Information Security News
mailing list archives
Diffie, Sterling, Lessig, et al., interviewed
From: InfoSec News <isn () c4i org>
Date: Sun, 30 Sep 2001 05:13:42 -0500 (CDT)
Forwarded by: "Jay D. Dyson" <jdyson () treachery net>
-----BEGIN PGP SIGNED MESSAGE-----
Courtesy of Cryptography List.
- ---------- Forwarded message ----------
Date: Thu, 27 Sep 2001 16:17:45 -0400
From: "R. A. Hettinga" <rah () shipwright com>
To: dcsb () ai mit edu, cryptography () wasabisystems com
Subject: Diffie, Sterling, Lessig, et al., interviewed
September 27, 2001
In the Next Chapter, Is Technology an Ally?
By KATIE HAFNER
OVER the last two weeks, computer scientists and others who think about
technology have wondered aloud about its likely role in countering
terrorism -- or in carrying it out. Have the limitations and dangers of
technology been overlooked? Where, on the other hand, might technological
innovation emerge or be redirected as a result of recent events?
For Ray Kurzweil, an expert in artificial intelligence and an innovative
figure in computing, the events are already accelerating technologies that
allow work, and people, to be dispersed rather than centralized. Security
experts like Peter Neumann point to the renewed interest - and perhaps
unfounded confidence - in technologies to confirm identities and track
"Overendowing high-tech solutions is riskful," Dr. Neumann said, "in the
absence of adequate understanding of the limitations of the technology and
the frailties and perversities of human nature."
Mr. Kurzweil and Dr. Neumann, a computer scientist at SRI International, a
research group in Menlo Park, Calif., were among six technology experts
invited by Circuits to assess the challenges ahead. The other participants
were Bruce Sterling, a science fiction author who writes frequently about
technology; Lawrence Lessig, a professor at Stanford Law School who has
written extensively on law and the Internet; Severo Ornstein, a retired
hardware engineer and one of the computer scientists who worked on the
original Arpanet, the precursor to the Internet; and Whitfield Diffie, the
inventor of public key cryptography, a method of encoding electronic
Each has been in the public eye for a decade or more, thinking and writing
about the promise and peril of technology. Some are more sanguine than
others about a high-tech society.
Their discussion, conducted last weekend by e-mail, touched on technology's
possible uses in fostering security and on the issues that will arise along
the way. Here are excerpts from the conversation.
Q. What role will technological innovation play in responding to terrorism?
Lessig These attacks could spur a great deal of technological innovation.
The hard question is whether the innovation will be tailored to protect
privacy as well as support legitimate state interests in surveillance and
control. We as a culture think too crudely about technologies for
surveillance. The conflict is always framed as some grand either/or. But if
we kept pressure on the innovators and, in particular, the government, to
develop technologies that did both, we could preserve important aspects of
our freedom, while responding to the real threats presented by the attacks.
Kurzweil The Sept. 11 tragedy will accelerate a profound trend already well
under way from centralized technologies to distributed ones and from the
real world to the virtual world. Centralized technologies are subject to
disruption and disaster. They also tend to be inefficient, wasteful and
harmful to the environment. Distributed technologies, on the other hand,
tend to be flexible, efficient and relatively benign in their environment
In the immediate aftermath of this crisis, we already see a dramatic
movement away from meetings and conferences in the real world to those in
the virtual world, including Web- based meetings, Internet-based
videoconferencing and other examples of virtual communication.
Despite the recent collapse of market value in telecommunications,
bandwidth nonetheless continues to expand exponentially, which will
continue to improve the resolution and sense of realism in the virtual
world. We'll see a great deal of innovation to overcome many of the current
Diffie Revision of the air traffic control system together with that of
other industrial command and control phenomena will push reliability and
security in computing and computer communications. Such systems may provide
a testing ground for the command and control of ballistic missile defense
systems in which response times may be slower but the spectrum of phenomena
requiring analysis will be broader.
Attempts to control the use of cryptography and other security measures
will make the development of improved command and control networks more
difficult and may impede this task by limiting the people who can
contribute to approved government and contractor personnel.
Lessig This "scenario of terror" was not low tech, for its impact was not
just the impact of the souls who were lost. As powerful was the effect of a
world watching as it occurred. The technology of a networked world meant
that scores of television cameras would be trained on the south tower, to
capture the horror of the delayed second impact. And the extraordinary
impact of these killings in two cities is the product of a heavily
integrated - technologically integrated - world community. Terrorists take
advantage of this technology to have the effect they seek. Elsewhere, in
places without this technology, it would not have the same effect.
