REVIEW: PGP - PRETTY GOOD PRIVACY by Simson Garfinkel O'REILLY & ASSOC. 1995 ISBN: 1-56592-098-8 393 pages, paperbound $24.95 Finally, an authoritative book about a very popular and somewhat controversial subject has been released. It's not only about Phil Zimmermann's encryption program, PRETTY GOOD PRIVACY, (PGP for short) although it covers the latest version (2.6.2) in great detail. Rather it is also a discussion of the concept of the people's right to privacy in a free society and governmental attempts to abridge these rights. PGP is freely available encryption/decryption software that provides individuals with an extremely powerful cryptography package that has, in the past, been available only to the military, intelligence agencies and very large corporations. PGP is used to encrypt and decrypt files and e-mail. You can also "sign" documents with a tamper-proof digital signature to assure authenticity and origin. PGP is based upon the RSA algorithm, developed at MIT by mathematicians Rivest, Adleman and Shamir and the Diffie-Hellman concept of multi-user techniques commonly known as "Public Key" cryptography. From the beginning there were conflicts over patent infringements and U.S. State Department export restrictions that consider cryptographic materials to be munitions! Phil Zimmermann has taken on the establishment and his many legal battles continue even now. A special defense fund has been set up for supporters to help him with his legal expenses as he continues to stand up to the government on this all-important issue and challange to our right to privacy. Simson Garfinkel has done an extremely thorough job of showing us all the technical ins-and-outs of PRETTY GOOD PRIVACY and how to install it and use it on a PC, Macintosh or UNIX platform. He even tells us where to get the latest version (for free!) by FTP from the server at M.I.T. provided you have full Internet access! Moreover, he has gone much deeper into the PGP/privacy saga by detailing the "behind-the-scenes" stories of how Phil Zimmermann developed PGP, chronicling the patent infringement and export restriction conflicts and taking a human-interest look at the people involved in these all important legal precedent-setting actions that are still not resolved in the courts and probably won't be for a long time to come. I have been following the PGP story since Version 1.0 was released in late 1991. Many others share my interest - in fact there are several USENET newsgroups (including alt.security.pgp) and a mailing list totally devoted to discussion of PGP matters and right-to-privacy issues. When O'Reilly informed me a PGP book was forthcoming I was most anxious to review it. The fine folks at O'Reilly have done a truly superb job with the graphics and illustrations. This book is not only for those wanting to learn how to master PGP (although it certainly will show you how), but for anyone interested in cryptography and concerned with our fundamental right to privacy. Simson Garfinkel's book didn't disappoint me - it accurately tells the whole PGP story and Garfinkel promises that future editions will continue to do so. In my opinion this is the most fascinating computer story I've read since Cliff Stoll's classic yarn several years ago. It won't disappoint you either. (C) 1995 H. Michael Crestohl Nahant Massachusetts E-mail: mc@shore.net