The National Security Agency might have been able to circumvent some aspects of encryption, but there are still options and plenty of good encryption solutions, according to Phil Zimmermann, who is co-founder of Silent Circle and inventor of Pretty Good Privacy (PGP). He argued that instead of focusing too much on technical issues, it is time to tackle the issue of surveillance state from the aspect of civil liberties.
“There has to be pushback in the policy space,” he said during a conversation this past week. Legislative and judicial branches have to be brought in, he said. (Representative Rush Holt of New Jersey has proposed a legislation to ban these backdoors, The New York Times reports.) Zimmermann who was involved in “crypto-wars” during the 1990s says that during that time, courts were getting involved and in the end the Clinton Administration ended the export controls over PGP in 2000.
Zimmermann said that media needs to have a perspective about the “breaking-the-encryption” disclosures made by The New York Times, ProPublica and The Guardian. “From a mathematical perspective, the crypto still works,” he said. The fact to note is that NSA has been able to find a way around encryption. “Think of it is as instead of blasting through a steel door, you can break open the glass window next to it and put your hand in and open the door,” he said.
He makes a fair point, and he is not alone in professing such views. On his blog, Scott Aaronson, an Associate Professor of Electrical Engineering and Computer Science at MIT, writes:
To put it bluntly: sure, if it wants to, the NSA can probably read your email. But that isn’t mathematical cryptography’s fault — any more than it would be mathematical crypto’s fault if goons broke into your house and carted away your laptop. On the contrary, properly implemented, backdoor-less strong crypto is something that apparently scares the NSA enough that they go to some lengths to keep it from being widely used.
Zimmermann said the NSA’s ability to manipulate web traffic and inject malware is an immensely powerful tool. Much of that capability is an outcome of all the backdoors NSA has into the networks of major web companies including Google and Yahoo. It also has backdoors to telecom service providers and networking and telecom equipment vendors, according to multiple media outlets. Recent reports in The Wall Street Journal, The Washington Post and Der Spiegel have indicated that router makers, fiber optic cable owners and phone companies have given NSA backdoors to all the information. (Here is our handy primer to keep track of who, in technology industry, is playing ball with the NSA.)
“Maybe it is time to think about tightening up our routers and platforms,” Zimmermann said. Google is apparently trying to use different encryption technologies to encrypt data traveling between its data centers. Zimmermann believes that technology companies have to have the will to tackle the issue. If his company, Silent Circle, could figure out a way to not compromise its customers, then others need to take a harder look at themselves, he argued.
He argued that economic impact on the U.S. technology vendors in the marketplace, especially overseas, is going to prompt some sort of a pushback. I couldn’t agree more. My feeling is that Silicon Valley giants have let us down quite badly, especially when espousing high morals. Michael Arrington put it well in his post, “compliance vs complicity.”
Zimmermann believes that open source software is a way out of the backdoor mess. There is open source router software and it is time to perhaps build open source routing platforms for large scale routers as well. He is a champion of peer review of code.
“We need to pull all our levers – vote, open source, advocacy and economic pressure all around and need to make people care about this,” he said. “Change isn’t going to be large and immediate, but even incremental steps are important.”
Related recommended reading: Zimmermann’s Law: PGP inventor and Silent Circle co-founder Phil Zimmermann on the surveillance society