by David Brin
In that case, I hope my cypherpunk and hacker and strong privacy chums will join me partaking in a pleasant meal of crow. For it is often the punishment of ideologues that the people prove much smarter than we ever imagined.
CHAPTER NINE
HUMILITY AND LIMITS
For decades now there have been privacybusting technologies to which I have no easy and convenient countermeasures (long-range cameras, tiny audio recorders and radio transmitters, etc.), but I don’t feel threatened by them. I feel (rightly or wrongly) that my privacy is adequately protected by a combination of other people’s sheer lack of interest in my life—I’m a fairly ordinary person—and by social constraints. When such respect is widespread, snooping into other people’s lives is disapproved of. I think this will go on providing protection which, while not perfect, is enough for most ordinary people to feel com fortable, and that new snooping technologies will not fundamentally change the picture.
RICHARD TREITEL
As long as we live and breathe we’ll be paranoid. We always have to be careful, but it isn’t going to stop the movement of this technology.
DAVID BARRAM
THE JUDGMENT OF MATHEMATICS: IS SECRECY POSSIBLE?
Way back in chapter 2 we discussed technologies that transformed past ages. Both chemistry in the nineteenth century and physics in the twentieth opened doors to new powers while posing ever greater challenges to our good judgment. Many now predict that biology will be the next generation’s transfiguring science, altering our farms, medicine, pets, and even our children. But to a few visionaries even these changes are small potatoes. To them, mathematics is perceived as the ultimate revolutionizing field, with groundbreaking potential that may force strong choices on humanity, for good or ill.
Will encryption, like the atom bomb, serve as the vehicle by which a formerly innocent field comes to “know sin”? According to Lawrence Lessig, a Harvard law professor: “Law is becoming irrelevant. The real locus of regulation is going to be [computer] code.”
Recall the plausibility matrix at the end of the last chapter. Of all the factors affecting which box may dominate the world to come, mathematics may be crucial, since it could determine whether the encryption schemes so widely touted by some strong privacy advocates can ever keep their promise to protect users from prying electronic eyes.
Now I will admit that I am ill prepared to deal with this issue. Perhaps a journalist would feel less intimidated, but with a background in physics I am just barely competent enough at math to blink in wonder at the work being done in this field by some very brainy guys. Matthew Blaze, Whitfield Diffie, Philip Zimmermann, their colleagues, and competitors work in an intellectual hothouse that is both steamy and exciting. Their community of mind could be compared with that of the whiz kids who worked on the Manhattan Project more than five decades ago, but this time the talent is widely distributed around the world. Only a small fraction of today’s cryptographic wizards work for the NSA and its famed Puzzle Palace. Naturally, there are research groups in other countries (and even allies have few compunctions about cracking each other’s codes). Some of the best are employed by corporations, universities, or small entrepreneurial companies. At their gatherings, one can’t help but notice crypto-sorcerers exchanging wry smiles and knowing looks in the halls. These are their glory days.
There seems little point in trying to explicate the ins and outs of cryptography here. The interested reader is encouraged to pick up works that cover the subject in detail, such as Bruce Schneier’s Applied Cryptography (which also contains a thorough “reference list from hell”). Nevertheless, a little coverage is called for in this book, if only to fathom whether math has already rendered its judgment, or if the jury of algorithms is still out, deliberating on our destiny.
As we discussed earlier, cryptography is concerned with the use of mathematical functions, called ciphers, which separate the security of a message’s content from the security of the media over which it is transmitted. In other words, if a letter is opened, or a telephone line is tapped, that intrusion will reveal nothing about the actual meaning that is being carried if the message has been scrambled in advance by a clever coding technique.
There are several types of ciphers. The most familiar make it difficult to understand the content of a message without prior knowledge of a secret “key.” A related type of function can ensure that information has not been altered in transit from sender to recipient. Applications include securing wired and wireless voice and data traffic against eavesdropping, protecting computer files from unauthorized access, and enabling secure electronic business transactions.
In 1976 Whitfield Diffie, Ralph Merkle, and Martin Hellman invented “public key” cryptography, which splits the scrambling-anddescrambling key into two components (a widely distributed public module and a closely held private one) so that users may communicate in secrecy with people they never met. “Digital signatures” can verify that an e-mail message really was generated by the person claiming responsibility for it. Among other problems, Diffie is now looking into how to evaluate systems to see if they have a “trapdoor” built in by their creators. Commenting on the encryption wars, Diffie maintains “It has been thoughtlessly said ... that cryptography brings the unprecedented promise of absolute privacy. In fact, it only goes a short way to make up for the loss of an assurance of privacy that can never be regained.”
Another “demigod” of cryptography is Leonard Adelman, a mathematician who recently helped demonstrate that DNA molecules can be used to compute complex problems. Adelman’s work in the past focused on algebraic number theory and the higher mathematics of secrecy. He was also one of the inventors of a patented electronic encryption system called RSA, so powerful that governments and businesses worldwide have adopted it. But the DNA computer has drawn special attention because it could apparently outperform (in theory) the most advanced digital electronic calculating engines by many orders of magnitude, at least when it comes to certain kinds of well-defined problems. It would accomplish this by using the massively parallel approach of assigning quadrillions of molecules the random task of checking out countless different mathematical avenues at the same time. Only those that came close to success would “survive” and then continue “evolving” toward a correct answer.
