One of the highlights of this year’s South by Southwest (SxSW) Interactive festival was a talk given by Phil Zimmermann about the current frontiers of identity theft and internet privacy. Personally it was amazing to get to hear Zimmermann speak in person. For those who are not familiar with him, Phil Zimmerman was one of the first famous online freedom fighters. He became the subject of much media attention in the early 90’s when he released PGP (Pretty Good Privacy), the first freely available military-grade email encryption program.
As he explained in his talk, when PGP was released it was intended to help NGO’s in their fight against Big Brother. Coming out of the 80s there was a very strong government vs freedom clash happening and as a programmer he sought to even the playing field by protecting email communication from prying eyes. The US Federal Government reacted by opening a three year long criminal investigation of Phil Zimmermann with the intention of charging him for exporting munitions, a federal offense, because cryptography was considered a type of munition under federal law. They claimed the export was done by allowing PGP to be download by users in other countries. The government’s attack on Zimmermann was seen by many as a type of admission by the government that they were in fact eves dropping on public email traffic and didn’t take kindly to people protecting their privacy. Eventually the investigation was dropped, but only after Zimmermann had incurred hundreds of thousands in legal fees.
Zimmermann pointed out in his talk that this June will be the 20th anniversary of PGP–this immediately made me feel old (because I am). Zimmermann went on to explain that the world has changed and the public worry of eves dropping has changed drastically in the past twenty years. The threat of big brother isn’t as much a public issue, instead the new adversary is organized crime. Zimmermann went into great detail on how organized crime is involved in identity theft on an industrial scale. Worse, the public, especially the young public, is more open about themselves than any previous generation in history. People are putting on Facebook details about themselves that only 20 years ago people were going out of their way to encrypt in order to protect. When asked about Facebook, Zimmermann said directly “I don’t understand why anyone uses Facebook. I just don’t get it.” This admission in any other context could be written off as another example of the older generation rejecting new ideas. But there at SxSW in a talk about identity theft, I didn’t get Facebook either (and I’m not that old).
Zimmermann’s latest project is a protocol to encrypt VOIP traffic with peer to peer encryption that doesn’t require a Chain of Trust. The Chain of Trust problem is part of every encryption scheme and is always difficult to solve. It refers to the problem of how you tell that the person you’re talking to is really that person, and how you tell that the line between you isn’t being intercepted. In cryptography circles, interception/impersonation is called a “man in the middle attack”. It’s done like this: if Alice wants to talk to Bob , she first has to ask him for his public key, Bob sends his public key back to Alice and she uses it to encrypt all remaining traffic to Bob. The problem is that Charlie could have intercepted the key request and impersonated Bob during the key exchange, sending back his public key instead. Alice would think that she’s encrypting for Bob, but really she’s encrypting for Charlie. But, if Bob’s key had a fingerprint that another trusted mutual friend of Alice’s and Bob’s had available, Alice could check the key received against the fingerprint. She would then notice that it’s really Charlie’s key and would know that the session shouldn’t be trusted. Anyone who has had to generate an SSL certificate for a web server has had to jump through Chain of Trust hoops by getting their certificate registered with a trust agent such as Thawt in order to avoid the “this web server has the wrong certificate” message that we’ve all seen occasionally.
Zimmermann has solved this problem in his VOIP protocol in an ingenious way: There is no Chain of Trust, instead, when the keys are exchanged on the very first call, Alice and Bob verify some simple key fingerprints verbally over the call. Alice knows Bob’s voice and vice versa, and the numbers verify that no man in the middle forged a key response. Once this is done, Alice and Bob know for sure that all of their conversation is being encrypted with the strongest encryption available anywhere, and any eves dropper will get nothing but unintelligible garble. This idea of leaning on the analog world of verbal communication to establish trust is an ingenious mix of technical solution and practicality.
It was obviously inspiring to hear Phil Zimmermann talk. It was a stark reminder to me that computer programming is not only academically interesting, but when done with a greater vision, it can change society and even help foster the overthrow of corrupt governments as was seen in Egypt.