VP-Elect Joe Biden is Responsible for Open Sourcing Email Encryption? November 7, 2008

There are rumors that the Obama campaign used an Ubuntu-based Linux distribution, though further analysis seems to indicate that these images were fakes. It would be great if someone from the Obama campaign would comment publicly and officially on this. I would love to think that there might be room for Ubuntu and Linux in the next administration, perhaps in the new CTO cabinet position. With Warren Buffet being suggested as a potential Treasury Secretary, I fear that his recently-retired friend Bill Gates might have the inside track on the US CTO chair.

On the other half of the ticket, I learned something interesting about VP-elect Joe Biden yesterday. Al Gore invented the Internet, but Joe Biden open sourced email encryption!

I’m currently reading Steven Levy‘s book, Crypto, about the evolution of cryptography in the United States, overcoming pressure and resistance from the NSA and other areas of the United States government’s intelligence interests.

Levy writes that Phil Zimmerman was in the finishing stages of productizing PGP, Pretty Good Privacy, an email encryption mechanism that predates our modern GPG (GNU Privacy Guard), when on January 24, 1991, Senator Joseph Biden added a paragraph to Senate Bill 266:

It is the sense of Congress that providers of electronic communications services and manufactures of electronic communications services shall ensure that communications systems permit the government to obtain the plaintext contents of voice, data, and other communications when appropriately authorized by law.

Such a law would have eliminated PGP, and aborted countless other technologies we take for granted today (HTTPS, SSL, SSH, VPN).

According to Levy, Zimmerman took this as the ultimate deadline, and quickly finishing PGP, and hoping to get it in the hands of as many people as possible as immediately as possible. To do this, he gave up his short-term hopes of financial benefit from PGP in order to further the long term goal of ensuring private email communications. And on May 24, 1991, he effectively open sourced PGP, uploading it to dozens of newsgroup sites on the burgeoning internet. Quite the opposite effect the honorable Senator from Delaware was aiming for…

By June of 1991, a number of civil liberties groups had raised issue with the offending language and (thankfully) it was struck from the bill. And by that time, a few thousand PGP-encrypted emails had been passed around the Internet, and so open source email encryption was born. N.B. Lotus Notes had been doing this for some while, as a proprietary application.

The little things you learn in a Steven Levy book… By the way, I also highly recommend another of his books, Hackers.

:-Dustin