|
||||||||||||||||||||||
| Jan. 15 issue — Mary Fischer loathed Whitfield
Diffie at first sight. |
|
THE YEAR was 1969, the location a hardware store near Central Square in Cambridge, Mass. Over his shoulder he carried a length of wire, a typical purchase for Diffie, whose exotic animal collection included a nine-foot python, a skunk and a rare Genetta genetta, a furry mongooselike creature whose gland secretions commonly evoke severe allergic reactions in people. An owner of such a beast would normally be of interest to Mary Fischer, an animal lover who at that very moment had a squirrel in her pocket. At home she also had a skunk as well as two dogs, a fox, a white-wing trumpeter bird and two South American kinkajous. Diffie saw that she was buying some cage clips and abruptly focused his attention on her. |
||||||
|
|
In future years, Whit
Diffie would be known—extraordinarily well known—as the co-discoverer
of public-key cryptography, an iconographic figure with his shoulder-length
blond hair, Buffalo Bill beard and his bespoke suits cut by London tailors. But
back in those days he was a wiry, crew-cut youth with “the angriest face
I’d ever seen,” Fischer says, and he immediately began peppering her
with questions. His rudeness appalled Mary. But she hadn’t yet cracked his
code. Mary Fischer didn’t know that Diffie was spending prodigious amounts
of time thinking about problems in computer security, casting about for a new
way to preserve secrets. All she knew was that Whit Diffie was unappetizing and
he loved animals. Crypto Animals meant a lot to her, though, and soon Diffie and his girlfriend began visiting Mary and her husband, sometimes accompanied by their creatures. But he seemed generally oblivious to her until one day she made her feelings plain. “Look,” she said, “I understand I’m not as bright as you and some of your friends, but I don’t really think it would kill you to say hello.” His demeanor improved, and she was saddened when one day in 1971 he told her that he was going to travel for a while. Whit Diffie was looking for answers to questions that the United States government didn’t want asked. |
|||||
| Diffie found cryptography a delightfully
conspiratorial means of expression. Its users collaborate to keep secrets in a
world of prying eyes. |
Bailey
Whitfield Diffie, born on June 5, 1944, didn’t learn to read until he was
10 years old. Later that year his teacher at PS 178 in New York spent an
afternoon explaining the basics of cryptography, the science of secret codes
and ciphers. Diffie found cryptography a delightfully conspiratorial means of
expression. Its users collaborate to keep secrets in a world of prying eyes. A
sender attempts this by using a “key” to transform a private message
to an altered state, a sort of mystery language consisting of seemingly random
letters and numbers: encryption. Once the message is altered into a cacophonous
babble, potential eavesdroppers are foiled. Only those in possession of the
rules of transformation—the key—can restore the disorder back to the
harmony of the message as it was first inscribed: decryption. Diffie begged his father to bring home all the books in the library that dealt with cryptography. Eventually, though, his obsession with codes faded and ultimately it was mathematics that dictated Diffie’s choice of college. Stratospheric scores on standardized tests enabled him to enter the Massachusetts Institute of Technology in 1961. To avoid the draft after college, Diffie accepted a job at the Mitre Corp. He worked out of MIT’s artificial-intelligence lab. The hackers there thought that all information should be free. But Diffie believed that technology should offer a sense of privacy. He would often engage his boss, Roland Silver, in conversations on security. Inevitably, cryptography entered into their discussions. One day Silver carefully explained to Diffie how modern cryptosystems worked. He also told Diffie all about the National Security Agency. Created by President Truman’s top-secret order in the fall of 1952, the NSA was a multibillion-dollar organization that operated totally in the “black” region of government. The NSA’s cryptographic mission is twofold: to maintain the security of government information and to gather foreign intelligence. Access to the organization’s headquarters at Fort George Meade, Md., was, as one might imagine, severely limited. A triple barbed-wired and electrified fence kept outsiders at bay. To work within the gates, one had to survive a rigid vetting. The NSA undoubtedly operated the most sophisticated snooping operation in the world; it was universally assumed (though never admitted) that no foreign phone call, radio broadcast or telegraph transmission was safe from the agency’s global vacuum cleaner. What’s more, the NSA considered itself the sole repository of cryptographic information in the country—not just that used by the civilian government and all the armed forces, as the law dictated, but that used by the private sector as well. In the United States, serious crypto existed only behind the Triple Fence. Diffie began to stew over this injustice. One day, walking with Silver, he spilled his concerns. Cryptography is vital to human privacy! he railed. Diffie saw the coming era of cyber-ubiquity. As more people used computers, wireless telephones and other electronic devices, they would demand cryptography. Just as the invention of the telegraph upped the security ante by moving messages thousands of miles in the open, presenting a ripe opportunity for eavesdroppers of every stripe, the computer age would be moving billions of messages previously committed to paper into the realm of bits. Unencrypted, those bits were low-hanging fruit for snoopers. In 1969, Diffie went to work at John McCarthy’s Stanford Artificial Intelligence Lab. In conversations with McCarthy, Diffie was led into a deeper consideration of privacy concerns. McCarthy understood that soon computer terminals would find their way into the home. Inevitably, he believed, the nature of work itself would change, as the electronic office became something that moved out of the cloistered world of computer scientists and hackers and deep into the mainstream. This would open up not only a thicket of security problems, but also a host of novel challenges that almost no one was thinking about in 1969. Eventually, Diffie took to the road to learn all he could about the subject—and maybe do something about it. That seemed like a solitary mission, but he soon found a cryptographic muse: Mary Fischer. Her marriage had been falling apart, and the two began to spend time together, mostly driving to zoos. And the relationship moved from friendly to something deeper. At one point, on a Massachusetts road, Diffie impulsively pulled the car over and very quietly told Mary he loved her. She said she loved him back. From that point, Mary Fischer became Diffie’s companion, and eventually his wife, as he drove thousands of miles in his search for an answer to the riddle of cryptography. The National Security Agency had no clue that the man who was about to make life infinitely more difficult for it was spending endless hours in a Datsun 510, crooning “Sweet Caroline” with his new girlfriend. “Every now and then he’d stop off at a library, or see somebody,” Fischer recalls of those days, “and it was really cloak-and-dagger—people who didn’t want to talk to him, people who put their coats over their faces, people who wanted to know how the hell he’d found out their names, people who had secrets, clearly, and were not about to share them.” On one foray, a source provided the name of a potential kindred spirit: a Stanford assistant professor named Martin Hellman. Marty Hellman was pure Big Apple: pugilistic, in-your-face New York City. With his dark hair, beard and intense stare, he resembled a Semitic version of Martin Scorsese. Born in 1945, he grew up Jewish in a tough Roman Catholic neighborhood and learned to take an outsider’s view. He also took refuge in science. He got his doctorate from Stanford in 1969, and after a stint at IBM research ended back at Stanford—hoping to do work in cryptography. But by 1974, he hadn’t gotten far. “I’d been working in a vacuum,” he says, “and was feeling, ‘Is this really worth it?’ ” Then Whit Diffie showed up. He was undoubtedly quirky. But he knew volumes. What had been arranged as a half-hour meeting stretched for hours. Not long afterward, Hellman hired Diffie as a part-time researcher. “It might have been for 10 to 20 hours a week, or about a quarter to a half of what a working person would normally make,” says Hellman. For Whit and Mary, there was now an understanding that the traveling was over. Their relationship had only intensified his hunger for privacy, and the quest for a technology to provide it. In a few months, though, Diffie was frustrated that he was going nowhere. One day Mary found Diffie with his head in his hands, weeping. “He told me he was never going to amount to anything,” she says, “and that I should find someone else, that he was a broken-down old researcher.” But he and Hellman pressed on. A few weeks later, in May 1975, Diffie spent the morning hours thinking. After a lunch break, he returned to his mental work. Sometime in the afternoon, things suddenly became clear to him: a way that would solve all the problems in scaling cryptography to the masses in the digital age. He would split the key. Until that point, there was a set of seemingly inviolable rules when it came to encryption, a virtual dogma that one ignored at the risk of consignment to crypto hell. One of those was that the same key that scrambled a message would also be the instrument that descrambled it. This is why keys were referred to as symmetrical. It was also why keeping those keys secret was so difficult: the very tools that eavesdroppers lusted after, the decryption keys, had to be passed from one person to another, and thus existed in two places, dramatically increasing the chances of compromise. But Diffie now envisioned the possibility of a different approach. Instead of using one single secret key, you could use a key pair. The tried-and-true symmetrical key would be replaced by a dynamic duo. One could do the job of scrambling a plain text message—performing the task in such a way that outsiders couldn’t read it—but a secret trapdoor would be built into the message. The other portion of the key pair was like a latch that could spring open that trapdoor and let its holder read the message. And here was the beauty of the scheme: yes, that second key—the one that flipped open the trapdoor—was something that had to be kept under wraps, safe from the prying ears of potential eavesdroppers. But its mate, the key that actually performed the encryption, didn’t have to be a secret at all. In fact, you wouldn’t want it to be a secret. You’d be happy to see it distributed far and wide. It would be a public key. |
|||||
|
|
Now, the idea of
ensuring privacy by using keys that were exchanged totally in the open was
completely nonintuitive, and on the face of it, bizarre. But it could work.
