Menu
Sun's chief security officer Whitfield Diffie on the Hot Seat

Sun's chief security officer Whitfield Diffie on the Hot Seat

The co-inventor of public-key encryption talks about encryption, spies as data miners and the end of computer security as we know it.

Whitfield Diffie, a co-inventor of public-key encryption, is chief security officer at Sun Microsystems and co-author with Susan Landau of Privacy on the Line: The Politics of Wiretapping and Encryption (The MIT Press, 2007).

Why has public-key encryption been so important? Cryptography is the most flexible way we know of protecting communications in channels that we don't control. As we move a lot of value into the Internet and have Internet commerce and begin buying and selling things, that is basically the only way of protecting either the transactions or - where the goods are intellectual property - the goods themselves.

Before public-key cryptography, in order to be able to use cryptography with somebody, you had to share a secret with them, which is kind of an intimate relationship for somebody you might never have met before. Public- key cryptography relaxed all of that and made it much easier to manage keys in a very diverse environment like Internet commerce, as opposed to the more traditional large but rather unified environments like the Department of Defense.

Why do you think that more e-mails aren't using encryption or digital signatures? I think it has to do with the difficulty of the key management. The key point is that cryptography has somehow not gotten itself tucked into the inner loop of development in these things. You really have to be a fan to be able to do it with your e-mail, and then you can really only do it with other people who are fans. So far, it's remained a niche market.

What's the difference between Internet communications and phone communications for cryptography and privacy? The key managerial virtue of cryptography is that it separates security from the medium of transmission of the message. Once the message has been encrypted, it doesn't matter how you send it - whether you send it by an optical fiber, which is already fairly secure, or you send it by digitizing it and putting it onto the Internet, or whether you send it by satellite.

Are either government or corporate policies on data retention and data mining having important effects on privacy or security? Yes. They're very good for our sales of storage.

Information is very much like oil and gold and a lot other things. Once we got what was there readily bubbling up on the surface, then we mined out the original resources and we developed better technology, and now we can work gold seams that are a tiny fraction of what would have been worked in the boom of the 1850s.

Intelligence and data flows are very much the same thing. If you look at World War II intelligence, it really is a matter of picking plums. The reason they concentrated on the cryptography of the time is that they were able to find, so to speak, the channels with the best information in them. Those channels had some kind of protection in them, and once [cryptographers] got through the protection, they had very good information handed to them on a plate.

If you look at circumstances facing real-world spies today, they have things available to them and other things they might want that aren't available to them. If they can do more processing on the things that are available to them, they may be able to get very good information they couldn't have gotten some time ago because they didn't have the techniques and the computing power. And so data mining is just going to become more and more a fact of life.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments