3 Comments

Summary:

Open source router software, different encryption tools, legislative, judicial and media pressure are all necessary to pushback on backdoors access to technology and networks that help with surveillance state, says PGP inventor Phil Zimmermann in a conversation. He has a thoughtful take on recent encryption revelations.

The National Security Agency might have been able to circumvent some aspects of encryption, but there are still options and plenty of good encryption solutions, according to Phil Zimmermann, who is co-founder of Silent Circle and inventor of Pretty Good Privacy (PGP). He argued that instead of focusing too much on technical issues, it is time to tackle the issue of surveillance state from the aspect of civil liberties.

Phil Zimmermann, co-founder Silent Circle & inventor of PGP. (Photo courtesy of Phil Zimmermann)

Phil Zimmermann, co-founder Silent Circle & inventor of PGP. (Photo courtesy of Phil Zimmermann)

“There has to be pushback in the policy space,” he said during a conversation this past week. Legislative and judicial branches have to be brought in, he said.  (Representative Rush Holt of New Jersey has proposed a legislation to ban these backdoors, The New York Times reports.) Zimmermann who was involved in “crypto-wars” during the 1990s says that during that time, courts were getting involved and in the end the Clinton Administration ended the export controls over PGP in 2000.

Zimmermann said that media needs to have a perspective about the “breaking-the-encryption” disclosures made by The New York Times, ProPublica and The Guardian. “From a mathematical perspective, the crypto still works,” he said. The fact to note is that NSA has been able to find a way around encryption. “Think of it is as instead of blasting through a steel door, you can break open the glass window next to it and put your hand in and open the door,” he said.

He makes a fair point, and he is not alone in professing such views. On his blog, Scott Aaronson, an Associate Professor of Electrical Engineering and Computer Science at MIT, writes:

To put it bluntly: sure, if it wants to, the NSA can probably read your email.  But that isn’t mathematical cryptography’s fault — any more than it would be mathematical crypto’s fault if goons broke into your house and carted away your laptop.  On the contrary, properly implemented, backdoor-less strong crypto is something that apparently scares the NSA enough that they go to some lengths to keep it from being widely used.

Zimmermann said the NSA’s ability to manipulate web traffic and inject malware is an immensely powerful tool. Much of that capability is an outcome of all the backdoors NSA has into the networks of major web companies including Google and Yahoo. It also has backdoors to telecom service providers and networking and telecom equipment vendors, according to multiple media outlets. Recent reports in The Wall Street Journal, The Washington Post and Der Spiegel have indicated that router makers, fiber optic cable owners and phone companies have given NSA backdoors to all the information. (Here is our handy primer to keep track of who, in technology industry, is playing ball with the NSA.)

“Maybe it is time to think about tightening up our routers and platforms,” Zimmermann said. Google is apparently trying to use different encryption technologies to encrypt data traveling between its data centers. Zimmermann believes that technology companies have to have the will to tackle the issue. If his company, Silent Circle, could figure out a way to not compromise its customers, then others need to take a harder look at themselves, he argued.

He argued that economic impact on the U.S. technology vendors in the marketplace, especially overseas, is going to prompt some sort of a pushback. I couldn’t agree more. My feeling is that Silicon Valley giants have let us down quite badly, especially when espousing high morals. Michael Arrington put it well in his post, “compliance vs complicity.”

Zimmermann believes that open source software is a way out of the backdoor mess. There is open source router software and it is time to perhaps build open source routing platforms for large scale routers as well. He is a champion of peer review of code.

“We need to pull all our levers – vote, open source, advocacy and economic pressure all around and need to make people care about this,” he said. “Change isn’t going to be large and immediate, but even incremental steps are important.”

Related recommended reading: Zimmermann’s Law: PGP inventor and Silent Circle co-founder Phil Zimmermann on the surveillance society

  1. I’ve always felt the Cloud can’t be trusted…and this is just one more very significant way in which the Cloud demonstrates it MUST NOT be trusted. We always knew authorities would – legally or illegally – access cloud data. We knew they would use it spy on the bad guys…and the pretty girl at the drug store, their EX-es and anyone else of interest to the people with their hands on the machinery of surveillance. Perks of the job.

    We, of course, have nothing to worry about as long as we aren’t doing anything of interest and the spies think we aren’t doing anything wrong. The important take-away there is what THEY think…..what we think won’t matter if they decide we’re one of the bad guys (or…just interesting).

    I’m looking at doing my email on a PC that isn’t on any network….and only keeping encrypted data on an PC that is on the network…and keys to the encryption won’t be on that PC. As a non-American, I have NO rights or legal defence against their intrusions on my privacy.

    Share
  2. Michael E Lovett Monday, September 9, 2013

    Yea Open Source! Freedom to the People! Go comrade go! LOL This whole breach was pretty much allowed by the big companies because those big companies operate OUT OF the USA. Had these been companies elsewhere, this never would have happened.

    Share
  3. Technical and non-technical solutions are both created by imperfect humans. The difference is that non-technical solutions — legislation, etc — amount to putting a note in the cookie jar that says you really, really promise not to steal any cookies unless you have a darn good reason.

    Share

Comments have been disabled for this post