Diffie knew it, and from that moment, everything was different in the world of
cryptography. This encryption function was only part of Diffie’s revolutionary concept, and not necessarily its most important feature. Public-key crypto also provided the first effective means of truly authenticating the sender of an electronic message. As Diffie conceived it, the trapdoor works in two directions. If a sender scrambles a message with someone’s public key, only the intended recipient can read it. But if the process is inverted—if someone scrambles some text with his or her own private key—the resulting ciphertext can be unscrambled only by using the single public key that matches its mate. What’s the point of that? Well, if you got such a message from someone claiming to be Albert Einstein, and wondered if it was really Albert Einstein, you now had a way to prove it—a mathematical litmus test. You’d look up Einstein’s public key and apply it to the scrambled ciphertext. If the result was plaintext and not gibberish, you’d know for certain that it was Einstein’s message—because he holds the world’s only private key that could produce a message that his matching public key could unscramble. In other words, applying one’s secret key to a message is equivalent to signing your name: a digital signature. When Mary Fischer went home that day, she found her husband waiting for her at the door. “I think,” said Whit Diffie, “I’ve made a great discovery.” He was not a broken-down old researcher after all. In November, Diffie and Hellman’s paper came out in an Institute of Electrical and Electronics Engineers journal. “New Directions in Cryptography” was a revelation, a true blow against the empire. “We stand today,” their article began, “on the brink of a revolution in cryptography.” They concluded with a wish that their efforts would be only the beginning of an effort to change the landscape of modern cryptography: “We hope this will inspire others to work in this fascinating area in which participation has been discouraged in the recent past by a near- ly total government monopoly.” That monopoly had just been smashed open by a long-haired former MIT hacker and his passionate Stanford graduate-school adviser. Over the coming years, the Diffie-Hellman breakthrough triggered an explosion of independent research in cryptography. Three MIT professors created RSA, a system that implemented the public-key ideas, and began an eponymous company to commercialize it, licensing the technology to companies like Lotus and Microsoft. The government, however, successfully prevented strong implementations of crypto from being built into those products by its export regulations—software companies dependent on overseas sales could not use strong encryption in their products. But as more people demanded the tools of privacy, something had to give, and the opposing forces squared off in the Battle of the Clipper Chip. One day in the late spring of 1992, an assistant deputy director of the National Security Agency named Clinton Brooks walked over to the office of the agency’s recently arrived general counsel. Before he spoke, Brooks placed a large bottle of Advil on the desk. “You’re going to need this,” he said. Then Brooks, a 24-year NSA veteran, laid out to counsel Stewart Baker the entire story of how cryptography was going public—and how it threatened the NSA’s mission. He told Baker about the development of public key. And now, he concluded, companies like RSA were selling crypto commercially. Baker was aghast. How did you let that stuff out? he wanted to know. It was a long story, Brooks explained. At first the agency hadn’t been much concerned. Strong export laws kept everything under control. The Internet changed that. So Brooks, who had been warning the agency for years on this issue, was authorized to find some sort of solution to the problem. And Brooks had indeed come up with a scheme that not only could give the unprecedented protection of strong crypto to the masses, but that would also preserve the government’s ability to get hold of the original plaintext conversations and messages. It involved a technique known as key escrow. Protecting Privacy It had come to him one night after months of private brainstorming. In the physical world, a search warrant compelled a suspect in a crime to give authorities the combination of a safe. Why not translate that concept to the world of communications and computers, a system by which special duplicate encryption keys were somehow spirited away and stored in secure facilities? Those with legal authority could get the keys from the trusted storage facility. Once that access was ensured, there would be no problem in allowing the encryption itself to be as strong as anyone liked. To some people at the agency, the scheme was a heresy: you’re going to put a back door into a cryptosystem and tell people about it? But full disclosure was a critical part of Brooks’s vision. He really wanted this new scheme to kick off a national debate about cryptography. Only then, he believed, could an escrow scheme, which would require an elaborate infrastructure, be established. By 1990, 30 NSA mathematicians were working on a key-escrow scheme. By 1991, they had a complete cryptosystem that was to reside in a tamperproof computer chip, built around a powerful secret mathematical encryption formula called Skipjack but including other components like digital signatures. Presenting at a meeting of agencies in July 1991, Brooks called his vision Nirvana. That year two unexpected events dramatically shaped the course of Clint Brooks’s key-escrow scheme. The first involved an innovative product about to be introduced into the marketplace—a 24-ounce box that connected to the telephone. The second development was the election of Bill Clinton as president. |
