October 17, 2001, 4:31 PM — "If you think cryptography can solve your problem, then you don't understand your problem and you don't understand cryptography."
-- Bruce Schneier
Pretty Good Privacy (PGP) has a long and colorful history. When it was debuted in 1991 by cryptographer Phil Zimmermann, PGP attracted immediate attention. The notion of public key encryption for the masses achieved instant recognition, not only from privacy advocates, but from the National Security Agency. Over the years, PGP stood as a bulwark for personal privacy amidst the introduction of the US government's Clipper proposal and increasingly expansive wiretapping legislation.
PGP's turbulent political history is coupled with an equally rocky legal history. Complications arising from PGP's use of the RSA Security public key implementation, along with charges that PGP violates the US International Traffic in Arms Regulations, have continually dogged both the program and its author. To stave off these complications, PGP formed strategic partnerships with ViaCrypt and MIT. Then, in 1998, Network Associates Inc. (NAI) acquired PGP.
PGP timeline and brief history: http://www.cypherspace.org/~adam/timeline/
PGP version matrix: http://www.freedomfighter.net/crypto/pgp-history.html
PGP had finally come of age. Its banditware reputation faded into the background, and it quickly achieved legitimacy in the eyes of corporate America. In December 1999, the US government, long PGP's greatest nemesis, granted it an export license. Everything seemed rosy.
However, NAI also happened to belong to the Key Recovery Alliance (KRA), an organization advocating government key escrow. Though NAI disavowed its membership with the KRA in 1997, it has since quietly resumed ties with the organization. To that end, NAI also continued its work with Additional Decryption Keys (ADK) and PGP. ADK, introduced as an alternative to key escrow, was touted as a feature for businesses using PGP. With ADK, a company could add a master key to a user's public key. That way, if an employee left the company, the company could still decrypt that employee's files. What could possibly be wrong with that?
Mailing list debate on NAI/PGP and KRA: http://www.fitug.de/debate/9811/msg00233.html
"The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption," Hal Abelson et al. (1998): http://www.cdt.org/crypto/risks98/
Shortly after ADK's 1998 inclusion into PGP, many in the cryptographic community began voicing concerns regarding its use. The most ominous warnings were contained in Ralf Senderek's evaluation. It read, in part:
"I do not know which mechanism will prevent a user's public key [from being] linked with another faked message recovery key without the user's consent or knowledge."