Peter Claus Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland, Auckland, New Zealand. He has a Ph.D. in computer science from the University of Auckland.[1] His Ph.D. thesis and a book based on the thesis were about a cryptographic security architecture. He is interested in computer security issues, including security architecture, security usability (or more usually the lack thereof), and hardware security; he has discovered several flaws in publicly released cryptosystems and protocols. He is the developer of the cryptlib open source software security library and contributed to PGP version 2. In 1994 he developed the Secure FileSystem (SFS).[2] He is also known for his analysis of data deletion on electronic memory media, magnetic and otherwise, and devised the Gutmann method for erasing data from a hard drive more or less securely. Having lived in New Zealand for some time, he has written on such subjects as weta (a group of insects endemic to New Zealand), and the Auckland power crisis of 1998, during which the electrical power system failed completely in the central city for five weeks, which he has blogged about. He has also written on his career as an "arms courier" for New Zealand, detailing the difficulties faced in complying with customs control regulations with respect to cryptographic products, which were once classed as "munitions" by various jurisdictions including the United States.
His white paper "Cost Analysis of Windows Vista Content Protection", in which he described the content protection specification as "the longest suicide note in history",[3] generated considerable public interest since it was first posted in 2006. He discussed this with Steve Gibson in episode #74 of the Security Now! podcast on 2007-01-11.[4]
In an article[5] written on September 1, 2007, George Ou offers a rebuttal to Gutmann's statements on Windows Vista. Peter Gutmann is quoted in reference to Windows Vista as saying, "Can others confirm this? I don't run Vista yet, but if this is true then it would seem to disconfirm Microsoft's Claims that the content protection doesn't interfere with playback and is only active when premium content is present.". This garnered criticism from audiences who didn't trust the primary use of secondhand information for detailed data, which was often found on forums. When the quality of Gutmann's research came into question, George Ou himself tested certain assertions from the white paper. He found significant differences between what was reported to be true and what was revealed to occur when performed firsthand, and failed to reproduce multiple alleged results in his own tests.