In Baudelaire's time you had to be a poet to be an albatross, but today anyone with a computer can leave his clumsy land-bound self behind and soar in a space where we are truly graceful. For those of us who stumble through our flesh-bound lives, computers are the gate to a cleaner, better world, in which we never forget our keys or even letters, dates and names. On a well-regulated computer, I could never find myself gazing with mournful stupefaction at the door of a newly purchased flat, shut and with my only keys behind it. Or so I thought until I tried PGP.
Phil Zimmerman, who wrote PGP, is the only programmer ever to have been arrested for his work. It's generally agreed that the FBI shouldn't have done this, even by those of us who feel that not nearly enough programmers are punished for their crimes against humanity. His purported crime was to release the program so that anyone with sufficient energy and application could use it to make their computer files completely and utterly secure from prying eyes.
PGP has further side effects, such as making it possible to be reasonably certain that a document has been signed by the purported originator and that it has not been tampered with since it was written. In other words, it makes trust easier and betrayal more difficult, which sounds wonderful except that the people who most need to trust each other and to be secure against betrayal are those engaged on conspiracies against the rest of us, which is why the spooks believe they should have a monopoly on this stuff.
But it's out now, and this kind of trust and secrecy is the foundation of the electronic commerce that is going to make us all rich. It is sensible to be picky about encryption where money is concerned. It's one reason I use the Norwegian browser Opera: it handles credit card information in transit much more safely than the European versions of either Netscape or Internet Explorer. But egged on by a friend, I decided to put version six on my computer in case anyone wants to send me any secret documents and so that the incredibly important e-mails I send can be properly identified. I published my key and waited.
Nothing happened for six weeks. Apparently no one cares enough about my opinions to demand an assurance that they are unequivocally mine. Then I decided to fiddle with it a little, and discovered that I had forgotten my passphrase. PGP encrypts everything three or four times, using keys hundreds of digits long, which is why it is so safe; but no one can remember these digits, so they are in turn summoned into existence with a tiny passphrase that humans can remember and must never write down, or else the whole exercise becomes rather self-defeating. That is what I have forgotten. If anyone reads my key and sends me a confidential message, I will be unable to read it.
This has unfortunate consequences. For one thing, I could be jailed for my bad memory. The e-commerce bill, as it stands at present, means that if the police demand that I decrypt the contents of my hard disk, I am committing an offence if I have forgotten the passphrase. Actually, the bill says that I could be jailed even if I never knew the passphrase in the first place. This would appear to contravene the European Convention on Human Rights, but it is not clear yet whether Patricia Hewitt will alter it before it the courts have to, and I have no wish to be a martyr.
The only consolation is that I am unlikely to be alone in jail if this goes through. Demon Internet, the original British ISP, is preparing a new release of its Turnpike software that will have PGP built in, so that anyone who wants to use secure e-mail will be able to do so. Demon has always been a fairly libertarian organisation. When the software goes out, hundreds of thousands of people will have simple access to encryption and tens of thousands will actually use it. There are lots of non-techie people who find Demon's software much easier to use and understand than any of the alternatives. And the thing will be set up so that replies to encrypted incoming mail are themselves encrypted by default, so it may spread rapidly among Demon users who correspond with each other. I just hope they can all remember their passphrases, because whatever is encrypted under a forgotten password really is completely irrecoverable, and if the courts don't believe you have forgotten it, you could sit in jail until the heat-death of the universe or until Jack Straw learns to care about civil liberties, whichever comes quicker.
