PGP Zimmermann: 'You want privacy? Well privacy costs MONEY'
And no, I can't beat the NSA or GCHQ for you
IP EXPO 2015 Delivering a keynote in London today, the famous inventor of PGP complained that consumers want privacy for free, forcing his company Silent Circle to focus on selling secure telephony to enterprises - while he would like to see it more widely employed.
Silent Circle, the cryptographic communications firm at which Zimmermann is co-founder and Chief Scientist, has been is business for three years, and has recently launched its Blackphone 2 model - a "reasonably secure" Android-powered smartphone.
Zimmermann, the creator of encryption program Pretty Good Privacy (PGP), said he had always felt that "secure telephony is a lot more fun than secure email."
He noted that "at the start [Silent Circle] emphasised personal privacy, and we still do, but in the past few months we've been redirecting our engineering efforts towards developing enterprise features."
This was the result of discovering that there is little market in selling crypto direct to individuals, Zimmermann explained.
Consumers have this weird notion that they want all of this privacy, but they don't want to pay for it.
A long-time privacy advocate and surveillance objector, Zimmermann stated that, as with PGP, there had been some governmental discomfort regarding secure telephony.
"They want the capability for themselves, but not for anyone else," he informed his audience, "and our tech is used by government. They love it.".
Silent Circle products are used by US and British special forces, including the SAS, Zimmermann was keen to make known.
"But I also want it to be used by consumers," said Zimmermann, while acknowledging that Silent Circle is focusing on making itself more attractive for the enterprise.
Speaking on the use of secure communications in crisis management situations, he sugggested that Sony would have done well to make use of an outsider's system following the breach of their own, as they couldn't trust those at the time.
"As our system is end-to-end, it doesn't matter even if our servers are hacked, your keys are not shared with the servers, we couldn't even help anyone else get the keys," said Zimmermann. "Unless they use a zero-day to penetrate your phone, they're not going to get their hands on the keys."
UK to BAN crypto
Zimmermann was also asked to discuss the British government's alleged desire to ban cryptography. Instead of focusing on what is a dubious allegation - which he has slammed before, at length - he stated that it was becoming easier and easier to perform surveillance.
Those who wish to defend themselves from surveillance, he said, need not only technical solutions such as cryptography, but also a cultural change.
Britain is not an easy society to persuade to push back against surveillance.
"You have surveillance cameras everywhere," Zimmermann told the audience, "and there's a level of acceptance for this which I can't understand."
Privacy advocates can create technologies to help push back in the technical space, but they also need to push back in the public policy space, suggested Zimmermann, "and persuade the governments in Europe and [the UK] to push back as well - to not create an ever-increasing pervasive surveillance environment."
Zimmermann added that intelligence agencies applying their capabilities to domestic populations was not good for democracy. "All of these dystopian societies around the world are surveillance societies," he stated.
Inviting questions from the audience, Zimmermann responded to an attendee who shouted out "Smurfs!" referencing GCHQ's nickname for its phone-snooping toolset.
"The problem with trying to do good crypto on a device is that you have to worry about somebody compromising the execution environment," offered Zimmermann. "People ask me if PGP is NSA-proof, I say 'no', the NSA could get into your computer and get your keys."
Cryptography can't protect you against powerful intelligence agencies.
"Cryptographers love to turn security into a math problem," said Zimmermann, who said if a problem requires millions of years to solve, then it's considered secure.
"The problem is mathematicians, scientists, engineers - they'll find ways to turn these problems into engineering problems, because if you turn them into engineering problems then you can solve them," he said. "The Snowden revelations have shown that the NSA has an incredible capability to turn things into engineering problems." ®