Senin, 17 Desember 2012

How Joe Biden Accidentally Helped Us All E-Mail in Private

In the late '80s and early '90s, Phil Zimmermann was a Colorado peacenik with a half-written program that he swore would one day let people exchange messages without Big Brother peering inside. The problem was, with a freelance job and two kids, Zimmermann could never quite find the time to finish the damn code ' until Joe Biden came along.

Then-Senator Biden inserted a few words into an anti-terrorism bill that might make it easier for Big Brother ' or, at least, Uncle Sam ' to do exactly the kind of snooping Zimmermann wanted to stop. Zimmermann had a reason to finish the program. He worked day and night for months on the thing. All his half-formed plans to build a business around the software, he put aside. 'When the Biden bill hit,' Zimmermann recalls, 'we knew we had to change the facts on the ground.' He felt he had to get people communicating secretly, before Congress did something to make secret communications exceedingly difficult.

Finally, in June of the 1991, Zimmermann introduced a program called Pretty Good Privacy, which really did allow ordinarily folks to make their e-mail all-but-unreadable to outsiders. Zimmermann made PGP available for free, and it spread like a bad weed, eventually enabling millions to communicate in private.

For bringing cryptology to the masses, Zimmermann was inducted earlier this year into the Internet Society's Internet Hall of Fame, alongside such pioneers as Vint Cerf, Bob Kahn, Charles Herzfeld, and Sir Tim Berners-Lee. (Maybe Biden will be invited in the next round, even though he eventually rescinded his non-binding resolution.)

PGP relied on a breakthrough that had happened more than a decade before, involving the most essential (and most vulnerable) element in any secret communications scheme: the key that turns plain text into coded text, and vice versa. If I want to send Spencer an encrypted message, I have to give him the key that unlocks the code first. But if I send Spencer that key out in the open, it could be intercepted ' making our secret communications not so secret any more. So the question becomes: How do you exchange keys?

For the longest time, the only reliable way seemed to be hand-to-hand, which wasn't exactly convenient for the burgeoning information age. But mathematicians had recently discovered a better solution, in 'one way' mathematical functions that are incredibly difficult to unravel. For example, I can multiply two really big prime numbers, and it'll take you forever to guess what those primes are based on the result. (OK, not quite forever; when the idea was first introduced with a king-sized product of primes in 1977, the two factors were finally figured out ' in 1994.) Alternatively, think of these functions, as Simon Singh suggests in The Code Book, like colors. I can show you a purple color, but it's not easy to tell which particular shades of blue and red produced the tint.

These functions allow you to have public encryption keys, ones that don't have to be hidden. Because even if someone intercepts our purple-colored key, there's no chance of pulling apart its red and blue components.

It was a ground-breaking idea ' 'the greatest cryptographic achievement since the invention of the monoalphabetic cipher, over 2,000 years ago,' according to Singh. Translating that idea into something usable was a whole different challenge, however.

'It was largely an exercise in petri dish cryptography,' Zimmermann says. 'They were doing calculations just to see if they could work.'

Zimmermann, on the other hand, saw a whole community that could use crypto. He and his wife were active in Colorado's liberal politics ' attending nuclear freeze rallies, and even getting the paperwork together to move to New Zealand in case the atomic doomsday clock edged much closer to midnight. Dissidents, Zimmermann felt, could use a tool for secure communication. So he, um, borrowed the patented algorithms for public key encryption and got going on what would become PGP. After Biden's resolution, Zimmermann devoted so much time to it that he missed five mortgage payments in a row. 'This was not a commercial product. It was a human rights project,' he says.

Version 1 was kind of rickety; a good code-breaker could snap it open. But it was better than the publicly available alternative: nothing. The program and its creator become cult figures in the computer underground of the early '90s. My colleague Steven Levy profiled Zimmermann in the second-ever issue of Wired. Activists as far away as the Baltics thanked Zimmermann for the tool.

Version 2 was much better, and not just because it was harder to crack. It also solved one of the outstanding issues with the public key concept: who would validate which keys were real and which ones were frauds. The prevailing wisdom at the time, as Levy notes in his landmark book Crypto, was to have a centralized authority handle the certification duties. Zimmerman had a different idea: Let people decide for themselves who's legit. If I trust Spencer and Spencer trusts Steve Levy, then I should be able to trust Levy, too. No central clearinghouse needed.

The new PGP made Zimmermann extremely popular ' with two notable exceptions. The first were the folks who held the public key patents; they were convinced that Zimmermann had violated their intellectual property rights. The second were the agents from the U.S. Customs Service, who were pretty sure Zimmermann had broken the law.

Back then, American arms control regulators treated crypto software like a munition. Exporting such a program overseas was a violation of their regulations. And since Zimmermann worked with fellow geeks around the planet on Version 2 of PGP, 'I was quite guilty,' he says. Customs agents based in San Jose, California called Zimmermann February 1993, and told him they were flying out to interview him.

A federal grand jury was impanelled in San Jose. Prosecutors subpoenaed his e-mail records, and Zimmermann could only communicate with his one-time overseas collaborators through their lawyers. The investigation dragged on for three long years, jumbling Zimmermann's already topsy-turvy life even further.

The attention only made PGP more desirable to 'netizens,' as the online public was then known. Zimmermann turned his human rights project into a business. The export control laws were rewritten after it became painfully obvious that software couldn't be contained like rocket motors. The case against PGP was dropped.

But somewhere along the way, the world took a series of ironic twists. PGP was eventually sold off to Symantec, which all but killed the consumer version of the software; it's strictly for suits these days, while an open source consortium tries, with limited success, to provide secure communications for the great unwashed. The reliance on cloud-based mail and social media ' and the reluctance of those firms to embrace crypto ' means most of us chat in the clear. The U.S. government gives dissidents tools for anonymous online communication, even as they give themselves to right to see our conversations without a warrant.

And then of course, there's that whole bit about Joe Biden being a heartbeat away from the presidency. Strange, his role as inadvertent stepfather of consumer crypto never appeared on any campaign website.



Tidak ada komentar:

Posting Komentar