no Rousseauvian paradise to which the Russians have returned. They appear to be governed less by ethics than by criminals who would probably govern better if they were organized. Meanwhile the Balkans have returned to a state of tribal bloodshed that indicates that a strong sense of community, as expressed in cultural immune response, can be more disruptive than ordering.

But what are the choices? Do we allow matters to continue along their present technological trajectory, eventually endowing our government (and practically any marketing organization) with a magnifying window into the least of our lives? Do we allow ourselves to become intimately vulnerable to faceless bureaucracies to whom we will be incredibly well known yet remain faceless ourselves? We have gone too far that way already. But what can prevent a further tumble toward that dark horizon?

Do we try to hide our trails behind laws (favored by Europeans) that would define what might be the appropriate contents for a database? Do we endow government with the ability to define forbidden knowledge? I don't have much enthusiasm for this solution, which sounds to me rather like having a Peeping Tom install one's window blinds, I do not trust government with the ability to regulate information, especially information that contains within it such a long lever of control as those things about yourself you'd rather no one knew.

There are always special circumstances - grave matters of national security, they will insist. - in which it will seem obvious to our guardians that the sanctity of such laws is secondary to the greater public interest. Indeed, this is how we have been doing things in America for a long time. The Bill of Rights continues to apply only when the government feels no pain from its application.

It's a tough choice, but I think I would prefer to give people the means to control their own information. I think it is best that this virus of liberty is loose on the Net.

I would prefer to let my fellow citizens detach their economic transactions from their identities, despite the looming possibility that an anonymous economy will consider taxes voluntary. I would even rather extend to people the general condition of anonymity, hoping they will not use it much, knowing that without identity, there is little impetus for responsibility, and that without responsibility, the Social Contract is abrogated.

While I have focused so far on the ability of PGP to conceal, it is the area of identity that this software may make its most positive contribution. Even as digital technology can make us to visible, the absence of real bodies places a garment of ambiguity on everyone who interacts on the Net. If community requires identity, what is to be done about the ease by which the virtual can take on one another's identities?

To this dilemma, PGP provides an unambiguous solution: digital signature. Using the signing techniques enabled here, you can send and receive files with great assurance that they were generated by their purported authors and that their contents have not been altered. Once you are in the habit of authenticating your own words, no one may pretend to speak or act as you. You can be assured that you will only have to be responsible for your own actions and not the misdeeds of some phantom wearing your name.

For the rest of what PGP enables, ambivalence is the only appropriate response. Still, I would at least rather everyone know how to use the tools whose operation this book describes, though I fervently hope they will be somewhat circumspect about actually using them. Just as an armed populace may be more resistant to certain excesses of governmental zeal, so might a populace armed with the ultimate defensive weapon, the ability to disappear, countervail against the all-seeing electronic eye.

We had best be armed with something. It seems certain to me that any government that can see everything we do all the time will sooner or later feel compelled to add omnipotence to omniscience, which are, in the Virtual Age, much the same thing anyway.

Maybe we will feel compelled to start using them. Maybe there will be anarchy, maybe even chaos. But chaos at least has an open architecture. Chaos has always been the native home of the infinitely possible. And among the possibilities I imagine is that human beings will turn out to be better, less paranoid, less worthy of inspiring paranoia, than many of us think.

In the end, it doesn't matter much what they think or I think. The genie of guerrilla cryptography is out of the bottle. No one, not even its maker, can stuff it back in or keep it within what America laughably calls its borders. The genie is all over the Net. It's in your hands as you hold this book. Summon it with a conscience. But be prepared to summon it if you must.


Collected from the posting in "Interesting People", 95/04/26.
To contact the PGP commercial home page click here.
Last updated 96/11/12
J.A.N. Lee, 1995,1996