Using PGP to keep your email private

Whatever one thinks of the US-led “war against terrorism”, there is cause for concern that civil liberties in Western countries are going to be eroded.

Already within hours of the World Trade Center and Pentagon attacks, journalists were searching out Phil Zimmermann, a one-time computer programmer whose claim to fame is a little bit of software he wrote ten years ago called Pretty Good Privacy (PGP). A Washington Post article reported that Zimmermann was having difficulty sleeping at night, wracked with guilt that terrorists had used his encryption software to exchange emails and plan their monstrous crime.
No matter that Zimmermann later insisted that he had been misquoted — the damage had been done. (Zimmermann’s response is here: — and it’s well worth reading.)
In the interests of “national security”, efforts are going to be made to make it harder and harder for any of us to encrypt our emails. Zimmermann and his little program are being demonized in the process.
There’s nothing really new in this. Several years ago, Zimmermann enjoyed his (first) fifteen minutes of fame when he was indicted by the US government for violating laws regarding exports of munitions. His little program, PGP, was classified as a “munition” and by allowing everyone, everywhere to download copies from the Internet, Zimmermann was accused of breaking the law. (Calling a bit of encryption software a munition is something like calling ketchup a kind of vegetable, so this makes some sense in Washington.)
Zimmermann was vindicated then and use of PGP has continued to grow worldwide. But not very quickly. To be completely honest, the number of people I know who use PGP can be counted on the fingers of one hand.
I think there are two reasons for this.
First of all, PGP is not easy to use. The overwhelming majority of us who use tools like email are not the geeks of yesteryear. We know whatever we need to know to use our computers, and that’s it. If our computers came with Microsoft Outlook Express pre-installed as our email program, that’s what we use. Even if Outlook Express is actually an incredibly effective virus distribution system which only pretends to be an email program. Very few of us go looking for something different or better.
The second reason is that for most of us (terrorists not included), there is no pressing, urgent need to encrypt our messages. For example, nearly all of my contact with this newspaper is done by email, and the emails usually consist of things like “Can you get an article to us this week?” and “OK, I’ll try”. What would be the point in encrypting any of this?
Nevertheless, I remain a believer in PGP and do encourage its widespread use on the left and in the trade unions. And the reasoning goes like this: if only terrorists and criminals use encryption, it will make it far easier for governments to see the use of tools like PGP as evidence of illegal activity.
But if all of us use powerful encryption, even for the most innocent communications, it will be far harder for anyone to make an issue of it.
Zimmermann always compared PGP to an envelope. Ordinary email is like a picture postcard — it can be read by every postal worker whose hands it passes through. That’s why we all use envelopes when we send mail — even if there is nothing particularly illegal or embarrassing in the contents of the letter.
If you agree with me that using PGP sounds like a good idea, the first thing you need to do is download the software (which is free of charge) from here:
There’s full documentation with the program and on the website.
When setting up PGP for the first time, you’ll be prompted to create a set of two keys — your public and private keys. If you want people to be able to send you encrypted messages, you’ll have to post your public key where it can be seen and downloaded. Your private key stays on your computer and you share it with no one.
And if you want to see if it works, try sending me an encrypted message. My email is And my public key is here:
I look forward to hearing from you — and being the only one who is able to read your message.