Diffie Larry, this is a great observation. I wonder if it will be possible
to discover whether the attackers had that subtlety of thought.
Q. Larry Lessig says that the hard question is whether innovation will be
tailored to protect privacy as well as support legitimate state interests
in surveillance and control. Do you agree that we as a culture tend to
think too crudely about technologies for surveillance? Where do you think
the trade-offs should be?
Neumann The most elaborate technological measures are likely to be
inadequate, misused and subverted. Surveillance is all too easily misused.
Trapdoors in cryptography to facilitate law enforcement can be misused.
Existing system security is seriously flawed. As a result, we must avoid
expecting technological security measures to be adequate in protecting
privacy. So, ultimately, we have a double-edged sword. Techniques to
protect can be used to subvert, attack or otherwise compromise human
rights, nation states and organizations. The problems are inherently human,
and technology can be used for good or bad.
Sterling The question is badly put. I don't worry much about Big Brother
states surveilling average citizens. It's just not cost-effective, and what
Mom says in Peoria just doesn't interest the serious power players in
spydom. I do worry plenty about sneaky political operatives carrying out
dirty-tricks campaigns against the private lives of prominent politicians.
The payoff there is huge. It can destabilize legitimate governments more
effectively than terrorism.
I don't think there's a good trade- off here. If we're going to use
surveillance as a weapon, then we should trust our democratic traditions
and arm the population with it.
Kurzweil The nature of these terrorist attacks and the organization behind
it puts civil liberties in general at odds with legitimate state interests
in surveillance and control. The entire basis of our law enforcement
system, and indeed much of our thinking about security, is based on an
assumption that people are motivated to preserve their own lives and
well-being. That is the logic behind all of our strategies from law
enforcement on the local level to mutual assured destruction on the world
stage. But a foe that values the destruction of both its enemy and itself
is not amenable to this line of attack.
Lessig This is a critically important insight. The real problem we face is
not slowness in technological innovation. The real problem is slowness in
legal and civil rights innovation in response to the technological change.
It was not until the late 1960's that the Supreme Court finally held that
wiretapping was regulated by the Fourth Amendment.
The reason for this failing has lots to do with the way lawyers think. We
are reactive traditionalists. It is hard to think creatively. But if we
used the same kind of innovative creativity that our Framers used in
crafting our government, we could craft creative balances between
technological capabilities and human weakness. Technologies can't be
guaranteed to be used only for the good. But technologies placed within
well-crafted institutional structures can be made more likely safe than not.
Diffie (Disclosure: I am in the protection business.)
In my view the natural trade-off is a broad public right to inquire (i.e.,
listen to the radio, point infrared sensors around, make video recordings,
analyze the data from the sensors with computers, etc.) and the right of
the individual to employ protection from surveillance (cryptography,
insulated walls, wearing a mask, using pseudonyms, etc.). This presumes a
commercial right to make and sell products that support the individual's
desire for privacy.
I read in the documents of the revolutionary era a recognition of a broad
right of the individual to act on self-perceived interest and generally not
to be required to cooperate with someone else's view of those interests.
This seems to me roughly what freedom means. The trends in contemporary
society that most bother me are not so much government use of wiretaps or
video cameras but such things as the requirement that cash transactions
over $10,000 be reported to the I.R.S., that I must show identification to
Ornstein I think there is a genuine tension between the desire for security
and for privacy/individual freedom. This is just an instance of the more
general conflict between the needs and desires of the individual and those
of the larger society.
Today's technology permits small numbers of people to wreak a
disproportionate amount of havoc. (Without jet airplanes, the hijackers
couldn't have done much damage with their box cutters.) I suspect the
debate about where to draw the security line will probably be ongoing and
will depend on how much damage occurs in the future: The more damage, the
tighter we'll circle the wagons.
Copyright 2001 The New York Times Company | Privacy Information
R. A. Hettinga <mailto: rah () ibuc com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo () wasabisystems com
-----BEGIN PGP SIGNATURE-----
Comment: See http://www.treachery.net/~jdyson/ for current keys.
-----END PGP SIGNATURE-----
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Diffie, Sterling, Lessig, et al., interviewed InfoSec News (Sep 30)