Don't close the book on encryption technology
Most technology and policy books are, to put it kindly, indigestible. But occasionally
a book will come along thats both readable and erudite.
Whitfield Diffie, Sun Microsystems Inc.s Distinguished Engineer and the inventor
of public-key encryption, and Susan Landau, a research associate professor in the computer
science department at the University of Massachusetts in Amherst, have written just such a
volume. Its Privacy On The Line: The Politics of Wiretapping and Encryption,
published by MIT Press.
The book is a well-researched exposition of the evolution of encryption issues. It
measures the public and private forces that have come into play during the electronic age
and the subsequent growth of this field.
Diffie and Landau look to the history of policy surrounding attempts to keep
communications secret and the attempts to break into secret communications.
From ancient codes to the World War II-era Enigma machines to present-day intelligence
at law enforcement agencies and multinational corporations, the authors examine the forces
for and against the ability to maintain complete privacy in communications.
The book provides an overview of cryptographic methods, from the simple one-time
systems where two people need to exchange secret messages to modern, mathematics-based
encryption. Diffie and Landau present an understandable explanation of how cryptology is
used for everything from spy communications to sending credit card numbers across the
The authors start with the simple fact that, prior to the advent of electronics, people
could be reasonably certain of assuring the privacy of communications simply by carefully
inspecting their environs to ensure that they would not be overheard. As direct
face-to-face conversation gave way to other forms of communication, the ability to prevent
their interception became increasingly problematic. When parties cant prevent
interception of communication, they must use encryption.
From this basis, the authors examine the privacy and policy issues that exist today,
when almost any communication can be intercepted using ordinary technology. Modern
cryptography was pioneered by the military. As the technology to perform cryptographic
calculations became cheaper, academia and industry also began to explore private uses of
cryptography. That led the U.S. military, intelligence and law enforcement communities to
envision problems that perfectly protected private communications by foreign governments
or outlaws could pose for the security of the nation. They attempted to reestablish
Unlike many partisans in the crypto debates, Diffie and Landau acknowledge the needs of
the government. But they believe that such needs can be addressed through existing
mechanisms. The book provides a good understanding of commercial and individual needs for
a standard that users can rely on as secure.
The authors describe the governments rationale behind the establishment of the
Data Encryption Standard and explore the history and controversy surrounding DES. As one
example, Diffie and Landau set forth the banking industrys requirement for secure
electronic transactions. Bankers balked at the National Security Agency replacing DES with
the Clipper chip, because of the investment the industry had made in DES. That, combined
with competing standards used by banks outside the United States, shows the complexity of
encryption policy-making where private rights and needs can be perceived as clashing with
Privacy on the Lines history of the governments attempt to nudge, turn and
control the expansion of cryptographic technology provides fascinating insight into the
workings of government during the 1960s, 70s and today. The authors discuss in
detail methods used by feds to stifle the commercial and academic expansion of this
technologyespecially in overseas sales.
Diffie and Landau conclude that government efforts to restrict the broad dissemination
of encryption technology and secure communications are doomed.
They liken the efforts to Prohibition in the 1920s. Just as the cabin stills of that
era produced plenty of moonshine, ordinary PCs today can, in skilled hands, be used to
develop crypto software. The authors firmly believe that private communication should
remain private and that cryptography is well-suited to legitimate activities of private
The debate over control and use of encryption technology is one that will continue.
Read this book to get started.
Stephen M. Ryan is a partner in the Washington law firm of Brand, Lowell &
Ryan. He has long experience in federal information technology issues. E-mail him at firstname.lastname@example.org.