Ben Feist
[email protected]
  • All Articles
  • Project Apollo 17
  • A47 Headphone Amp
  • Victor Animatophone

Phil Zimmermann at SxSW

Posted on March 24, 2011 by Feist Posted in Technology

One of the highlights of this year’s South by Southwest (SxSW) Interactive festival was a talk given by Phil Zimmermann about the current frontiers of identity theft and internet privacy. Personally it was amazing to get to hear Zimmermann speak in person. For those who are not familiar with him, Phil Zimmerman was one of the first famous online freedom fighters. He became the subject of much media attention in the early 90’s when he released PGP (Pretty Good Privacy), the first freely available military-grade email encryption program.

As he explained in his talk, when PGP was released it was intended to help NGO’s in their fight against Big Brother. Coming out of the 80s there was a very strong government vs freedom clash happening and as a programmer he sought to even the playing field by protecting email communication from prying eyes. The US Federal Government reacted by opening a three year long criminal investigation of Phil Zimmermann with the intention of charging him for exporting munitions, a federal offense, because cryptography was considered a type of munition under federal law. They claimed the export was done by allowing PGP to be download by users in other countries. The government’s attack on Zimmermann was seen by many as a type of admission by the government that they were in fact eves dropping on public email traffic and didn’t take kindly to people protecting their privacy. Eventually the investigation was dropped, but only after Zimmermann had incurred hundreds of thousands in legal fees.

PGP Logo

Zimmermann pointed out in his talk that this June will be the 20th anniversary of PGP–this immediately made me feel old (because I am). Zimmermann went on to explain that the world has changed and the public worry of eves dropping has changed drastically in the past twenty years. The threat of big brother isn’t as much a public issue,  instead the new adversary is organized crime. Zimmermann went into great detail on how organized crime is involved in identity theft on an industrial scale. Worse, the public, especially the young public, is more open about themselves than any previous generation in history. People are putting on Facebook details about themselves that only 20 years ago people were going out of their way to encrypt in order to protect. When asked about Facebook, Zimmermann said directly “I don’t understand why anyone uses Facebook. I just don’t get it.” This admission in any other context could be written off as another example of the older generation rejecting new ideas. But there at SxSW in a talk about identity theft, I didn’t get Facebook either (and I’m not that old).

Zimmermann’s latest project is a protocol to encrypt VOIP traffic with peer to peer encryption that doesn’t require a Chain of Trust. The Chain of Trust problem is part of every encryption scheme and is always difficult to solve. It refers to the problem of how you tell that the person you’re talking to is really that person, and how you tell that the line between you isn’t being intercepted. In cryptography circles, interception/impersonation is called a “man in the middle attack”. It’s done like this: if Alice wants to talk to Bob , she first has to ask him for his public key, Bob sends his public key back to Alice and she uses it to encrypt all remaining traffic to Bob. The problem is that Charlie could have intercepted the key request and impersonated Bob during the key exchange, sending back his public key instead. Alice would think that she’s encrypting for Bob, but really she’s encrypting for Charlie. But, if Bob’s key had a fingerprint that another trusted mutual friend of Alice’s and Bob’s had available, Alice could check the key received against the fingerprint. She would then notice that it’s really Charlie’s key and would know that the session shouldn’t be trusted. Anyone who has had to generate an SSL certificate for a web server has had to jump through Chain of Trust hoops by getting their certificate registered with a trust agent such as Thawt in order to avoid the “this web server has the wrong certificate” message that we’ve all seen occasionally.

Zimmermann has solved this problem in his VOIP protocol in an ingenious way: There is no Chain of Trust, instead, when the keys are exchanged on the very first call, Alice and Bob verify some simple key fingerprints verbally over the call. Alice knows Bob’s voice and vice versa, and the numbers verify that no man in the middle forged a key response. Once this is done, Alice and Bob know for sure that all of their conversation is being encrypted with the strongest encryption available anywhere, and any eves dropper will get nothing but unintelligible garble. This idea of leaning on the analog world of verbal communication to establish trust is an ingenious mix of technical solution and practicality.

