Certification authorities pose no risk to security. They would merely have asked Zak to reveal his public key so that they can validate it for others who wish to send him encrypted messages. However, there are other companies, known as
trusted third parties
(TTPs), that provide a more controversial service known as
key recovery
. Imagine a legal firm that protects all its vital documents by encrypting them with its own public key, so that only it can decrypt them with its own private key. Such a system is an effective measure against hackers and anybody else who might attempt to steal information. However, what happens if the employee who stores the private key forgets it, absconds with it or is knocked over by a bus? Governments are encouraging the formation of TTPs to keep copies of all keys. A company that loses its private key would then be able to recover it by approaching its TTP.
Trusted third parties are controversial because they would have access to people’s private keys, and hence they would have the power to read their clients’ messages. They must be trustworthy, otherwise the system is easily abused. Some argue that TTPs are effectively a reincarnation of key escrow, and that law enforcers would be tempted to bully TTPs into giving up a client’s keys during a police investigation. Others maintain that TTPs are a necessary part of a sensible public key infrastructure.
Nobody can predict what role TTPs will play in the future, and nobody can foresee with certainty the shape of cryptographic policy ten years from now. However, I suspect that in the near future the proencryption lobby will initially win the argument, mainly because no country will want to have encryption laws that prohibit e-commerce. However, if this policy does turn out to be a mistake, then it will always be possible to reverse the laws. If there were to be a series of terrorist atrocities, and law enforcers could show that wiretaps would have prevented them, then governments would rapidly gain sympathy for a policy of key escrow. All users of strong encryption would be forced to deposit their keys with a key escrow agent, and thereafter anybody who sent an encrypted message with a nonescrowed key would be breaking the law. If the penalty for nonescrowed encryption were sufficiently severe, law enforcers could regain control. Later, if governments were to abuse the trust associated with a system of key escrow, the public would call for a return to cryptographic freedom, and the pendulum would swing back. In short, there is no reason why we cannot change our policy to suit the political, economic and social climate. The deciding factor will be whom the public fears the most-criminals or the government.
The Rehabilitation of Zimmermann
In 1993, Phil Zimmermann became the subject of a grand jury investigation. According to the FBI, he had exported a munition because he was supplying hostile nations and terrorists with the tools they needed to evade the authority of the U.S. Government. As the investigation dragged on, more and more cryptographers and civil libertarians rushed to support Zimmermann, establishing an international fund to finance his legal defense. At the same time, the kudos of being the subject of an FBI inquiry boosted the reputation of PGP, and Zimmermann’s creation spread via the Internet even more quickly—after all, this was the encryption software that was so secure that it frightened the Feds.
Pretty Good Privacy had initially been released in haste, and as a result the product was not as polished as it could have been. Soon there was a clamor to develop a revised version of PGP, but clearly Zimmermann was not in a position to continue working on the product. Instead, software engineers in Europe began to rebuild PGP. In general, European attitudes toward encryption were, and still are, more liberal, and there would be no restrictions on exporting a European version of PGP around the world. Furthermore, the RSA patent wrangle was not an issue in Europe, because RSA patents did not apply outside America.
After three years the grand jury investigation had still not brought Zimmermann to trial. The case was complicated by the nature of PGP and the way it had been distributed. If Zimmermann had loaded PGP onto a computer and then shipped it to a hostile regime, the case against him would have been straightforward because clearly he would have been guilty of exporting a complete working encryption system. Similarly, if he had exported a disk containing the PGP program, then the physical object could have been interpreted as a cryptographic device, and once again the case against Zimmermann would have been fairly solid. On the other hand, if he had printed the computer program and exported it as a book, the case against him would no longer be clear cut, because he would then be considered to have exported knowledge rather than a cryptographic device. However, printed matter can easily be scanned electronically and the information can be fed directly into a computer, which means that a book is as dangerous as a disk. What actually occurred was that Zimmermann gave a copy of PGP to “a friend,” who simply installed it on an American computer, which happened to be connected to the Internet. After that, a hostile regime may or may not have downloaded it. Was Zimmermann really guilty of exporting PGP? Even today, the legal issues surrounding the Internet are subject to debate and interpretation. Back in the early 1990s, the situation was vague in the extreme.
In 1996, after three years of investigation, the U.S. Attorney General’s Office dropped its case against Zimmermann. The FBI realized that it was too late-PGP had escaped onto the Internet, and prosecuting Zimmermann would achieve nothing. There was the additional problem that Zimmermann was being supported by major institutions, such as the Massachusetts Institute of Technology Press, which had published PGP in a 600-page book. The book was being distributed around the world, so prosecuting Zimmermann would have meant prosecuting the MIT Press. The FBI was also reluctant to pursue a prosecution because there was a significant chance that Zimmermann would not be convicted. An FBI trial might achieve nothing more than an embarrassing constitutional debate about the right to privacy, thereby stirring up yet more public sympathy in favor of widespread encryption.
Zimmermann’s other major problem also disappeared. Eventually he achieved a settlement with RSA and obtained a license which solved the patent issue. At last, PGP was a legitimate product and Zimmermann was a free man. The investigation had turned him into a cryptographic crusader, and every marketing manager in the world must have envied the notoriety and free publicity that the case gave to PGP. At the end of 1997, Zimmermann sold PGP to Network Associates and he became one of their senior fellows. Although PGP is now sold to businesses, it is still freely available to individuals who do not intend to use it for any commercial purpose. In other words, individuals who merely wish to exercise their right to privacy can still download PGP from the Internet without paying for it.
