 |
Consulting Services |
|
Speaker Services |
|
Senate Testimory |
|
HOME |
 Letters to Phil from human rights groupsDear Phil -- When you came to Guatemala with me in January, 1999, you met some of the human rights activists who had been using PGP to keep their sensitive data safe. But I've learned since then that all four of the big human rights monitoring projects used PGP for one or another purpose. You met staff from the International Center for Human Rights Research (CIIDH in the Spanish acronym). They used PGP to encrypt their databases every night so that if a death squad attacked the office, the data would not be accessible. Since the databases contained the names of witnesses who could have been threatened or injured if perpetrators of atrocities had known about the testimonies, our security was very important. As far as we know, no information leaked from the project. You also met a few staff from the Commission for Historical Clarification (CEH), where PGP was used to encrypt email that was sent to and from researchers working on the Commission's behalf in other countries. The investigations were secret, and even though the results of the investigations were eventually published, the process had to be conducted in absolute confidentiality. Other strong cryptographic applications were used to secure information (lists of witnesses, report drafts, etc) on researchers' hard disks. There were no allegations of leaks that resulted from electronic surveillance on the Commission. Recently, a technical worker formerly at the UN Verification Mission (MINUGUA) has written about how people there used PGP to encrypt email that they sent across public telephone lines. The encrypted email contained reports from the field offices, much of which included information on ongoing investigations and other highly sensitive data. PGP made possible much faster reactions and better analysis in the central office, which in some cases probably saved the lives of people on behalf of whom MINUGUA intervened. Another technical worker, this one from the Catholic Church's Project for the Recuperation of Historical Memory (REMHI), recently sent me a letter in which he described REMHI's use of PGP. Like the CEH, REMHI needed to communicate with researchers in the US and Europe about sensitive investigations using documents available in those countries. The content of the information was not itself sensitive, but the if the existence of the investigation had been known, reprisals could have been directed at REMHI staff. Remember that three days after the publication of REMHI's report in April, 1998, the director of the project (Monsenor Juan Jose Gerardi) was murdered. The perpetrators have still not been identified, but it is very likely that they were linked to the Guatemalan military. If the perpetrators of this murder had known about REMHI's investigations -- perhaps by tapping REMHI's email, if it had not been encrypted -- the reprisals may have come earlier (potentially preventiing the release of the report) and the violence could have been directed against more people. All of these projects used freeware, DOS versions they obtained from Europe. As you once remarked to me, using the drag-and-drop versions we forget how difficult the old DOS versions were to use. But human rights workers in Guatemala, many of whom were not terribly technically sophisticated five years ago, needed security badly enough to learn how to do it. As early as 1994, people in Guatemala were talking about the importance of using strong cryptography, and how they could legally obtain the tools they needed. As a AAAS consultant and later as a staff person, I trained activists in all four of these groups to use PGP, and I can testify that they were very eager students. Human rights groups are committed to the rule of law, and so using the software legally was and is important to them. It wasn't easy, but it was possible to arrange for people to bring floppy disks from Europe. Now, with the Internet, it is much easier for human rights groups to get PGP from the PGP International site. On behalf of human rights workers in Guatemala, I want to repeat the thanks that many of them told you personally when you visited in January. Freeware PGP has been and continues to be a tremendous service to human rights, and we appreciate your efforts on our behalf. Patrick Ball, Ph.D. Deputy Director Science and Human Rights Program American Association for the Advancement of Science In 1996 I received the following letters by email from Central Europe. With the sender's permission, I released the letters to the public, with the sender's name deleted, and some minor typos corrected. - Philip Zimmermann Thanks from Central Europe Date: Sat, 09 Mar 1996 19:33:00 +0000 (GMT) From: [name and email address deleted] Subject: Thanks from Central Europe To: Philip Zimmermann Dear Phil, This is a short note to say a very big thank you for all your work with PGP. We are part of a network of not-for-profit agencies, working among other things for human rights in the Balkans. Our various offices have been raided by various police forces looking for evidence of spying or subversive activities. Our mail has been regularly tampered with and our office in Romania has a constant wiretap. Last year in Zagreb, the security police raided our office and confiscated our computers in the hope of retrieving information about the identity of people who had complained about their activites. In every instance PGP has allowed us to communicate and protect our files from any attempt to gain access to our material as we PKZIP all our files and then use PGP's conventional encryption facility to protect all sensitive files. Without PGP we would not be able to function and protect our client group. Thanks to PGP I can sleep at night knowing that no amount of prying will compromise our clients. I have even had 13 days in prison for not revealing our PGP pass phrases, but it was a very small price to pay for protecting our clients. I have always meant to write and thank you, and now I am finally doing it. PGP has a value beyond all words and my personal gratitude to you is immense. Your work protects the innocent and the weak, and as such promotes peace and justice, quite frankly you deserve the biggest medal that can be found. Please be encouraged that PGP is a considerable benefit people in need, and your work is appreciated. Could you please tell us where in Europe we can find someone who can tell us more about using PGP and upgrades etc. If you can't tell us these details because of the export restriction thing, can you point