In 1991, he wrote the popular Pretty Good Privacy (PGP) program, and made it available (together with its source code) through public FTP for download, the first widely available program implementing public-key cryptography. Shortly thereafter, it became available overseas via the Internet, though Zimmermann has said he had no part in its distribution outside the United States.
The very first version of PGP included an encryption algorithm, BassOmatic, developed by Zimmermann.[4]
Arms Export Control Act investigation
After a report from RSA Security, who were in a licensing dispute with regard to the use of the RSA algorithm in PGP, the United States Customs Service started a criminal investigation of Zimmermann, for allegedly violating the Arms Export Control Act.[5] The United States Government had long regarded cryptographic software as a munition, and thus subject to arms trafficking export controls. At that time, PGP was considered to be impermissible ("high-strength") for export from the United States. The maximum strength allowed for legal export has since been raised and now allows PGP to be exported. The investigation lasted three years, but was finally dropped without filing charges after MIT Press published the source code of PGP.[6]
In 1995, Zimmermann published the book PGP Source Code and Internals as a way to bypass limitations on exporting digital code. Zimmermann's introduction says the book contains "all of the C source code to a software package called PGP" and that the unusual publication in book form of the complete source code for a computer program was a direct response to the U.S. government's criminal investigation of Zimmermann for violations of U.S. export restrictions as a result of the international spread of PGP's use.[7]
After the government dropped its case without indictment in early 1996, Zimmermann founded PGP Inc. and released an updated version of PGP and some additional related products. That company was acquired by Network Associates (NAI) in December 1997, and Zimmermann stayed on for three years as a Senior Fellow. NAI decided to drop the product line and in 2002, PGP was acquired from NAI by a new company called PGP Corporation. Zimmermann served as a special advisor and consultant to that firm until Symantec acquired PGP Corporation in 2010.[2] Zimmermann is also a fellow at the Stanford Law School's Center for Internet and Society. He was a principal designer of the cryptographic key agreement protocol (the "association model") for the Wireless USB standard.
Silent Circle
Along with Mike Janke and Jon Callas, in 2012 he co-founded Silent Circle, a secure hardware and subscription based software security company.[3][8]
Dark Mail Alliance
In October 2013, Zimmermann, along with other key employees from Silent Circle, teamed up with Lavabit founder Ladar Levison to create the Dark Mail Alliance. The goal of the organization is to work on a new protocol to replace PGP that will encrypt email metadata, among other things that PGP is not capable of.
Okuna
Zimmermann was also involved in the social network Okuna, formerly Openbook, which aimed to be an ethical and privacy-friendly alternative to existing social networks, especially Facebook.[9] He sees today's established social media platforms as a threat to democracy and privacy, because of their profit-oriented revenue models that "are all about exploiting our personal information" and "[deepen] the political divides in our culture", and hoped Okuna would help solve these problems.[10]
Zimmermann's Law
In 2013, an article on "Zimmermann's Law" quoted Phil Zimmermann as saying "The natural flow of technology tends to move in the direction of making surveillance easier", and "the ability of computers to track us doubles every eighteen months",[11] in reference to Moore's law.
Awards and other recognition
Zimmermann has received numerous technical and humanitarian awards for his pioneering work in cryptography:
In 1995, Newsweek also named Zimmermann one of the "Net 50", the 50 most influential people on the Internet.
Simon Singh's The Code Book devotes an entire chapter to Zimmermann and PGP.[20] In 2022 Steven Johnson covered his story and achievements in Zimmermann's profile for Hidden Heroes - The Crypto Wars: How Philip Zimmermann Fought for Our Right to Privacy.[21]
Publications
The Official PGP User's Guide, MIT Press, 1995[22]
PGP Source Code and Internals, MIT Press, 1995[23]