Don't close the book on encryption technology

Most technology and policy books are, to put it kindly, indigestible. But occasionally
a book will come along that’s both readable and erudite.


Whitfield Diffie, Sun Microsystems Inc.’s Distinguished Engineer and the inventor
of public-key encryption, and Susan Landau, a research associate professor in the computer
science department at the University of Massachusetts in Amherst, have written just such a
volume. It’s Privacy On The Line: The Politics of Wiretapping and Encryption,
published by MIT Press.


The book is a well-researched exposition of the evolution of encryption issues. It
measures the public and private forces that have come into play during the electronic age
and the subsequent growth of this field.


Diffie and Landau look to the history of policy surrounding attempts to keep
communications secret and the attempts to break into secret communications.


From ancient codes to the World War II-era Enigma machines to present-day intelligence
at law enforcement agencies and multinational corporations, the authors examine the forces
for and against the ability to maintain complete privacy in communications.


The book provides an overview of cryptographic methods, from the simple one-time
systems where two people need to exchange secret messages to modern, mathematics-based
encryption. Diffie and Landau present an understandable explanation of how cryptology is
used for everything from spy communications to sending credit card numbers across the
Internet.


The authors start with the simple fact that, prior to the advent of electronics, people
could be reasonably certain of assuring the privacy of communications simply by carefully
inspecting their environs to ensure that they would not be overheard. As direct
face-to-face conversation gave way to other forms of communication, the ability to prevent
their interception became increasingly problematic. When parties can’t prevent
interception of communication, they must use encryption.


From this basis, the authors examine the privacy and policy issues that exist today,
when almost any communication can be intercepted using ordinary technology. Modern
cryptography was pioneered by the military. As the technology to perform cryptographic
calculations became cheaper, academia and industry also began to explore private uses of
cryptography. That led the U.S. military, intelligence and law enforcement communities to
envision problems that perfectly protected private communications by foreign governments
or outlaws could pose for the security of the nation. They attempted to reestablish
control.


Unlike many partisans in the crypto debates, Diffie and Landau acknowledge the needs of
the government. But they believe that such needs can be addressed through existing
mechanisms. The book provides a good understanding of commercial and individual needs for
a standard that users can rely on as secure.


The authors describe the government’s rationale behind the establishment of the
Data Encryption Standard and explore the history and controversy surrounding DES. As one
example, Diffie and Landau set forth the banking industry’s requirement for secure
electronic transactions. Bankers balked at the National Security Agency replacing DES with
the Clipper chip, because of the investment the industry had made in DES. That, combined
with competing standards used by banks outside the United States, shows the complexity of
encryption policy-making where private rights and needs can be perceived as clashing with
public goals.


Privacy on the Line’s history of the government’s attempt to nudge, turn and
control the expansion of cryptographic technology provides fascinating insight into the
workings of government during the 1960s, ’70s and today. The authors discuss in
detail methods used by feds to stifle the commercial and academic expansion of this
technology—especially in overseas sales.


Diffie and Landau conclude that government efforts to restrict the broad dissemination
of encryption technology and secure communications are doomed.


They liken the efforts to Prohibition in the 1920s. Just as the cabin stills of that
era produced plenty of moonshine, ordinary PCs today can, in skilled hands, be used to
develop crypto software. The authors firmly believe that private communication should
remain private and that cryptography is well-suited to legitimate activities of private
people.


The debate over control and use of encryption technology is one that will continue.
Read this book to get started. 


Stephen M. Ryan is a partner in the Washington law firm of Brand, Lowell &
Ryan. He has long experience in federal information technology issues. E-mail him at smr@blrlaw.com.

inside gcn

  • analytics (Wright Studio/Shutterstock.com)

    3 data strategies to help crackdown on internal corruption

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above