us at someone who could tell us something without compromising you. Many thanks. I sent him a response and asked him if I could disclose his inspiring letter to the press, and also possibly use it in our ongoing legislative debates regarding cryptography if the opportunity arises to make arguments in front of a Congressional committee. I also asked him to supply some real examples of how PGP is used to protect human rights. He wrote back that I can use his letters if I delete his organization's name "to protect the innocent". Then he sent me the following letter. --PRZ More News from [Central Europe] Date: Mon, 18 Mar 1996 15:32:00 +0000 (GMT) From: [name and email address deleted] Subject: More News from [Central Europe] To: Philip Zimmermann Dear Phil, I have been thinking of specific events that might be of use to your Congressional presentation. I am concerned that our brushes with Governments might be double-edged in that Congress might not like the idea of Human Rights groups avoiding Police investigation, even if such investigations violated Human Rights. However we have one case where you could highlight the value of PGP to "Good" citizens, we were working with a young woman who was being pursued by Islamic extremists. She was an ethnic Muslim from Albania who had converted to Christianity and as a result had been attacked, raped and threatened persistently with further attack. We were helping to protect her from further attack by hiding her in Hungary, and eventually we helped her travel to Holland, while in Holland she sought asylum, which was granted after the Dutch Government acknowledged that she was directly threatened with rape, harrassment and even death should her whereabouts be known to her persecutors. Two weeks before she was granted asylum, two armed men raided our office in Hungary looking for her, they tried to bring up files on our computers but were prevented from accessing her files by PGP. They took copies of the files that they believed related to her, so any simple password or ordinary encryption would eventually have been overcome. They were prepared to take the whole computer if necessary so the only real line of defence was PGP. Thanks to PGP her whereabouts and her life were protected. This incident and the young woman's circumstances are well documented. We have also had other incidents where PGP protected files and so protected innocent people. If the US confirms the dubious precedent of denying privacy in a cavalier fashion by trying to deny people PGP , it will be used as a standard by which others will then engineer the outlawing of any privacy. Partial privacy is no privacy. Our privacy should not be by the grace and favour of any Government. Mediums that ensured privacy in the past have been compromised by advances in technology, so it is only fair that they should be replaced by other secure methods of protecting our thoughts and ideas, as well as information. I wish you well with your hearing. Yours most sincerely [name deleted] -------------------------------------------------------------------------------- New Message from Europe Date: Tue, 19 Mar 1996 10:35:00 +0000 (GMT) From: [name and email address deleted] Subject: New Message from Europe To: Phil Zimmermann I hope our story helps. Here is a little tale of pre-PGP days. In the bad old days before we had PGP and before the revolution in Romania, we used to send couriers to Romania to meet with dissidents and help collate information about their troubles. Organizing such trips was a nightmare because briefing couriers to be able to find people, and then bring out accurate reports was quite difficult. Any document was liable to be confiscated, and any notebook with names and addresses would be taken if found by the Police and every Romanian in the book would be visited by the security Police. Yet sometimes we would be given large files of documents to take to the Human Rights Agencies in the West, and couriers would have to visit several dissidents. As Foreigner's you were required to stay in designated hotels, it was illegal to stay in a private home. You were followed, and meetings with dissidents were a stressful experience for everyone. We eventually started to use handheld psion computers to carry information about travel directions, name and addresses, and to input files etc. No sensitive information was carried in the memory of the psion but in a separate memory cartridge. The cartridge resembled a battery, and the psion looked like a sophisticated calculator, so we relied on the Romanians ignorance of that technology, and on keeping the two items separate when travelling. This worked very well until the late eighties when a courier was arrested at the Romanian\Hungarian border, during the initial search the memory cartridge was overlooked, and as such the courier was able to keep the memory cartridge. Later in the day, he was being walked between two buildings when he had opportunity to throw the memory cartridge into a fast moving river ! All very heady stuff, but everyone back in the office was off the wall for several days until the courier was eventually released and able to confirm the destruction of the memory cartridge. Since PGP, we have been able sleep better at nights. The following story is not for publication as we could easily be identified... [story deleted] ... So as you can see the issue of Privacy here is not about tax evasion or child pornography, but the on-going determination by various groups including parts of the media, and Government Agencies, to know everything and to then to profit by such knowledge financially or by the destruction of those opposed to them. In this part of the world PGP is a common sense idea that protects ordinary people from those who have power that they are prepared to abuse. There is no Constitution, enforced by capable courts in this part of the world able to protect us from such abuses, so we must have the right to protect ourselves from abuse. If the NSC considers PGP a restricted weapon system that can't be legally exported, why can't at least Americans who have the right to bear arms have an ongoing guaranteed right to keep uncompromised encryption\PGP under their pillow at night along with their magnum. If you are allowed fatal force to protect your physical person, why can't you have equally powerful protection for your personal thoughts. Now I am no fan of the Gun Lobby, but if Americans can ensure their right to uncompromised encryption, the rest of us can argue for the same more effectively. Anyway I must get back to work... Do keep in touch sometimes... Best regards |