Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP), one of the leading data encryption protocols, was launched in 1991 by cryptographer Philip Zimmerman, who founded Pretty Good Privacy Inc. around his encryption algorithm in 1996. PGP was designed to protect the civil liberties of those communicating over the Internet by utilizing a mathematical code, or algorithm, to scramble information in such a way that only authorized parties could decode it. Not only was PGP widely used in e-mail transactions in the United States and other relatively stable countries for the purpose of securing day-to-day communications, it was also employed in highly sensitive areas, such as Sarajevo, Kosovo, and Guatemala, for the protection of data from hostile governmental or police forces. In a way, such uses fulfilled the original intentions of Zimmerman and PGP: to safeguard information from governmental intrusion.

Since World War II, the U.S. government, particularly the National Security Agency (NSA), has been at the forefront in developing encryption schemes, primarily to safeguard sensitive government-and security-related information, including secrets procured by U.S. spies. As private cryptographers pursued their own encryption schemes for use in the private sector, however, the U.S. government protested, and fought for years to keep advanced encryption algorithms under wraps. Zimmerman was among the cryptographers leading the fight against the NSA to open up the field of cryptography to the public. Zimmerman began work on what would become PGP in 1984, and spent the late 1980s perfecting his mathematical algorithm.

The U.S. government didn't take kindly to PGP at first. Zimmerman spent the early 1990s locking horns with the United States Department of Justice to open up the field of e-mail encryption, as part of a broader effort by cryptographers to force the government to open the doors to greater use and trade of encryption tools and schemes. In 1993 the Justice Department began investigating Zimmerman for violation of export restrictions on encryption technologies. After much bitter fighting, the government backed off three years later, signaling a shifting mood in the government toward a realization that encryption schemes were going to proliferate and were in fact important for the development of e-commerce.

The first personal-security software designed for the personal computer, PGP employed 56-bit encryption, which was at the time the strongest encryption available to the private sector. PGP not only boasted message encryption capability, but also featured digital signatures and data compression. PGP utilizes public-key cryptography, in which a private key, or source code for encrypting messages, is held by the PGP user, and a public key is openly available for anyone who wishes to send an encrypted message to that user. To broadcast the public key, the user simply sends it to one of PGP's servers. To send a message to a PGP user, one encrypts it with that user's public key; then, using the unique private key, the user decrypts the message to read it. Only when the public key interacts with the private key through the use of a password will the message unlock. PGP was available as freeware to noncommercial users, while the program itself usually had to be installed on individual computers, although it was increasingly accessible on a central PGP server.

Zimmerman sold the rights to PGP in 1997 to Network Associates, Inc., which he then joined as a consultant, and continued to play a role in PGP's development. Following NAI's acquisition, PGP Inc. was renamed PGP Security and branched out into constructing enterprise applications around the code, which the company continued to revise and release to the public as freeware. By the early 2000s, however, Zimmerman was concerned that the future of PGP as a freeware program may be limited, his concern sparked particularly by NAI's decision in 2001 to withhold the source code of its latest PGP version 7.0.3 from the public; the source code of all previous versions were freely available. For its part, NAI insisted it had no plans to discontinue its PGP freeware. At any rate, Zimmerman chose to leave NAI in February 2001 to join a rival firm, the Irish company Hush, convinced that NAI wouldn't continue to develop PGP in the manner Zimmerman most desired.