Don't throw out the good with the bad, security gurus say

Bruce Schneier

Cryptologists' faith in strong encryption has not wavered, even though terrorists and other malefactors can benefit from it.

'Infrastructure is used by good guys and bad guys,' said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc. of Cupertino, Calif. 'There are so many more good guys than bad that we're better off with the infrastructure than without it.'

Schneier and Philip Zimmermann, creator of Pretty Good Privacy, talked about cryptography and security at the Black Hat Briefings last month in Las Vegas.

Zimmermann said he started working on PGP 'as a human rights project. I got the idea in the 1980s when I was a peace activist.'

PGP, a public-key encryption scheme for e-mail, works without a supporting infrastructure of certificates and authorities. As a standalone product, it depends on trust between users. The idea originally was to protect the privacy of activists who feared persecution by their governments.

But Zimmermann ran afoul of the U.S. government and faced a three-year battle over export restrictions when he tried to commercialize PGP in the 1990s.

'At no time did I deny that criminals would use PGP,' he said. 'That was the central argument in the debate. But we came to the decision that society is better off with strong encryption than without it, even though criminals would use it.'

Despite what he called an erosion of civil liberties in the name of security since Sept. 11, 2001, Zimmermann said he doubts government will restrict public use of strong encryption.

'I don't think that is going to reach critical mass in Congress,' he said. 'Things have changed too much.'

Schneier called concerns about the threat of strong encryption misguided. 'Most people are good,' he said, 'but there is a lot of bad security out there.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected