Skip to content
hacker_culture_
Back to the collection
CryptographySoftware· 1991

PGP

Strong encryption for everyone, released into the world as an act of civil disobedience.

3 min read483 words
Portrait of Phil Zimmermann, creator of PGP encryption software
Image: Matt Crypto · CC BY-SA 3.0

The object

PGP (Pretty Good Privacy) is an encryption program written by Phil Zimmermann, a Boulder, Colorado software engineer and anti-nuclear activist, and released in June 1991. It put military-grade public-key cryptography, previously the domain of governments and banks, into the hands of any individual with a computer. Its design was practical and clever: it married the RSA public-key algorithm to a fast symmetric cipher (Zimmermann's own BassOmatic at first, soon replaced by IDEA) so that messages encrypted quickly while keys were exchanged securely. Just as important, PGP introduced the "web of trust": instead of a central authority vouching for identities, users signed one another's keys, building decentralized credibility from the bottom up. Zimmermann released it as freeware, and a colleague uploaded it to a U.S. bulletin board; within days it had crossed the network to the world.

A crime to publish

At the time, cryptography using keys above 40 bits was legally classified by the United States as a munition under the International Traffic in Arms Regulations; exporting it could be prosecuted like trafficking weapons. PGP used far larger keys and spread to the global internet anyway, and in 1993 the U.S. Customs Service opened a criminal investigation into Zimmermann for "munitions export without a license," an inquiry that hung over him for three years. His response turned the absurdity into a weapon: in 1995 MIT Press published the entire source code as a printed book, PGP: Source Code and Internals, set in an OCR-friendly font so it could be legally exported, scanned abroad, and recompiled. Printed text was protected speech under the First Amendment; software was a munition; the book was both. In January 1996 the government dropped the case without charges, and the "crypto wars" turned. The First Amendment argument was vindicated in Bernstein v. United States, where a federal court ruled that source code is protected speech, and by 2000 the export rules had been substantially relaxed.

Why it matters

PGP reframed encryption as a civil right rather than a state privilege. It armed journalists, dissidents, and ordinary people with the ability to communicate without permission, and it became infrastructure: its message and key formats were standardized as OpenPGP (RFC 4880), implemented in the free GNU Privacy Guard (GnuPG) and embedded in countless email and software-signing workflows still in daily use. The phreaker's question, who is allowed to use this system?, was answered here with mathematics: everyone, by default.

It also extended copyleft's insight. Zimmermann did not just write a tool; he engineered a legal and political event, distributing it in a form the law could not easily stop.

The lesson it set loose

Cryptography is politics expressed as math. A cipher anyone can run shifts the balance of power between individuals and institutions, and no regulation can fully un-publish a number. PGP made privacy something you could do, not merely something you were granted.

Further reading

Keep exploring

Next exhibit

The Cypherpunks Mailing List