Dignitaries from the computer security field took the stage at the Computer History Museum Thursday evening to note the 30th anniversary of public key cryptography and wax historical about academic, governmental and commercial developments in security and ponder the future.
Panelists included persons such as Whitfield Diffie, who is a cryptography pioneer and chief security officer at Sun Microsystems; Notes founder Ray Ozzie, now Microsoft's chief software architect, and Brian Snow, retired director for the National Security Agency's Information Assurance Directorate. They touched on a broad array of topics ranging from NSA obstacles and export regulations to decades-old research papers and the Clipper chip.
The concept of public key cryptography has evolved over the years and its principles are being extended into areas such as e-commerce, panelists noted. Public key cryptography uses public and private keys between sender and recipient of a message for security purposes. The sender encrypts a message with a public key and the recipient uses a private key to decrypt it. Its birth is traced to the November 1976 publishing of a paper entitled, "New Directions in Cryptography," by Diffie and Martin Hellman, who also served on Thursday's panel and is a Stanford University professor.
Snow cited the advent of e-commerce and the need to move money over the Internet as a seminal event in secure computing. "The industry was a dead start until e-commerce," he said.
The power of the Internet was not envisioned when cryptography began to emerge, Hellman said. Developers thought widespread commercial adoption of encryption would happen in 10 years, but it took about 25 years, he said.
"The time is not far off when electronic funds transfer will be used to buy a loaf of bread," said Hellman.
Panelist Dan Boneh, also a Stanford University professor as well as a co-inventor of identity-based encryption, said government has gone from stalling deployment of cryptography to mandating it with regulations such as Sarbanes-Oxley and HIPAA. "There's been a complete flip, recognizing that encryption is there to help us, not just to help our enemies," Boneh said.
Ozzie recalled that governments had stifled computer security via export roadblocks or import controls. But all that went away around 1996, so governments are no longer an excuse for a lack of secure software, according to Ozzie.
"At this point in time, my personal view is it's laziness on the part of the industry in terms of not embracing architecture and the importance of human interface in the design of secure systems," said Ozzie. Notes developers had weaved in security, he said.
Commenting on the issue of governments and personal security, Snow recalled that a woman familiar with his NSA role came up to him after the Sept. 11, 2001 terrorist attacks and said she would sacrifice her liberties just to be safe. But it is not that easy, according to Snow.
"Get it out of your mind that there's a straight line between liberty and safety. It is not a linear function," Snow said.