If you would like to obtain a copy of PGP, there are many sites on the Internet that offer it, and you should find them fairly easily. Probably the most reliable source is at
http://www.pgpi.com/
, the International PGP Home Page, from where you can download the American and international versions of PGP. At this point, I would like to absolve myself of any responsibility-if you do choose to install PGP, it is up to you check that your computer is capable of running it, that the software is not infected with a virus, and so on. Also, you should check that you are in a country that permits the use of strong encryption. Finally, you should ensure that you are downloading the appropriate version of PGP: individuals living outside America should not download the American version of PGP, because this would violate American export laws. The international version of PGP does not suffer from export restrictions.
I still remember the Sunday afternoon when I first downloaded a copy of PGP from the Internet. Ever since, I have been able to guarantee my e-mails against being intercepted and read, because I can now encrypt sensitive material to Alice, Bob and anybody else who possesses PGP software. My laptop and its PGP software provide me with a level of security that is beyond the combined efforts of all the world’s codebreaking establishments.
8 A Quantum Leap into the Future
F
or two thousand years, codemakers have fought to preserve secrets while codebreakers have tried their best to reveal them. It has always been a neck-and-neck race, with codebreakers battling back when codemakers seemed to be in command, and codemakers inventing new and stronger forms of encryption when previous methods had been compromised. The invention of public key cryptography and the political debate that surrounds the use of strong cryptography bring us up to the present day, and it is clear that the cryptographers are winning the information war. According to Phil Zimmermann, we live in a golden age of cryptography: “It is now possible to make ciphers in modern cryptography that are really, really out of reach of all known forms of cryptanalysis. And I think it’s going to stay that way.” Zimmermann’s view is supported by William Crowell, Deputy Director of the NSA: “If all the personal computers in the world-approximately 260 million computers-were to be put to work on a single PGP encrypted message, it would take on average an estimated 12 million times the age of the universe to break a single message.”
Previous experience, however, tells us that every so-called unbreakable cipher has, sooner or later, succumbed to cryptanalysis. The Vigenère cipher was called “le chiffre indéchiffrable,” but Babbage broke it; Enigma was considered invulnerable, until the Poles revealed its weaknesses. So, are cryptanalysts on the verge of another breakthrough, or is Zimmermann right? Predicting future developments in any technology is always a precarious task, but with ciphers it is particularly risky. Not only do we have to guess which discoveries lie in the future, but we also have to guess which discoveries lie in the present. The tale of James Ellis and GCHQ warns us that there may already be remarkable breakthroughs hidden behind the veil of government secrecy.
This final chapter examines a few of the futuristic ideas that may enhance or destroy privacy in the twenty-first century. The next section looks at the future of cryptanalysis, and one idea in particular that might enable cryptanalysts to break all today’s ciphers. In contrast, the final section of the book looks at the most exciting cryptographic prospect, a system that has the potential to guarantee absolute privacy.
The Future of Cryptanalysis
Despite the enormous strength of RSA and other modern ciphers, cryptanalysts are still able to play a valuable role in intelligence gathering. Their success is demonstrated by the fact that cryptanalysts are in greater demand than ever before-the NSA is still the world’s largest employer of mathematicians.
Only a small fraction of the information flowing around the world is securely encrypted, and the remainder is poorly encrypted, or not encrypted at all. This is because the number of Internet users is rapidly increasing, and yet few of these people take adequate precautions in terms of privacy. In turn, this means that national security organizations, law enforcers and anybody else with a curious mind can get their hands on more information than they can cope with.
Even if users employ the RSA cipher properly, there is still plenty that codebreakers can do to glean information from intercepted messages. Codebreakers continue to use old-fashioned techniques like traffic analysis; if codebreakers cannot fathom the contents of a message, at least they might be able to find out who is sending it, and to whom it is being sent, which in itself can be telling. A more recent development is the so-called
tempest attack
, which aims to detect the electromagnetic signals emitted by the electronics in a computer’s display unit. If Eve parks a van outside Alice’s house, she can use sensitive tempest equipment to identify each individual keystroke that Alice makes on her computer. This would allow Eve to intercept the message as it is typed into the computer, before it is encrypted. To defend against tempest attacks, companies are already supplying shielding material that can be used to line the walls of a room to prevent the escape of electromagnetic signals. In America, it is necessary to obtain a government license before buying such shielding material, which suggests that organizations such as the FBI regularly rely on tempest surveillance.
Other attacks include the use of viruses and Trojan horses. Eve might design a virus that infects PGP software and sits quietly inside Alice’s computer. When Alice uses her private key to decrypt a message, the virus would wake up and make a note of it. The next time that Alice connects to the Internet, the virus would surreptitiously send the private key to Eve, thereby allowing her to decipher all subsequent messages sent to Alice. The Trojan horse, another software trick, involves Eve designing a program that appears to act like a genuine encryption product, but which actually betrays the user. For example, Alice might believe that she is downloading an authentic copy of PGP, whereas in reality she is downloading a Trojan horse version. This modified version looks just like the genuine PGP program, but contains instructions to send plaintext copies of all Alice’s correspondence to Eve. As Phil Zimmermann puts it: “Anyone could modify the source code and produce a lobotomized zombie imitation of PGP that looks real but does the bidding of its diabolical master. This Trojan horse version of PGP could then be widely circulated, claiming to be from me. How insidious! You should make every effort to get your copy of PGP from a reliable source, whatever that means.”
A variation on the Trojan horse is a brand-new piece of encryption software that seems secure, but which actually contains a
backdoor
, something that allows its designers to decrypt everybody’s messages. In 1998, a report by Wayne Madsen revealed that the Swiss cryptographic company Crypto AG had built backdoors into some of its products, and had provided the U.S. Government with details of how to exploit these backdoors. As a result, America was able to read the communications of several countries. In 1991 the assassins who killed Shahpour Bakhtiar, the exiled former Iranian prime minister, were caught thanks to the interception and backdoor decipherment of Iranian messages encrypted using Crypto AG equipment.