Features

net.wars: Cryptanalysis

Was Whitfield Diffie robbed when he failed to win a Big Brother Award or even secure a nomination?

It was Diffie himself who complained, and even being given the first annual Computers, Freedom, and Privacy Distinguished Innovators award didn't quite make up for the slight (pleased as he seemed to be by that recognition, which he shared with fellow cryptography inventor Ron Rivest, the 'R' in RSA).

Why does one of the key inventors of public key cryptography think he deserves to be publicly shamed for privacy invasion?

"I was thinking that cryptography is a two-edged sword," he explained, "and technology, especially complicated technologies, tend to serve the people who can invest in them." People with power – governments, large companies, big organisations – can afford to invest substantially in developing and deploying cryptography, where individuals and small outfits can't. "Use follows the structure of society. It supports the powerful and suppresses the weak."

This conference, in the mid-1990s, was a hotbed of impassioned crypto activism. One of this year's actual BBA winners was Stewart Baker, the former general counsel to the National Security Agency, whom Simon Davies, executive director of the awarding organisation, Privacy International, noted was behind the US's most heinously invasive policies. Though here at CFP Baker is chiefly identified with deriding the 1994 conference by saying that the only people opposed to key escrow were those who couldn't go to Woodstock because they'd had to stay home to do their maths homework.

Fortunately, Diffie waited until now to argue that crypto could be a bad thing.

Nonetheless, he has a point. Cryptography is deployed by banks, the military, and the mobile phone companies. Hardly any individuals install it personally. The most widespread use of crypto is probably SSL – the security that protects credit card details and other personal information in transit to ecommerce Web sites. Second, if not now then soon, is the trusted computing module in computers.

"My original vision was 100 million secure telephones," said Diffie. "That's come nowhere near true, and most of the secure telephones – less than a million – are in the hands of governments."

Besides key escrow, the other big crypto issue of the mid 1990s was the Clipper Chip, a government effort to create a standard for strong cryptography. Clipper was supposed to go in all kinds of things – phones, modems – but it included key escrow, and so everyone despised it. But had Clipper been deployed, consumers and businesses would in general have far more secure telephones than the wholly insecure ones they have now.

This may soon change with the rise of VOIP and the understanding that data in progress across the Internet is insecure. But it's entirely arguable that the government was right in the mid 1990s when it said that deploying Clipper would enable greater general security for the masses. Certainly, nothing has arrived to do replace it.

Still, in the next decade telephony will be so completely reinvented that Diffie's old dream of the secure telephone will have little relevance. Sure, VOIP traffic may be routinely encrypted. But, he said, "Within a decade no significant program will be secure in the sense that we talk about secure computing today."

Why? Outsourcing.

In the sense that: "Nobody in the country can avoid making trade secret queries using Google." Within a decade, most of the time if you want a computing service you'll buy it in from someone you find via some form of search.

"Phone calls," added Ron Rivest in the post-award discussion, "will be kept as documents by the phone company." They'll be searchable. "The whole nature of what a phone call is, is going to change in very interesting ways. It means trusting another party to manage all the data, though it's yours in principle."

Think of your voicemail now. Technically, you own the messages, but if you use the service supplied by your telco, those messages are stored on their server, and possession and all that.

Crypto also solves only one type of security problem; it does not defeat traffic analysis, which earlier sessions at this conference showed requires as little as 6 percent of the nodes in a network – providing they're the right 6 percent. Nor does it make clear in and of itself whom you should trust.

"I've thought for a while," Diffie said, "that the word 'trust' is not quite the right thing. There's nothing you can do about relying on people – but with mounds of traffic data, what can you protect? And that depends on how much you're willing to invest in that protection."

In Montreal, it's well known that people are not willing to invest very much. The one company that really tried to commercialise privacy software, Zero Knowledge, was based here before it crashed and burned. "My view," he concluded, "is that we're entering a heyday of intelligence."

So does he really think he deserves a BBA? Does his name truly belong up there with Baker, the UK (worst government), ICAO (most appalling project), and "the common good" (the justification for every heinous proposal)?

"I realised I wasn't even a runner-up."