by Whitfield Diffie and Susan Landau. Cambridge: MIT Press, 2007. 400pp. Hardcover. $27.95/£16.95. ISBN: 9780262042406.
Reviewed by Lawrence E. Rothstein, Department of Political Science & Labor Research Center, University of Rhode Island. E-mail: LER [at] URI.EDU.
This is a new and expanded edition of a book, by Whitfield Diffie and Susan Landau, I reviewed in this publication eight years ago (vol. 9, No. 6 June 1999). The new edition contains a similar, but lengthier, informative chronicle of government efforts to control the spread of cryptography and the opposition of business, scientific and civil libertarian communities to those efforts. What has transpired since the publication of the earlier edition has borne out Diffie’s reputation as the “Prophet of Privacy.”
Diffie, Sun Microsystems Chief Security Officer and developer of public key cryptography, and Susan Landau, Distinguished Engineer at Sun, had argued that the two, seemingly incompatible, needs of the “information society,” full and immediate data accessibility and data security (hence privacy), required the widest expansion of a cryptographic standard capable of securing both governmental and commercial communications. The more widespread the use of a single standard, the cheaper the cost of implementation and the greater the ability for secure global information exchange. Therefore, government efforts to control the spread of encryption through prohibition of publication of cryptographic research, “key escrow” requirements (providing the government with the private key needed to decrypt messages encrypted with a public key system), the Clipper chip (a hardware backdoor for the government to decrypt messages encrypted with the chip) and limitations on the selling and exporting of cryptographic systems were doomed to failure.
They were right. Soon after publication of the first edition, export controls on cryptographic software were removed and the key escrow and Clipper chip programs died. Publication controls never really got off the ground. The US government’s program for replacing its own aging and questionably secure Data Encryption Standard (DES) became an international competition with a publicly available Belgian system, the Rijndael algorithm, being adopted as the Advanced Encryption Standard (AES). Ironically, the adoption of a non-classified algorithm for protecting the highest level of classified information was finalized after the security panic of 9/11/01. Interoperability between domestic governmental, international and commercial information systems and the reduced cost of a widely used system were major considerations for the adoption of this standard. As Diffie and Landau note, the US government, even the information greedy NSA, has moved from attempting to prohibit encrypted communication to seeing a need for increasing the encryption of non-governmental information. National [*2] security, threatened today by non-state actors targeting civilian activities, depends on the security of commercial and other non-military data. Response to disasters, whether or not man-made, requires interoperable, yet secure, public and private communication systems.
Public key cryptography depends on asymmetric encoding and decoding. Messages encoded by a widely available public key can only be decoded by those possessing a private key. Each private key is different and the number and complexity of the transformations in the encrypted message do not allow the private key to be derived from the public key in a reasonable amount of time. Furthermore, the system allows real time negotiation of the secret and individual private keys through the exchange of messages that contain no decipherable secret information. Eliminating the need for secure centralized facilities that distribute keys, equipment and messages makes public key systems suitable for interactive communications between equals.
This is not to say that encrypted communication has become widespread. As the authors note, it has not expanded as fast as they had earlier predicted or hoped. There are still substantial cost and convenience barriers. They see it as gradually and inevitably becoming a legal and commercial necessity, not only for protecting privacy and the security of data, but also for assuring the authenticity of the communicator – i.e. the possession of the appropriate key for encryption and decryption is evidence that the possessor is authorized to send and receive the communication.
Nor has government, particularly law enforcement and spy agencies, given up its quest for access to encrypted communication. They have shifted their focus to requiring the companies that provide the lines of communication – telephone companies, internet service providers (ISPs), voice over internet providers (VoIPs) – be tap ready, i.e. be prepared technologically to monitor the communications of their customers at the request of the government. Furthermore, law enforcement and security agencies are lobbying for data retention laws and regulations to require companies that collect data on their clients’ communications retain that data for long periods of time, should the agencies need future access to a particular customer’s information or should they wish to mine it to find speculative connections to their investigations.
Here is where Diffie and Landau were somewhat less prophetic in the earlier edition. While they predicted the importance of business opposition to government restrictions on cryptography, they seemed sanguine, and still do to some extent, that commercial interests would promote individual privacy. They saw the commercial need for information from their clients and the security of the company’s own data as supportive of individual privacy. They have downplayed and still downplay the commercial value of client information and data mining that lead to the constant expansion of the data received from individuals and the commercial uses and exchange of that data. They worry about the violation of privacy should that information fall into government hands, but not much about the violation that has [*3] already occurred when that information came under the control of a commercial enterprise. But it is important to note, that they both work for the company where their former boss, Scott McNealy, said, “You have no privacy on the Web; get over it.” Diffie, himself, puts it this way:
Sun’s big customers are big businesses and they are the ones who have to protect their customer’s privacy – whatever the law and the press decide that means this week. You can’t protect anything if you can’t control the flows of information within your enterprise. That is what information security is about and that is the point from which Sun has to view privacy. We make products that enable the management of information in a networked environment. (Interview in The Sun Inner Circle Newsletter, http://www.sun.com/emrkt/innercircle/newsletter/1006feature.html , visited 12/17/07).
Diffie and Landau do address the fact that every Internet and email communication, aside from the message text or content whether or not encrypted, leaves a trail that is accessible to the websites and transmitters of the communication and to the ISPs. This traffic data can provide important aspects of an individual’s profile: interests, network of contacts, computer usage information, location of accessing computer (Poulet 2006). But in likening the interception of Internet and email communication to the wiretapping of telephone communications and condemning the increased ease and use of wiretapping and the analogous electronic data interception without warrants or with warrants issued on other than probable cause, they underestimate the importance of the traffic data whose collection is more analogous to the pen register and trap and trace techniques that law enforcement has been allowed to use without a warrant requirement for some time. The protection of privacy in the face of a revolution in communication and data analysis technology requires a reevaluation of the entire legal framework for data collection, processing and exchange in both the public and private sectors. The authors fall far short of calling for this radical, but necessary, step.
As I said in my last review, this is a well-researched and fascinating study despite a “cryptic” organization of material that shifts from chronological to topical treatment without warning and is subject to, often highly technical, digressions. Furthermore, the new material covering developments since 1998 is less detailed and revelatory of behind the scenes machinations than is the treatment of the pre-1998 political and legal environment that was also contained in the earlier edition. Compared to what I learned from the first edition, this edition though informative, is a disappointment.
Poulet, Yves. 2006. “The Internet and Private Life in Europe.” In Andrew T. Kenyon and Megan Richardson (eds). NEW DIMENSIONS IN PRIVACY LAW. Cambridge; Cambridge University Press.
© Copyright 2008 by the author, Lawrence E. Rothstein.