It was obviously inspiring to hear Phil Zimmermann talk. It was a stark reminder to me that computer programming is not only academically interesting, but when done with a greater vision, it can change society and even help foster the overthrow of corrupt governments as was seen in Egypt.

« DIY 5-in-3 Hard Drive Racks
Google, Apple: Unabashedly Reassembling Your Life »

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • From Apollo 17 to NASA May 20, 2019
  • Digitizing Apollo 17 Part 16 – New Apollo17.org, 44th Anniversary Edition December 11, 2016
  • Digitizing Apollo 17 Part 15 – Apollo17.org v1.0 Launched for the Mission’s 43rd Anniversary December 2, 2015
  • Digitizing Apollo 17 Part 14 – A Fantastic Reception September 8, 2015
  • Digitizing Apollo 17 Part 13 – Apollo17.org – Alpha Release v0.1 March 23, 2015
  • Digitizing Apollo 17 Part 12 – YouTube Channel of Complete Mission February 13, 2015
  • Digitizing Apollo 17 Part 11 – More mission audio released by NASA December 14, 2014
  • Digitizing Apollo 17 Part 10 – Manual Transcript Corrections Completed! April 5, 2014
  • Digitizing Apollo 17 Part 9 – The Trip Home March 10, 2014
  • Digitizing Apollo 17 Part 8 – Changing The Clocks January 27, 2013
  • Digitizing Apollo 17 Part 7 – Listening in Real Time December 22, 2012
  • Digitizing Apollo 17 Part 6 – Timeline Reconstruction December 19, 2012
  • Digitizing Apollo 17 Part 5 – Python Processing April 30, 2012
  • Digitizing Apollo 17 Part 4 – Technical vs Public Affairs Office April 15, 2012
  • Digitizing Apollo 17 Part 3 – New OCR Techniques March 30, 2012

Categories

  • How-To (4)
  • Project Apollo 17 (17)
  • Technology (5)

Pages

  • All Articles
  • Home
  • Project Apollo 17
  • test

Categories

  • How-To (4)
  • Project Apollo 17 (17)
  • Technology (5)

Archives

  • May 2019 (1)
  • December 2016 (1)
  • December 2015 (1)
  • September 2015 (1)
  • March 2015 (1)
  • February 2015 (1)
  • December 2014 (1)
  • April 2014 (1)
  • March 2014 (1)
  • January 2013 (1)
  • December 2012 (2)
  • April 2012 (2)
  • March 2012 (2)
  • February 2012 (1)
  • April 2011 (1)
  • March 2011 (1)
  • January 2011 (1)
  • November 2010 (1)
  • February 2010 (1)
  • July 2009 (1)
  • February 2004 (1)
  • July 2003 (1)
  • November 2002 (1)

Recent Comments

  • Gaston on My Victor Animatograph Corporation Animatophone Model 40, Type 13
  • 91 - The 240-Hour Cut - SpaceReporting on From Apollo 17 to NASA
  • HARVEY DUNN on My Victor Animatograph Corporation Animatophone Model 40, Type 13
  • Ed elfstrom on My Victor Animatograph Corporation Animatophone Model 40, Type 13
  • Feist on Digitizing Apollo 17 Part 16 – New Apollo17.org, 44th Anniversary Edition

Tags

3COM 16mm ABBYY FineReader 11 Adobe Premiere Advertising ALSJ Amplifier Animatophone Apollo Apollo 17 Apple Audio Canada Circuits DIY Encryption Film FineReader 11 Fix Google Hard Drives Headphone Amplifier Headphones HomeConnect Innovation Jack Schmitt Mobile PGP Phil Zimmerman Privacy Processing Projector Python Regina Security Soldering Spacelog Streetview SxSW Transcript Transcripts UNRAID Victor Corporation WIFI
© Ben Feist