Even more startling potential breakthroughs have been claimed for “quantum computing,” which seems to offer a means to bypass the strict logic of cause and effect, using quirky aspects of the Heisenberg uncertainty principle. Among other things, this approach implies that no eavesdropper could tap a message without being noticed, since eavesdropping requires observation, which inevitably disrupts a quantum system in detectable ways.
Then there is steganography, or the art of “covered writing,” encrypting a message by “burying” it in something else. A simple example might be a text where the third letter of each sentence can be strung together to reveal a memorandum, or the “acrostic” messages that some claim they can find in works of Shakespeare, which were supposedly hidden there by the “real” author, Francis Bacon. (Similar assertions have recently been made for messages encrypted in passages of the Bible.) A modern steganographic technique is taking an image, represented as an array of color pixel elements, then weaving a message (a stream of bits) in the low-order bits of the colors. (A difference between green level 233 and green level 236 would not be detectable to the naked eye.) One can use this technique in any medium where the precision of the medium is greater than the “noise level” of typical contents (such as images or audio). One early use of steganography that has been widely publicized is the encrypting of “watermark” verifiers by Playboy magazine into many of its published photographs, in order to track copyright violations. Using steganography, a coded message can be hidden in any image, so an opponent would be hard pressed to guess it was even there.
After a recitation like this one, anybody might imagine that the pro-encryption, lobby has proved its case, at least on a technological level. But th
ere have been rude surprises for this side, such as the incident described earlier in which a famous encryption standard was broken by an ad hoc nationwide network of personal computers “about a trillion years earlier” than previous estimates predicted it could be done. And yet, each time such an episode is announced, crypto-enthusiasts greet the news with smiles and blithe shrugs. After all, it is a simple matter to make their favorite codes much, much harder to break. For instance, instead of using an RSA public key that is 768 or 1,024 binary digits long, try one with 1,536 or 2,048 bits! Instead of using DES with 56 bits, use Triple DES with 168, or Blowfish with 448! Each additional bit increases the intended recipient’s difficulty of translation at only arithmetic rates, while the job of code cracking by an opponent seems to rise exponentially.
At a CFP conference in 1995, I asked Whitfield Diffie if he felt this meant that the outcome of the numerical arms race was a foregone conclusion. Had the advantage been permanently settled in favor of the encryptor, over some team of well-equipped math wizards trying to break another person’s code? Diffie’s answer surprised me: “No, I can’t say any such thing. I don’t think that’s been decided at all.”
A puzzling, if honest admission on the part of one of the fathers of modern cryptography. It has subsequently grown clear that, for a number of compelling reasons, the jury will be out for quite some time. 1. So much attention has been paid to the length of encryption keys that only a few experts seem to recall that keys are only as good as the algorithmic “locks” they are designed to open. These are the software routines that a computer program uses to unshuffle a message. Several once-vaunted algorithms have met their downfall over the years since Alan Turing inspired the breaking of the German Enigma code, during World War II. For example, the random number generator you use may be flawed in some way that your opponent can predict. “Smart” credit cards were recently shown to have an inherent and potentially fatal mathematical fault that was completely unanticipated by the designers. No one has yet announced any serious chinks in the armor of the present-day Cadillac, RSA Public Key, but that doesn’t guarantee that nobody will—or indeed that the masters of the Puzzle Palace haven’t already done so. As Bruce Schneier put it: “Security is a chain, and a single weak link can break the system.”
2. All right, so your message can’t be cracked by an opponent immediately, here and now. That may be all the surety a corporation needs, since many commercial messages lose their worrisome significance after a few days or months. But then, what about the other coded missives that you hoped to bury forever in encrypted Gehenna? Your enemy may have intercepted and recorded them on great spools of tape. Sure, the recordings may seem like impenetrable static right now, but what about next year? Or the year after? (After all, the DES standard seemed impregnable for a while.) In the cypherpunks’ world, people could all too easily mislead themselves. We may get into the bad habit of counting on our codes remaining unbreakable, envisioning that they are safe through eternity. But nothing lasts forever. Next year there may be DNA computers, or quantum processors, or newly powerful algorithms. And with each breakthrough those tapes of static could come off the shelves to be sifted, clarified, and read. In other words, time-delayed transparency may occur without being created by deliberate policy, a worst possible scenario for those who fall into the unwise custom of assuming that today’s solution will always last.
