Macintosh Cryptography: Privacy to the People

"It's personal. It's private. And it's no one's business but yours.... Whatever it is, you don't want your private electronic mail (E-mail) or confidential documents read by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.

Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail?

What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity.

Today, if the Government wants to violate the privacy of ordinary citizens, it has to expend a certain amount of expense and labor to intercept and steam open and read paper mail, and listen to and possibly transcribe spoken telephone conversation. This kind of labor-intensive monitoring is not practical on a large scale. This is only done in important cases when it seems worthwhile.

More and more of our private communications are being routed through electronic channels. Electronic mail is gradually replacing conventional paper mail. E-mail messages are just too easy to intercept and scan for interesting keywords. This can be done easily, routinely, automatically, and undetectably on a grand scale. International cablegrams are already scanned this way on a large scale by the NSA.

We are moving toward a future when the nation will be crisscrossed with high capacity fiber optic data networks linking together all our increasingly ubiquitous personal computers. E-mail will be the norm for everyone, not the novelty it is today. The Government will protect our E-mail with Government-designed encryption protocols. Probably most people will acquiesce to that. But perhaps some people will prefer their own protective measures.

[Description of U.S. government efforts to prohibit privacy on the Internet deleted.]

If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable "military grade" public-key cryptographic technology. Until now.

PGP empowers people to take their privacy into their own hands. There's a growing social need for it. That's why I wrote it."

--Phillip Zimmerman, creator of "Pretty Good Privacy" (PGP)

PGP, including MacPGP, is available for download at MIT. PGP allows you to encrypt your files (including files you want to leave on your own disk, but secure from prying eyes), your e-mail messages, and so forth so that no one can read them except the intended recipient (keep in mind that if, for example, you're sending unencrypted e-mail, anyone from your own internet service provider to anyone along the way to the ISP at the recipient's end can intercept and read your e-mail). PGP works by having you generate paired code keys, a "public key" you distribute to others so that they can use it to encrypt messages to you, and a "private key" which only you have, that decrypts those messages. To send an encrypted message to others, you get their public key and use it to encrypt a message to them, and they (and only they) can then decrypt it with their private key. It's a nifty idea, although a bit tedious in practice. MacPGP comes with additional software that supposedly allows it to work semi-automatically with the Eudora e-mail program.

"The MacPGP Kit is a set of AppleScripts that talk to any AppleScriptable version of MacPGP... It will give you a small PGP icon in the top right hand corner of your screen (next to the help balloon button)...which you will click on to see a list of available functions to perform. You can encrypt/decrypt/sign the clipboard, add/sign/remove/view keys on your keyring, all at the click of the mouse. It also comes with some very easy to use utilities to make your macintosh more secure in general [such as a trash can substitute that actually overwrites files you delete so that they're utterly irretrievable/unviewable (when you put something in the Mac's trashcan and empty the trashcan, it's still possible--with a utility program--for someone to get it back!)].... If you happen to use Eudora, then there is an application that will make things easier for you. It will allow you to encrypt/decrypt/sign any Eudora message at the touch of the mouse."

--Gregory Combs, developer of the MacPGP Kit

The MacPGP Kit is available for download at the Macintosh Cryptography Interface Project site. I had a bit of trouble getting the scripts to work for me, but it's a well conceived package.

"FatMacPGP 2.6.3...is a Macintosh port of the international version PGP 2.6.3.... FatMacPGP 2.6.3 will run in native mode on a Power Macintosh, and will also run on 68K Macintoshes having a 68020 CPU or better. It will NOT run on Macintoshes with only a 68000 CPU such as Pluses, SE's, Classics or PB100's. [FatMacPGP] contains all the enhancements and bug fixes of PGP 2.6.3ia.... In addition...FatMacPGP 2.6.3 has many enhancements and bug fixes relative to previous versions of MacPGP.

1) Unlike MIT MacPGP 2.6.2 [FatMacPGP] contains native Power PC code. Consequently it runs typically about 1.5 to 2 times faster than the MIT version on PPC machines....

2) It has a greatly enhanced AppleEvent suite....

3) It has options for automatic hardwrapping and detabbing of text, which should make electronic transmission of clearsigned messages more reliable and increase interoperability with many DOS and Unix text processing programs.

4) It has an option for stealthifying PGP encrypted files, removing any trace of their provenance. The resulting files can't be distinguished from white noise and can be completely concealed by "stegoing" into graphics and audio files. (There is of course also an option for destealthifying.)

5) It has an option for using SHA1 as the hashing algorithm for PGP signatures, instead of MD5.... This is an experimental feature which is not compatible with earlier versions of PGP....

FatMacPGP 2.6.3 is distributed under the same license terms from MIT and RSADSI as the 2.6.2 release, since its functional core is virtually identical.... Distribution of this program may be subject to US government export controls. This release is not endorsed by Philip Zimmermann, MIT or anyone else. However full source code for FatMacPGP 2.6.3 is being released together with the executable.... Also the author is mentioned in Zimmermann's documentation as the primary developer of previous MacPGP versions."

--Z. Fiedorowicz, writer of the FatMacPGP 2.6.3 version.

FatMacPGP Kit is available for download at the MacPGP 2.6.3 Home Page. I have yet to try this, but it sounds good.

Visit the Anonymizer web site to learn what a web site learns about you when you visit it, and to see how you can explore the Web while maintaining your privacy.

If all of this interests you, then click here too.

Please note that this page is mainly an introduction to PGP. It doesn't begin to cover all privacy issues related to the Internet. For example, did you know that your own web browser may maintain a "cookie" file that will store information on your web visits and make that information available to sites that you visit? On the other hand, did you know that there are anonymous remailers you can use to send anonymous e-mail or newsgroup posts? (I don't like them; generally, people should own up to what they write.) Aren't computers wonderful? Sure! Just be sure you use yours wisely.

(This page doesn't deal at all with non-Internet specific concerns like the fact that by accessing private databases, people can discover things like what your home is worth, which videos you rent, and a lot more. Your life is, most likely, much more of an open book than you imagine (at least to anyone who knows where to look).)

Return to Paul Wake's home page.

Last updated November 9, 1996