Philip Zimmermann
Cartoon of Phil from Computer Power User Magazine

Frequently Asked Question

Addendum: The rest of this page was written years before PGP Corp was acquired by Symantec in the summer of 2010. Most of the original PGP people have left the company since then, including me. However, I have no reason to think that the product's integrity has changed.


For many years I've been getting this same question by email from PGP users, expressed in different forms, day after day:

Q: Are there any back doors in PGP? Come on, you can tell me, I won't tell anyone.

A: No. There never have been, and never will be, at least as long as I am associated with the product. I didn't go through all this trouble just to see my product become corrupted. Besides, we publish the PGP source code, so you can check it yourself.

Also, if you read some of of my political writings (such as my Senate testimony, Why I Wrote PGP, and the preface to one of my books), you will get a sense of my political values and motives, why I developed PGP, and why I would never allow a back door in PGP.

The team of people who make PGP share these values. They work on PGP because they believe in PGP. They aren't going to put backdoors in PGP. I have worked with them for years, and they are just as committed as I am.

Q: I assume you put a back door in PGP because of the September 11th attacks. Is this true?

A: No, the attacks did not change my convictions about privacy and civil liberties. See my response to a post-9/11 Washington Post article.

Q: I heard a rumor that you cut a deal with the US Government to put a back door in PGP in order to not be prosecuted for publishing PGP. Is this true? Come on, you can tell me, I won't tell anyone, I promise.

A: You heard wrong. No, I didn't cut any deals, and would not have done so even if it was the only way to stay out of prison. But I didn't have to negotiate with them at all. After a three year criminal investigation, they did not indict me, because we beat them.

Tin Foil Hat

The Government would have had a very tough time proceeding with a criminal trial in 1996. There were serious First Amendment issues. They also had significant evidentiary problems proving their case. And there were huge political problems with proceeding with a case of this kind in an election year, given the nearly unanimous sentiment in the computer industry against a prosecution. Not everything that happens in the world is a result of some dark conspiracy. Sometimes you just win. This was one of those times.

Sometimes people ask me if the government chose not to prosecute me because they just figured out some way to crack PGP, perhaps by some fancy method of cryptanalysis, without me actually putting in a back door. I find that most unlikely, for a number of reasons. First, if the NSA did develop a means of breaking PGP, they would keep it under tight wraps, and would certainly not tell a federal prosecutor about it. The NSA would never trust the cops with a secret of that magnitude. Also, the popularity of PGP was greatly enhanced by my harrassment from the government. If the NSA could break it, it would make more sense for them to just sit back and allow a prosecution to proceed, which would make PGP even more popular, and thus give the NSA even more opportunities to exploit their secret capability. So if the lack of my prosecution is all the evidence you have of some secret NSA capabilty to crack PGP, I think your case falls apart. The real reason why they didn't prosecute me is that we simply beat them.

Q: I hear that we can only trust the old forbidden versions of PGP, such as version 2.6.2. All the later versions have a back door, which is why the government approves of them. Is this true? Come on, you can tell me.

A: No, no, no. The version number had nothing to do with what was forbidden to export from the U.S. Note that no version of PGP was actually "forbidden". It was always legal to use it in the U.S. But in the 1990s, all software with strong crypto was export controlled, including PGP. If today's version of PGP were available back then, it would have been equally subject to the same export controls. In 2000, the U.S. government lifted the export controls on strong crypto, which made it legal to export all versions of PGP, including the old versions, such as 2.6.2. It was the law that changed, not the software.

The law changed because the entire U.S. computer industry (which is the largest, most powerful industry in the U.S.) was united in favor of lifting the export controls. Money means political influence. After years of fighting it, the government finally had to surrender. If the White House had not lifted the export controls, the Congress and the Judicial system were preparing to intervene to do it for them.

Q: I heard that the police caught some criminals who were using PGP, and the only way they could have caught them was if they could crack PGP, so there clearly must be a back door. Can you confirm this? Come on, you can tell me, I won't tell anyone.

A: There are lots of ways that the police can get the evidence they need without breaking PGP. Sometimes they recover data from deleted plaintext files. Sometimes they install a keyboard sniffer on the target's computer, to capture his passphrase as he types it. Sometimes the target uses a weak passphrase that the police can guess by using a dictionary attack. Sometimes they plant a microphone in his office. Sometimes they use an informant. The list goes on and on. None of these methods rely on a cryptographic weakness or a back door in PGP.

Q: I heard that the US Government would never allow PGP to be published unless there was a back door. Is there one? Come on, you can tell me, I won't tell anyone, really, I promise.

A: Read my lips: There are no back doors in PGP. Haven't you been paying attention? Besides, have you ever thought about how absurd it is to receive a question like this by email from a total stranger, who assures me that he won't divulge my presumably scandalous answer?

Look, if you really feel the need to believe in conspiracy theories, here's an even better one: The government actually started these nasty rumors of back doors in PGP, because in fact they don't know how to break it. What better way to scare people away from using it? And you played right into their hands by falling for their clever rumors. Personally, I don't buy that theory either, because unlike some people, I'm not a conspiracy nut.

Q: Really, I heard this in a chat room, so it must be true. Please tell me, is there a back door? Come on, you can tell me.

A: I gotta go.