3. One crypto expert recently conceded, “Even a system which is perfect in theory may have weaknesses when put into practice by fallible human beings ... especially when the original designers are still out there, knowing more.” Many of today’s computer security experts wring their hands in despair over the twin banes of their existence: first, lazy customers who routinely write their passwords in easy-to-find places, or who use obvious mnemonics (like their birthdays), or practice sloppy procedures; and second, the lurking danger that an entire system may be infested with “back doors” or other Halloween tricks, left behind by the techno-mavens who originally wrote the millionline controlling program. Regarding the latter danger, many of today’s sysops and software designers admit admiring the novel My Name Is Legion, by the late Roger Zelazny, a tale about a twenty-first-century software designer who helps set up a worldwide personnel records database, lacing it with secret paths enabling him to manipulate information at will, creating new identities for himself at the drop of a hat. Of course, being a Zelazny fan does not automatically mean you will follow the protagonist’s example. But few doubt that there are lots of secret access points out there, designed and left in place by otherwise well-meaning fellows who rationalize, “If you can’t trust a nerd, who can you trust?”
4. Then there is the problem of uneven access to technology that we referred to earlier. Let us assume that steady progress is made with “teraflop processors,” then “petaflop” machines, and even DNA or quantum computers. In theory these advances can be compensated for. By constantly ratcheting up the number of bits in their keys, encryptors should retain the advantage at any particular point in time. Assuming both sides truly have the same level of power available.
But what if one side quietly gets its mitts on a petaflop machine, or a potent quantum unit, years ahead of its competitors? Then the inherent advantage shifts dramatically. As Steven Levy of Newsweek put it, “The strength of cryptography determines who’s going to try to break in.... if it’s the Mafia or a national government, they’ll have plenty of resources.” (Recall box 3 of the “plausibility matrix” on page 272.)
The important thing to realize is that you can never know if this is not already the case. At least, you cannot know except in a fiercely open society, where enough light shines that even the NSA would find it hard to hide a technological breakthrough for very long.
Can anyone say for sure what the answer is? One former strong privacy advocate recently told me that he was finally turned off by the prospect of an endless encryption-decryption arms race. “Whoever wins, wins all! Money, power, etc. Lives in a clear world, while all others live in fog.”
This dismal scenario was illustrated in the movie Sneakers, starring Robert Redford, Sidney Poitier, and Dan Aykroyd, in which the heroes steal an all-powerful code-cracking chip from the bad old government. But then, instead of sharing it with everyone (creating transparency), they proceed to impose their will omnipotently upon the world, rewarding causes they (or the movie’s producers) think “good” and punishing those they consider “bad,” thus demonstrating the danger we’ll face when some group of bright, well-meaning T-cells acquires a secret advantage, assuming heaps of power with no one to hold them accountable.
And yet, despite all of the above, I am forced by my respect for the cryptographers to admit that they may very well be right. The new math techniques for shuffling messages, and transmitting them enciphered so that only the intended recipient can read them, may be flawless. As I have said repeatedly, some types of secure coding may be essential if the new electronic economy is to flourish.
Does it really matter, though? What we are actually seeing here is yet another round in the long struggle between idealists and pragmatists that has been going on ever since that “father of philosophy,” Plato, attacked poor Archytus for daring to build a mechanical calculating device—the world’s first practical computer—betraying the “essence” of pure numbers with his defiling bits of wood and metal. Like all transcendentalists, Plato didn’t much care for the real world. But the real world is where we live.
In the long run, transparency will not thrive or fail because of the metamagical games played by encryption enthusiasts. The wizards do not control our fate, after all. There are just too many ways to go around the math.
So, Nat‘ralists observe,
a Flea Hath smaller Fleas that on him prey,
And these have smaller Fleas to bite ’em, And so proceed ad infinitum.
JONATHAN SWIFT
THE JUDGMENT OF TECHNOLOGY
Theory and practice are two very different things
. For instance, the most crack-proof encryption system known, the onetime pad, has an Achilles heel. The intended recipient has to already possess the lengthy deciphering code, which must have been transmitted earlier (and possibly snooped) or else delivered in person by a potentially fallible courier. Public key encryption was designed to get around that flaw, but as we discussed, it has weak links of its own. Even if the keys are never cracked by brute force, the deciphering algorithm may be flawed, or compromised by some intentional or unforeseen “back door.”
Computer hardware isn’t any better. Viruses and Trojan horse programs might lurk in your hard disk, waiting to copy your password and later e-mail it to your adversary. Many people use passwords that are based on mnemonics an enemy can guess, or work out by trial and error, or find scribbled in a coworker’s desk. I mentioned earlier the old-fashioned method of sending a sexy spy to seduce and then blackmail the loneliest member of your staff into simply handing over the passwords in a paper envelope. Until humans have some automatonlike ability to adhere rigidly to procedure, and until the procedures themselves can handle all circumstances, there will be no lack of chinks in the armor that can be used by well-heeled skulkers, able to afford skilled and amoral help.
Some of these chinks will be widened into gaping holes by new technologies. For instance, this book has alluded several times to wasp-sized, or even gnat-scale, mobile cameras, sent flitting into an opponent’s office or bedroom to spy from the ceiling, observing a password as it is being typed, or just relaying every keystroke before encryption software can conceal it. Are such things really possible? • Sony already sells a digital color camcorder the size of a passport, weighing just over a pound. A miniature video camera developed by ORNL has a pinhole opening and is small enough (the size of a microcassette case, 1 × 2 × 0.5 inches) to be hidden behind badges or other small objects. The camera has a built-in transmitter.