|||||
| A secure-phone technology was moving
from a status item on the desks of national-security advisers to a common
commercial product... |
The box’s technical name was the AT&T Telephone Security Device (TSD) 3600. For several years, the telecommunications giant had been manufacturing secure phones for the government, using a special NSA-designed algorithm. In 1992, the company decided to sell a secure phone, designed to sell to regular citizens, allowing anyone with one of the devices to speak securely to someone with another unit. The NSA was unhappy—and the FBI was freaking. A secure-phone technology was moving from a status item on the desks of national-security advisers to a common commercial product, one that could be used by executives, lawyers and scientists, not to mention privacy nuts, crooks, terrorists and God knows who else. It would be a law-enforcement disaster... unless there was a way that the government could somehow overhear those original conversations. Brooks and his team were asked if his chip might go into the AT&T phone. The answer was no—Brooks’s chip required more computation than the device could handle. But maybe if the NSA carved out just the basics—encryption and key escrow—it could come up with something that could simply be clipped into the phone. | |||||
| Pioneers in encryption: Ralph Merkle
(left), Martin Hellman (center) and Whitfield Diffie changed the landscape of
code breaking--and making--during their research at Stanford University |
Brooks was wary. Coming up
with something new right away would be risky. And there would be no time for
the full-scale national debate he believed was so essential. But the FBI
couldn’t wait. On Oct. 13, 1992, FBI chief Judge William Sessions himself
placed a call to AT&T’s chief executive officer Robert Allen.
We’ve got a problem, he told him, and then asked if AT&T would
consider using an escrow encryption chip. The Feds could offer considerable
carrots, including export licenses and, best of all, a promise to buy thousands
of units for the government’s own use. The bounty offered to AT&T—and the chance to avoid a government confrontation—was too juicy to turn down. The phone company signed off on a deal: if the government would adopt a plan to make key escrow its standard, AT&T would install the government-designed chip in the device. The chip was given a code name that would live in cyberculture infamy: the Clipper Chip. But Clint Brooks and the NSA needed another big break on the road to Nirvana. That came on Nov. 3, 1992, when the United States elected Clinton its president, with Albert Gore as his vice president. It might appear counterintuitive to think that those election results favored the NSA. Clinton was a Democrat who had spent the Vietnam years speaking against the conflict instead of fighting in it. On Silicon Valley visits during the campaign, he had indicated that his presidency would be a friend to private crypto. The head of his transition team was a former electronics lobbyist named John Podesta, who had vociferously supported the industry agenda of liberalizing export rules. Clinton’s minions included a number of people who seemed tuned in to the hip and crypto-friendly cyberworld. Chief among them was the vice president himself—a self-described computer aficionado to whom Clinton would delegate the ultimate decision on the cryptography issue. Gore arranged to bring some of the most techno-savvy Senate staffers to the White House to help on digital matters. They were “extremely smart, conscious freedom-lovers,” wrote John Perry Barlow, who got to know them in his role as Electronic Frontier Foundation cofounder. “Hell, a lot of them are Deadheads. I was sure that after they were fully moved in, they’d face down the National Security Agency and the FBI.” Barlow had mistakenly assumed that because the Clinton staffers recognized the opening chords of “Sugar Magnolia,” they’d be immune to top-secret doom lectures from the star-spangled crypto boys at Fort George Meade. Actually, Bill Clinton and his peach-fuzz tech squad were a godsend for the escrow idea. The Bush administration had been wary of ambitious new technology plans, especially those that, as one insider put it, “might wind up on their suits.” But the Clinton people were policy wonks and also detail freaks. Present them with an idea and they surrounded it, tickled it, tore it apart to see its gears rattle and wondered how they could make it work for them. The forces pushing key escrow didn’t even wait until the new administration reached the White House before they hit Clinton and Gore with the encryption problem. Judge Sessions himself, whose fear of losing precious wiretaps had made him increasingly frantic on the issue, was the first one to go to