1 2 3 4 5 6 7 8

Oh Squidgy. Kiss me, please. [Sound of kissing.] Do you know what I'm going to be imagining I'm doing tonight, at about 12 o'clock? Just holding you so close to me. It'll have to be delayed action for 48 hours.

--Man talking to Princess Diana over an unencrypted cellular phone, 1992

Privacy was one of the big concerns on the Net even before junk email and spam. Because the Internet was designed to enable the free flow of data, it's not particularly good at protecting anyone's secrets, as several well-publicized computer hacking (read: breaking and entering with a modem) cases have showed. When, for example, the world's most demonized hacker, Kevin Mitnick, was arrested in early 1995, he was accused of having stolen a copy of a list of leading domestic Internet service provider Netcom's customer credit card numbers, 20,000 of them in all, and posted it on the WELL in a file directory from where anyone could retrieve a copy. As far as anyone knows, none of those numbers were ever used fraudulently, but that's not the point: the point is that the data needed to be protected properly and wasn't.

San Francisco software developer Bruce Koball, a key organizer of the annual Computers, Freedom, and Privacy Conference, took advantage of his brief moment in the arc lights as the discoverer of the copied files to point out that there was and is a simple solution to such theft: encrypt the files, garbling them so they can only be read by the authorized owner. The one problem: the lack of well-designed, easy- to-use cryptography products. The reason: governmental distrust of what citizens can hide by such means.

Cryptography is not the only possibility; a second school of thought holds that legislation is needed to control what information may be collected and how it may be used. In most European countries, for example, privacy laws enjoin corporations from collecting user data for one purpose (say, building a customer database for internal marketing purposes) and using it for another (say, selling it to another company as a bulk mailing list) or exporting it to another country without such protections. There are arguments that such laws primarily protect the rich and powerful; however, one problem as Europe unifies is that the United States's lack of privacy legislation may make it illegal for subsidiary companies abroad to send certain types of data to their U.S. headquarters.

The problem is that laws move slowly and data moves quickly. Cypherpunks, as the heavy-metal fans of cryptography are known, tend to believe it's better to protect the data directly. Unlike privacy advocates who favor legislative solutions, cypherpunks can vote with their computers to write, use, and deploy their own technology.

Or at least, they can now. Although codes and ciphers are thought to go back to 1900 B.C.,[1] if you want something uncrackable these days you need a computer. For that reason, for the last few decades strong cryptography was largely the province of governments. Amateurs simply didn't have access to the necessary hardware. That was why the dream that gripped Phil Zimmermann in the 1970s of writing a microcomputer implementation of a new kind of cryptographic system was so unattainable at the time.

Like a lot of kids, Zimmermann was fascinated with codes and ciphers. He says he was only in about fourth grade when he read Herbert Zim's Codes and Secret Writing[2] and thought it was "so cool."[3] In seventh grade, a schoolmate challenged Zimmerman to crack a message written in a code of the schoolmate's own devising, an alphabet that looked something like the runes in Lord of the Rings. Zimmermann took it home and attacked it by comparing the frequencies with which individual symbols recurred with the frequencies with which the letters in the English language are known to be used. Shades of Sherlock