PGP Blogs

Google Stands Up for Corporate and Personal Rights
Tuesday, January 19th, 2010

It was remarkable last week watching how a single cyber-attack has ignited a firestorm of global reaction. I’m referring, of course, to the “highly sophisticated and targeted attack” on Google and a few dozen other companies. While the common wisdom is that the attacks were initiated in China, it hardly matters. All enterprises of any size (including PGP Corporation) are under cyber-attack every hour of every day from a large number of bad actors both foreign and domestic.

While most of the news coverage has focused on speculation about the source of the attacks, the real news here is that a corporate entity is standing up to defend both corporate confidentiality and individual rights. This sort of attack has the potential to not only affect global commerce, but global conventions on what rights individuals inherently possess regardless of their citizenship.

First, let me acknowledge and applaud Google for taking a leadership position on this key issue. For a company like Google that makes its living providing consumer focused products and services, it takes no small measure of courage to threaten to abandon the largest consumer Internet market on earth.

Second, I have to point out that even if the facts eventually prove China was attempting to monitor the communications of their own citizens, this issue is in no way unique to China. In fact, the American government has shown enthusiastic willingness monitor its citizen’s communications.  Historically, governments, even very liberal governments, have had a hard time recognizing and respecting an individual’s right of privacy. Even the U.S. Constitution, with its enumeration of specific individual rights, contains no explicit right of privacy.

PGP Corporation was founded on the core belief that every citizen of each nation possesses an inherent right of private communication.  PGP Corporation’s founder Phil Zimmermann predicted 20 years ago that global governments would attempt to use the Internet to diminish our individual rights to privacy, and Phil nearly went to prison defending those rights.

Third, I believe that the political and economic ramifications of Google’s public statement and disclosure of the attack will echo for months, if not years. Western governments will be forced to respond both technically and diplomatically to avoid being perceived as weak in the face of a clear and present danger. Companies that have moved manufacturing and/or customer service operations to jurisdictions that refuse to recognize the fundamental rights of their employees who are citizens of those countries will come under increasing pressure to curtail their engagement in those regions. This issue is not going to go away quickly and I believe it will leave a very different set of international business practices and standards in its wake. It’s going to be fascinating to see how this plays out, particularly given how dependent western economies are upon Asian manufacturing and financial resources. The only thing I know for sure is that somewhere in the world Phil Zimmermann is smiling and thinking, “I knew this would happen!”

Filed under: CEO Blog
Tags: china, Google, privacy
Comments: No Comments

What PGP Means to Me
Wednesday, June 24th, 2009

Brian Tokuyoshi – Product Marketing Manager

I remember the first time that I heard about PGP software.  It was in the mid 90s, and I was working on email systems at the time, dealing with the vast number of proprietary email formats and building gateways to get the messages from one system to another. During this time, it became clear to me that the system for trust in email was fairly broken – it was trivial for anyone to impersonate another person, tampering and modifying the content was possible, and the administrators had full access to see everyone’s data. The whole system of trust for Internet email really depended on hoping that there weren’t bad guys looking to cause problems.

I started using PGP software more for personal than business reasons.  I was concerned about my privacy because I knew how much power system administrators had. So for the last 14 years or so, I’ve been using PGP to protect email and files, and the more I used it, the more I learned about the history of the software and how it important it was to me.

What I didn’t know at the time though was what PGP meant to the world. Over the years, my career shifted from email systems to cryptography and security, and I saw the profound impact that PGP had on businesses and individuals, and the pressing need to always keep data safe.

In a recent article in IT News, I was pleased to see that Phil Zimmermann’s original PGP software package  was ranked as one of top 10 applications that changed the computing industry, standing among other groundbreaking software packages of modern computing. That very same software that I used to encrypt my email went on to become an important cornerstone to establish what privacy meant in the digital age. It was the software that made it possible for businesses and individuals to enforce their privacy rather than hope that others provide it on their behalf.

Today, the threat model continues to evolve way past the realms of imagination of the mid 90s. The network, operating system and even the web browser is under attack, with the goal to steal data. Yet the answer remains the same – protect the data using encryption to prevent unauthorized access. It was prescient when the Internet ascended on its rise in popularity, and today encryption is fundamental for advancing it towards its future.

Filed under: Perspectives
Tags: email, Phil Zimmermann, privacy
Comments: No Comments