Little Rock. Stewart Baker was the NSA’s point man on the issue. He saw the Clipper scheme as a way of weaning the government from its dependence on export controls to contain crypto. There were signs that Congress might not support those regulations indefinitely. The business community was getting louder and louder in its opposition to them. The problem was, the software industry had grown up in an environment with few regulations, and was now a multibillion-dollar colossus. It felt that the natural order was to fight things out in the marketplace, while the government remained some distant entity. The techies weren’t unpatriotic, Baker thought, just clueless about the very real dangers in the world. But the ability to listen in on the world was a pillar of U.S. defense policy. How did they think we discovered those Libyan terrorists who brought down the Pan Am jet over Lockerbie? How else to keep track of the North Korean nuke program or Iraq’s use of chemical weapons against the Kurds? Al Gore got exposed to the religion by NSA Director Mike McConnell and Clint Brooks. It was a bull’s-eye for The Fort. A neo-Luddite Republican might have fuzzed out on those particulars, but Gore’s openness toward the idea seemed tied to his perception that these software gears and levers might actually work, providing a solution that gave something to everybody. The NSA and FBI were essentially stacking the deck, presenting a limited set of options to the greenhorns. Doing nothing, they warned, would mean that AT&T would begin selling its phones and the next thing you knew the costs would come down and everybody would be talking on secure phones and e-mailing with crypto software. The smoke had hardly cleared from the World Trade Center bombing. What if another, maybe a worse, terrorist disaster came, and it turned out that the government failed to prevent it because the perpetrators were able to communicate with unbreakable crypto? The other course, which some law-enforcement hard-liners were urging, was even more extreme: ban crypto within the United States. The Clinton people did manage to resist that demand, which would have started riots in Silicon Valley and probably wouldn’t have survived a court challenge anyway. Finally, the Clinton people were offered escrow as a more palatable third way that would preserve commerce and liberty while avoiding the nightmare scenarios spun by the CIA, FBI and NSA. Not that there weren’t qualms within the White House. The biggest question the Clinton aides asked themselves was, “Why would anyone want Clipper?” (After all, the plan was supposed to be voluntary.) Ultimately, there was the problem of how the key-escrow scheme would play overseas. If buyers abroad did not trust U.S. products with the escrow scheme, they would buy instead from manufacturers in Switzerland, Germany or even Russia. And how could you handle key escrow in other countries? Should the United States allow access to stored keys to free-speech-challenged nations like Singapore or China? Nonetheless, at 6 in the evening on March 31, 1993, in the White House Situation Room, Vice President Gore went over the proposed directives in a meeting that included the whole gamut of law enforcement, intelligence and national-security leaders. Not long afterward, he briefed the president with his recommendation. Bill Clinton agreed. Clipper was a go. No one at the White House anticipated a major clamor over Clipper. But Clint Brooks had always believed that this issue had the potential to leak outside the Beltway, to make real enemies out of potential sympathizers. At one meeting, he asked, “Who’s going to handle this on ‘Larry King Live?’ ” A senior administration official sternly told him, “Clint, we appreciate your sense of humor, but this is really serious—you handle the technical stuff and we’ll handle the political stuff.” (Some months later, when Al Gore appeared on “Larry King Live” to talk about the Information Highway, the first question posed to him was about the Clipper Chip.) On April 16, President Clinton unveiled the new initiative. With that announcement, Bill Clinton and his people felt that they had made a big step toward avoiding what seemed like a disastrous collision in the crypto world, one that had seemed predestined since the day that Whit Diffie figured out how to split the cryptographic key. In fact, the Clipper Chip did mark the turning point in the battle, but not at all in the way the Clinton administration had intended. By promoting Clipper as its key-escrow flagship, from that point on, the merits—and drawbacks—of this particular scheme would become the main crypto battleground. At first, things didn’t look so bad. “The reactions I am getting from academic and industry people is that this may succeed,” Brooks wrote in an April 20 memo. Then came the first serious rumbles from the crucial information industries. They concluded that the opportunity the scheme offered to build strong exportable crypto into their systems was more than canceled out by the provision of keys to government snoops with warrants. The business leaders joined with the already skeptical civil-liberties people and fed on the energy of the grassroots Internet folk, who’d hated it from the get-go. Then they all took their case to the media.
|
|||||