Don't throw out the good with the bad, security gurus say

Bruce Schneier

Cryptologists' faith in strong encryption has not wavered, even though terrorists and other malefactors can benefit from it.

'Infrastructure is used by good guys and bad guys,' said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc. of Cupertino, Calif. 'There are so many more good guys than bad that we're better off with the infrastructure than without it.'

Schneier and Philip Zimmermann, creator of Pretty Good Privacy, talked about cryptography and security at the Black Hat Briefings last month in Las Vegas.

Zimmermann said he started working on PGP 'as a human rights project. I got the idea in the 1980s when I was a peace activist.'

PGP, a public-key encryption scheme for e-mail, works without a supporting infrastructure of certificates and authorities. As a standalone product, it depends on trust between users. The idea originally was to protect the privacy of activists who feared persecution by their governments.

But Zimmermann ran afoul of the U.S. government and faced a three-year battle over export restrictions when he tried to commercialize PGP in the 1990s.

'At no time did I deny that criminals would use PGP,' he said. 'That was the central argument in the debate. But we came to the decision that society is better off with strong encryption than without it, even though criminals would use it.'

Despite what he called an erosion of civil liberties in the name of security since Sept. 11, 2001, Zimmermann said he doubts government will restrict public use of strong encryption.

'I don't think that is going to reach critical mass in Congress,' he said. 'Things have changed too much.'

Schneier called concerns about the threat of strong encryption misguided. 'Most people are good,' he said, 'but there is a lot of bad security out there.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected