Security King: An Interview with Whit Diffie

by rthieme on July 1, 2003

An Interview with Whit Diffie by Richard Thieme

The Complete Transcript

RT: I want to emphasize the deeper context. The world looks differently than it did 30 years ago. So much is located around you in the seventies when public key cryptography was brought forward. The fact that you are now CSO for SUN indicates some differences. I want to explore the context of your life as well as the content.

You have a unique psyche and spirit in terms of creating a space of possibility. Breakthroughs into new ways of thinking, plus affecting public policy and public and private life but you are not who you were 25 years ago. How does life look to you now?

The biographies that others write and that we write can constrain us but you continue to create a persona and use it to do good work. I am interested in the deeper self that creates the personas.

Whit: A whole bunch of people, particular the Germans or German-Swiss that did that infinite interview that is on the web, asked about events from childhood through 1980. That’s all well recorded.

I perceive several shifts in my life. I do not see a vivid shift between the seventies and the eighties. I went form being a nominal graduate system to managing secure systems research at North Telecom but continued to do intellectual engineering work. I viewed my world analogous to classical university jobs – your day job was teaching you students and if you did that competently, you kept your job, If you wanted to be a star, you had to do that in addition. The day job was talking to customers, consulting internally, etc and grazing around for what was interesting. I did several good pieces of work. One nice piece of work, not well remembered, was on securing TCP. The criticism is that I merged the security with the protocol itself so the result was large and complicated which speaks against certification. What is said about functionality was very nice. North Telecom did a secure ISDN telephone and my design was a good piece of work, and the one thing that is remembered is the concept called – rather poorly, I didn’t name it – perfect forward secretly.

So I continued basically to do what I had done for a long time, routine technical work and episodically to do something worth taking note of. After I came to Sun that did not change as much as it might have.  I found to my surprise that I had gained dramatically in formal status, I had up two major ranks in the industrial world, and as director I had a special job at Sun and a strong select group, a lot of formal status, but that turned out not to offset the loss of informal status as much as it might have. The first year or two with Sun I floundered around, not finding myself very effective, wanting to think about things. Then the government did one of its periodic favors and delivered the Clipper Chip and I found myself moving into politics and working almost entirely on technology and society policy issues for the next decade.

RT: Did that make explicit a lot of the underlying presuppositions of your prior work?

To the degree that they were about social objectives, the answer is yes. On the other hand, if you follow not interviews mostly given late, but the things I read, you’ll realize that I went through a not-so-surprising transformation form a technically centered and individually centered view of things to a much better understanding of society. If you look at the predictions I made about written in 1979 that runs to the late nineties, many of the technical predictions such as when we would go to triple DES and things like are correct but my whole understanding of what society would be like in the nineties were incorrect. I imagined for example that the falling cost of electronics would give rise to a growth SigInt industry and everyone would have to be protecting themselves, not recognizing the role of law and the way in which state power differs so vastly from industrial power. My whole political vision has – to put it sympathetically – matured or – to put it less sympathetically – been co-opted or corrupted over these thirty years.

RT: It looks like maturity from the inside, though.

Whit: I am not sure that it always does. There is a line from a poem, “I Remember I Remember,” and the last lines are “It is little joy/to know I am further off from heaven/than when I was a boy.” Things become more complicated and less clear. You become compromised, but at the same time, you don’t regret becoming compromised, because you learned interesting things, you were involved with interesting people, you hold more complex views that you once would have considered essentially criminal.

RT: I call that more grounded in reality.

That’s correct, but I am not absolutely sure that it always feels like maturity form the inside.

RT As I have grown older, I have found literally have no clue about any of the things about which I used to be more certain…

I like the old line from Saturday Night Live, you ignorant slut.

RT: But you feel it, you feel the complexity of issues and ideas and see how you formed those ideas when we were younger in a particular context, and that context has changed so much over our lifetimes. When you put that into historical continuity, you have to realize how little you grasp of the big picture.

Whit: What I was thinking was, I spent a lot of time –my new job interferes with this – at the Center for International Security and Cooperation at Stanford. That’s a place with a whole bunch of ex-govvies. I heard discussions of issues that were already of interest to me in sixties. Let me give you an amusing example. Driving to work one morning a few months ago, I listened driving to work in the morning to the head of Physicians for Social Responsibility doing her anti-nuclear rant and that noon I listened to a seminar about whether or not a new compiler construction project  actually has chance to be licensed in the US in the next three years in such a time as to be online by 2011 when the power needs would be such and such – a very down to earth discussion. The contrast between the kinds of views to which I would have once been sympathetic – although I was never particularly anti-nuclear – this sort of broad brush moral assessment of things by comparison with this detailed assessment of whether pebble reactors had promise and what difficulties they had etc. – a lot of the people I would have once discarded as criminals, now I can see how carefully they think, what good scholars they are.

RT: I understand. I know.

Whit: I have often said that I started out thinking of myself as NSA’s opponent, but within a few years, as a result of meeting people and studying their technologies and activities, I developed a great deal more sympathy for intelligence overall. In the context of the Cold War, the  worst possible thing was to imagine two blind men in a room with machine guns and intelligence was a stabilizing phenomena in international relations in a way that I thought the liberals were blinded to, but in fact, they were anti-secrecy per se and on the face of it the intelligence agencies were so secretive.

RT: You and Clint Brooks, the father of Clipper, gained a great deal of respect for one another.

Whit: Respect, yes, but not intimacy. I don’t feel I know him particularly well compared to some of the other agency people.

RT: Given the aggressive efforts of law enforcement since 9/11 to get access to whatever systems of information they would like, do you think some application along the lines of Clipper would be more attractive now, in part as a safeguard?

Whit: I think the issue of key escrow can not possibly go away because we are moving – I hate to use buzzwords, but we are moving into an information society, and at the same time I want you to take me seriously about that. That’s not always easy when you use buzzwords but in this case I mean them. I want to state this clearly for a limited case. We have a lot of things like, say, personal computers which I think of as a manufacturing object like a factory. It mostly manufactures services or sometimes code with its compilers or documents or something but it’s a standardized unit of production. All that distinguishes one from another is what information it has about what to produce. For example, an orchestra is a standardized piece of machinery that manufactures music and you feed it scores and it manufactures music. It was a great achievement in the musical world to standardize orchestras. Machines shops are a little less well-codified but are also an example. We’re moving toward a world in which we can easily imagine, say, chip compilers in the future or biological compilers that manufacture drugs. This will be a world in which small units of society whether individual families or corporations or cities or states have standardized means of production and what goes on is a function of what information they have to feed into their means of production to turn it into more information or goods or matter. In such a society the flows of information are the description of what social control is, what social interaction is.

If you look at things like the nuclear command and control system, you find things that are more complex than classic information protection systems where you have simple models like link security or end-to-end security. You have circumstances of prepositioning information, concepts like signing authorities, things like that, within this sort of society defined by information flows. What would you expect other than to have mechanisms like that someone has the authorized right to inspect something? What is the machinery that supports that? My view is, the issue of key escrow will definitely not go away, because to the authoritarian mind, the natural view is, of course a court has the right to issue a subpoena for this information, therefore it has the right to have the machinery built in that will execute the subpoena for it an give it the information. The anti-authoritarian mind would think as I do that the important thing about a free society is the distinction between being held to account for your actions and being just plain forced to do what society wants. So it’s important when reporters are faced with subpoenas and say no, I am going to sit in jail for six weeks rather than give you my notes on this case because freedom of the press is more important that you getting a conviction in some particular case. The court naturally thinks otherwise, that it can just go in and grab the information it wants.

Going back to a more tactical issue, I think it is interesting that there has been so little anti-cryptography sentiment since 9/11. Rudd sponsored a bill that went nowhere and the agency people said they had made up their minds about a set of issues a few years ago and have not seen good reasons to revisit their decisions. The Advanced Encryption Standard was hung up for about two months this way. It was supposed to appear about the end of September and was finally signed with very little fanfare on November 26. The cryptographic community would have been happy to hold a big party for that signing but it didn’t happen. To my view that was a great achievement for the deployment of cryptography because of the apparent strength of this algorithm, the international process by which it was developed, and the fact that US standard is a Belgian-designed algorithm. All of that gives it a much better chance of fostering a wider international compatible, interoperable, etc. use of cryptography.

RT: You are on record consistently saying things like, “people have the right to make any effort they wish to keep conversations private.” You speak of people in the seventeenth century, say, being able to go behind a tree and presume their conversation was private. I want to approach the relationship of content to context. The printing press helped to create the notion of individuals. Identity is a function of boundaries and the boundaries define different levels of complexity. Now, those boundaries are being subverted by the technologies we are discussing, so is identity, and so, therefore, is the notion of privacy. What does privacy mean when our vocabulary is a result of social realities generated by printing and text? When not only “intellectual property” came to be defined by the notion of an “individual,” which did not exist before then, not in the way we use the word?

Whit: Authorship, OK, but “nobody thinking of themselves as an individual” – that’s a stretch.

RT: Well, the rights of humankind evolved in the sixteen and seventeen hundreds. An individual was defined as a different kind of construction.

In a networked world, corporate identity may well come to supplant individual identity.

Whit: There are two different questions. One is the broader one on the impact of information technology. The second is whether or not corporate identity will supplant individual identity, which may or may not turn out to be true. The one solid thing I see in that direction is that information technology makes it possible to maintain a larger organization. This benefits not only corporations but nation states as well. I had a conversation with Bob Gaskins, later the creator of PowerPoint, and was bemoaning the rash of mergers and the centralization of power and he said oh, don’t worry about it. We’ve had that sort of thing before and these larger organizations always develop phony economics internally and after a while they break up. I have not in fact seen that in twenty years. We are still overall in an era of consolidation. I have concluded tentatively that the reason is that better information technology makes it feasible to have an organization of so many workers all over the world in a way that was not feasible in 1980.

RT: That’s what I mean by the morphing of boundaries. Now we talk naturally about transnational or meta-national entities – the boundaries around national states that emerged in the past few hundred years was at a level of hierarchical structuring appropriate to the political, social, and economic complexity of society.

Whit: Yes. There are other implications. Airports, for example, have different a legal difficulty that ports don’t. Someone sails into a port, you can keep a person on the ship, the ship is different than the land, you can legally detain the ship, you don’t have the same kind of visa problem that you have if Germany, say, refuses to let you fly to Frankfurt unless you are qualified to enter Germany even though you have no intention of staying in Germany but intend to pass through. You have the increased growth of travel since the steam engine. You have a change in the dimensionality of the world from a planer graph to a more fully connected graph. Once you can fly directly from New York to Paris, the whole things looks more like a full graph, and that’s important for analyzing a lot of issues for cyberwar and the flows of information on the web.

The introduction of cables challenged national boundaries because customs offices did not know how to look at information. The radio. Now we’re back to a very complicated situation in which nations have a sort of overall control of the flow of information in and out of themselves but not much retail control. The events of 9/11 panic them  because they cannot really have confidence that they can prevent that kind of thing without a degree of retail control that is antagonistic to a lot of other things they are trying to promote such as free societies, free flow of business, free trade, etc.

RT: So how do you see that evolving?

Whit: I have more questions than answers. My top-level question about 9/11 and about the question of whether or not it was an intelligence failure is, do we really want to live in a world in which US intelligence can detect every half million dollar, twenty person, two year activity. I am very concerned that a number of things from the rise and power of the intellectual property purveyors to the hard-to-resist concerns for life and limb that has given new life and new power to police institutions are going to lead us toward a much more rule-bound and controlled society.

RT: David Brin said in a sci-fi novel “The Transparent Society”,” that the rich and powerful would always have privacy and the only solution was to “watch the watchers,” making sure that those who have the authority to intrude have accountability to some point of reference other than themselves.

Whit: Do you take Brin’s books very seriously?

RT: The concept, perhaps, rather than the novel. A recent “mistaken identity” case, for example, revealed how a similar name caused an older woman to be listed as a potential terrorist and denied access to a flight.

Whit: On balance indeed, more transparency on the part of government machinery is desirable. In particular, police agencies have been very effective lobbyists for the an agenda that sounds like “what’s good for the police is good for society.” It is really, making the work of the police easier, rather than making the work of the police more effective. Anyone who lobbies for secrecy does so to have as few masters as necessary to whom to be accountable. They can say the want their “watch list” secret for security reasons, but simultaneously prevent scrutiny of the “watch list” for errors.

Brin’s notion of watching the people watching the cameras is only vaguely applicable in a transition society such as ours at the moment, in which there is some physical presence and some telepresence.

One POV about cameras in the court room is to provide coverage without having to go to courtroom. But at the same time, you should not be able to sit at home watching people’s lives hung out for your entertainment. May you should have to go to City Hall to sit in a room to watch but not record court proceedings. My point is that it’s a short term solution, regardless of its merits, because sooner rather than later, say., no later than 2100, a much larger fraction of society will consist entirely of telecommunications. So how you might apply automation to voting booths versus how to vote from your laptop securely – one is a short term issue and the other a medium to long term issue.

RT: Let’s now relate this to your work at Sun and to your past. Edward Wilson in Consiliance said that all great scientists – like great information security people – show a passion for knowledge, obsessiveness, and daring.   Now that you are Chief Security Office of Sun Microsystems, how do you maintain your edge? Robert Galvin of Motorola said that all great revolutionary work begins life as a minority opinion, which certainly applies to public key cryptography as you and Marty Hellman brought it to life. Now you look like the consummate insider. How do you keep your eye on the truth that only an outcast can know?

Whit: This relates back to our discussion of being compromised. I have felt compromised in that sense from very early on. The more successful I was at learning things from NSA people, the more I came to recognize – getting an NSA clearance would destroy me because I would be overwhelmed by the exposure to that vast culture and its knowledge. Even the amount I have learned from NSA people over the first decade, let alone the last three,  about their work, led me more and more to thinking about their problems and thinking about them the way they thought. James Ellis is much more remarkable than I in that in 1969 he was steeped in that community and still managed to think of public key cryptography.

RT: You were picked by the brine.

Whit: Yes! Marinated in corruption, as it were. Now, this is where I refuse to answer your question and do so as tactfully as possible. There is a hidden assumption that the objective overall and for any particular period of my life is to triumph by means of creativity. By making myself available to be CSO, I recognized that I was trading – when I came to Sun, I was told that the mandate for a “distinguished engineer” was to work on whatever was in the scope of the corporation’s activities that were considered interesting or where he could make the greatest contribution. I was able to cherry pick what was of concern to me. In the spring of 1993, for example, policy issues seemed to me to be the most important threat to secure communications and I turned my attention entirely to that. I recognized that I was trading a circumstance where I get to decide what is most important and get to work on it like the Supreme Court for one in which I have to work on things that occur to themselves or have a good reason not to. What I hope to accomplish – I have a sense that we are positioned and have been for some time – we have enough primitives or components, if you will – to give us a big welding job here to get all this stuff together correctly. The advantages of having me as CSO because my name is well known were sufficient to make it necessary for me to do that. What was needed was a rallying point in terms of personalities as well as the fact that there are some clear rallying points like the Advanced Encryption Standard presenting themselves by the world around which a homogenous security technology can be formed.

RT: How will use your persona as “whit Diffie” as leverage for this work?

Whit: Using one’s reputation is such a ubiquitous phenomena that this does not seem to invite that more than anything else.

RT: McNeeley did say after Microsoft’s announcement that security was now going to be a priority that Sun did not need to send out a letter in order to make that point. But that was followed quickly by your appointment as an advocate for Sun’s security offerings. What do you intend to do for Sun or on behalf of Sun as opposed to helping the internet’s fragmented security environment to grow more integrated?

Whit: I intend to do that in the context of Sun’s products. “Easy enough for ecommerce, secure enough for homeland defense” is the slogan. I am convinced we can make a major breakthrough against the reputation that security has that it isn’t nay good unless it’s terribly burdensome. I believe I bring to this job in addition to my reputation a certain judgement acquired in thirty years in working in and studying security very broadly and being interested in everything from penetrating safes to cryptanalysis. I hope to bring judgement as to where we will get the most bang for the buck. My prejudices in these directions are so far only prejudices. There is a standard rift exemplified perfectly between me and Scott Chaney in that Scott is a policeman and the police think in terms of diagnosing things and retaliating. Security people think in terms of preventing things. Neither viewpoint is comprehensive. It’s foolish to say that either alone can be entirely adequate. One of the great disservices of cryptography to the world is that cryptography is a case in which that seems to have been decided narrowly – suppose you have a cryptographic algorithm and all the opponent have access to is the ciphertext and that algorithm -–we believe we have gotten so good at that so it looks as if a pure security measure is entirely adequate. The reason that case looked so hard for much of the 20th century is that once you broadcast a message on a radio there is virtually no control on what people intercepting the message do with it. In that respect, it’s very different from almost all of the cases that concern us most of the time on the Internet day to day which are interactive phenomena. My prejudice is in favor of security mechanisms, denial of objective mechanisms, as far as possible and intrusion detection and diagnosis and response mechanisms wherever necessary.

RT: Where do you see the financial incentives coming from to achieve this? It is difficult to present a quantifiable return on security investment to decision makers to justify that.

Whit: The intrinsic costs (you can now do high-grade cryptography in ordinary chips, for example) have dropped a long way. The extrinsic costs affect things like, why can’t you buy a secure phone for less? This is fundamental. As CSO of SUN, I know that if you can integrate things into the product line of a major manufacturer of equipment, you can get the overhead down to where the extrinsic costs will decline and cost-based resistance will decline.

RT: And Sun is the best context in which to do that commercially in this country?

Whit: I did not have to make that decision. I did not survey all the companies in the world and make a choice. If you believe in end-to-end phenomena as I did for most of my career, then getting control of the leaves might be better than getting control of the trunks. My decisions about what to do were not, however, so broad in spectrum as to invite me to try to rebuild my bridges with Microsoft who have a different point of view. It never occurred to me to try to do that.

My broad view was recently formulated like this: Information security is about a century old. It begins with the radio, the first major thing to make this field what it is, followed fifty years later by the computer. Here we are a century into this and here are the problems we have solved and here are the ones we have not solved.

RT: Broadly speaking, the problems are found in system architecture at its core, rather than in add-ons, right? Systems have not been designed to be intrinsically secure.

Whit: It’s worse than that. As an infosec engineer, typically, by the time they call you in on a problem, all the decisions you need to control have already been made in the wrong way.

One of the challenges is to get people to understand the importance of security so they are obliged to take it into account early in design.

RT: Your description of the security landscape  can sound pessimistic if one only reads your words. But you sound immensely energetic and optimistic still. What maintains your optimism in the face of daunting complexity and insoluble problems? What can you communicate to younger security practitioners about that?

Whit: I don’t expect younger people to see things as I do. One of the most important thing about the young is that they’re ignorant. When you’re older you realize that people thirty years younger have never heard of many of the things that define the context of our lives. We think of younger people as knowing a whole bunch of new stuff that we don’t but it’s at least as important that they are not burdened with the direct experience of the earlier culture. What people think of as fundamental is what we’re used to. The argument about caller ID a decade ago is an example. Where did the idea come from that you have the God-given right to make an anonymous telephone call? It’s an accident of the technology. Maybe sending a letter is an antecedent, but usually, to speak with someone, you had to go up to them face to face. Yet people were so indignant about the fact that they were going to be identified.

RT: Which is critical to how privacy issues impact on identity issues. How we’re socialized around the age of ten is how we think life ought to be forever. So if privacy as we experienced it growing up is over, as your boss has said, then the cat really is already out of the bag.

Whit: If you look at our childhood and what privacy meant as a practical matter, I think it is probably the wrong abstraction to emphasize. There were not video cameras watching everything then. There were a whole bunch of things that you could get away with then like throwing a rock through a window and running. Today they well recognize you and hunt you down. A lot of things like that may be useful or not. You may want to make use of evidence that you were threatened, for example, but may not be able to get any use of the fact that someone was recording the scene. Then little will change in the context of that social interaction.

What did we want privacy for as children? We probably have more sexual privacy now than we did then. Sexuality of teenagers is more open now. Then it was that you were not supposed to have a sex life so your margins were defined by the back seats of Fords. Through the seventies and eighties I had a very NSA-like uncompromising view of what communications security meant. It meant that individuals were guaranteed that their traffic could not be exploited. Not only is that not achievable for most people most of the time, it isn’t even necessary. I have a friend in her forties with a kinky sex life who communicates about it all the time in chat rooms. I would never have talked about all that with someone that way because there is a good chance that someone is recording it and it might come back to bite you. I was raised during the Red Scare and repeatedly heard warnings form polder people about not signing things because they came back to haunt you. I internalized that. I have been immensely careful about what I say on the telephone even though there is a negligible chance that someone will record it, down below one per cent.

Sometime after 1970 it became impossible to live underground. This is an ID society. Laws meant to control immigrant labor, for example, make it very hard to live as you could in the sixties under an assumed name without knowing intelligence-level tradecraft.

RT: The day will come when people who refuse to use digital or numerical or online identities will be judged sociopathic.

Whit: I think they will be. People born today will grow up in a world in which much of what you do is online.

I have had this vision for thirty years which I think is coming about. A marketing presentation which would have taken a month in 1980 can now be produced by one capable person in an afternoon. My original vision was that early kin this century one would be able to create a color movie with the ease formerly required to write a personal letter. We’re close to that. You and I grew up being creative because we lived largely within our own minds. Soon, the fantasies you can manage in your own mind unsupported will not be able to compete with the ones that can be manufactured using available machinery. What are the implications of that?

RT: Let me return to the context we defined at the beginning of our conversation – the isolation in which you worked, your passion for knowledge. You have said you had a kind of Gnostic approach in life and expected solutions to life’s deeper mysteries to be salvific. You have felt the lure of the mysterious to be a compelling motivation for your pursuits. Where today do you find that edge? What defines that mystery now that compels or attracts you? What is unknowable that compels hot pursuit?

Whit: That’s a very attractive question and I do not have a ready answer. I am fascinated with why people believe things. I do not understand why I believe things much less why others do.

Someone said that Germany lost the Second World War but fascism won it. I thought there was a lot of truth to that in terms of the freedoms available then and what various technologies including bureaucratic technologies have caused to be. Technologies of social control enable a degree of control which even in those which do not express it in the suppression of minorities, say,  is immense compared to that prior time. I tried to understand why I believed that, why others believe what they believe, and if I could investigate whatever I wanted, it might be what the proper set of rules or mechanisms for investigating the world and beliefs actually are.

RT: You want to study the telescope instead of the galaxy. Or the telescope as well as the galaxy.

edited for Information Security Magazine:

SUN’S SECURITY KING

Cryptography pioneer Whit Diffie offers illuminating views on his ascension to Sun Microsystems’ CSO.

interviewed by Richard Thieme

Whit Diffie

Sun Microsystems’ CSO

Yearbook

1975
CREATED public-key encryption, with Stanford University’s Martin Hellman.

1978 – 1991
SERVED as manager of secure systems research for Northern Telecom.

1979
HONORED with the IEEE Information Theory Society Best Paper Award.

1981
RECEIVED the Donald E. Fink Award for expository writing in an IEEE journal.

1991
APPOINTED “distinguished engineer” at Sun Microsystems.

1992
AWARDED an honorary doctorate in technical sciences by the Swiss Federal Institute of Technology for work in public-key cryptography.

1994
NAMED Pioneer Award winner by the Electronic Frontiers Foundation.

1996
BESTOWED National Computer Systems Security Award by NIST/NSA.

1997
NAMED Louis E. Levy Medal winner by Franklin Institute.

2002
NAMED chief security officer of Sun Microsystems.

Q: How do you reconcile the iconoclastic Whit Diffie of the ’70s with “Whit Diffie, chief security officer of Sun Microsystems?”

A: We are all compromised over time. I have felt compromised from very early on. I worked independently, in relative isolation, but my work naturally brought me into close contact with people at the National Security Agency (NSA), and the more successful I was at learning things from NSA people, the more I realized that getting an NSA clearance would destroy me, because I would be overwhelmed by exposure to its vast culture and knowledge. Even the amount I have learned from them about their work over the first 10 years, let alone the last 30, led me more and more to thinking about their problems and thinking about them the way they thought.

How has your work evolved over that time?

There have been several shifts in my life, but not between the ’70s and the ’80s. I went from being a nominal graduate student to managing secure systems research at Northern Telecom, but continued to do intellectual engineering work. My day job at Northern Telecom was talking to customers, consulting internally and grazing around for interesting things. I did several good pieces of work. One, securing TCP, isn’t well remembered. I was criticized for merging security with the protocol itself. That resulted in something large and complicated, which speaks against certification. What it said about functionality, however, was very nice.

So I continued to do routine technical work, and, episodically, I did something worth noticing. After I came to Sun [as distinguished engineer in 1991], that didn’t change as much as it might have. I gained dramatically in formal status. As director, I had a special job at Sun, a strong, select group and formal status, but that didn’t offset the loss of informal status as much as it might have. The first year or two with Sun, I floundered around. I wasn’t very effective. Then the government did one of its periodic favors and delivered the Clipper Chip. Policy issues seemed to be the most important threat to secure communications, and I turned my attention entirely to them.

What effect did that have on you?

I went through a not-so-surprising transformation from a technically centered, individually centered view of things to a much better understanding of society. Many of the technical predictions I made about technology from the ’70s to the late ’90s – such as when we would go to TripleDES – are correct. But my understanding of what society would be like in the ’90s was incorrect.

I imagined, for example, that the falling cost of electronics would give rise to a growth in the signals intelligence industry, and everyone would have to protect themselves, not recognizing the role of law and the way in which state power differs vastly from industrial power. To put it sympathetically, my political vision has matured. To put it less sympathetically, my vision has been co-opted or corrupted over these last 30 years. That’s what I mean by “compromised.”

It sounds to me like you matured.

Well, it doesn’t always feel like maturity. The last lines of a poem called “I Remember, I Remember” are: “It is little joy to know I am further off from heaven than when I was a boy.” Things become more complicated and less clear. You do become compromised, but at the same time, you don’t regret becoming compromised, because you learned interesting things; you were involved with interesting people.

I started out thinking of myself as NSA’s opponent, but within a few years, as a result of studying its technologies and activities, I developed a great deal more sympathy for intelligence overall. In the context of the Cold War, the worst possible thing was to imagine two blind men in a room with machine guns. Intelligence was a stabilizing phenomena in international relations in a way that I thought liberals were blind to.

What have the changes you have undergone meant in terms of your work at Sun and, recently, your appointment as CSO?

There’s a hidden assumption that the objective overall and for any particular period of my life is to triumph by means of creativity. When I became CSO, I recognized that there are trade-offs. I am trading a situation in which I could decide what was most important and work on it for one in which I have to work on things that occur “out there.”

What do you intend to do on behalf of Sun, as opposed to helping the Internet’s fragmented security environment become more integrated?

I intend to do that integration in the context of Sun’s products. I bring to this job, in addition to my reputation, a certain judgment acquired in 30 years in working in and studying security very broadly and being interested in everything from penetrating safes to cryptanalysis. I hope to have good judgment on where we will get the most bang for the buck.

Where are the financial incentives for businesses to invest in security?

“There’s a rift exemplified by the difference between myself and Scott Charney, chief security strategist at Microsoft. Scott is a policeman. Police think in terms of diagnosing things and retaliating. Security people think in terms of preventing things. Neither viewpoint is comprehensive.”

It’s still difficult to show a quantifiable return on security investment to decision makers, isn’t it?

The intrinsic costs – you can now do high-grade cryptography in ordinary chips, for example – have dropped a long way. The extrinsic costs affect things like, why can’t you buy a secure phone for less? This is fundamental. If you can integrate things into the product line of a major manufacturer of equipment, you can get the overhead down to where the extrinsic costs will decline and cost-based resistance will decline.

After Microsoft’s announcement that security is now a priority, Sun CEO Scott McNealey said that Sun didn’t need to send out a letter to make that point. Yet that was followed pretty quickly by your appointment as advocate for Sun’s security offerings. Where’s the distinction?

There’s a rift exemplified by the difference between myself and Scott Charney, chief security strategist at Microsoft. Scott is a policeman. Police think in terms of diagnosing things and retaliating. Security people think in terms of preventing things. Neither viewpoint is comprehensive, and it’s foolish to say that either alone can be entirely adequate. My prejudice is in favor of security mechanisms, denial-of-objective mechanisms – as far as possible – using intrusion detection, diagnosis and response mechanisms wherever necessary.

How has the security landscape in which we operate changed since Sept. 11?

I have more questions than answers. My top-level question about Sept. 11 is, do we really want to live in a world in which U.S. intelligence can detect every half-million-dollar, 20-person, two-year activity? I’m very concerned that a number of things from the rise and power of intellectual property purveyors to the hard-to-resist concerns for life and limb that has given new life and power to police institutions are going to lead us toward a much more rule-bound and controlled society.

Given the aggressive efforts of law enforcement since Sept. 11 to get access to whatever systems of information they would like, do you think some application along the lines of Clipper would be more attractive now?

The issue of key escrow won’t go away because, to the authoritarian mind, the natural view is, “Of course, a court has the right to issue a subpoena for this information. Therefore, it has the right to have machinery built in that will execute the subpoena for it and provide that information.” The anti-authoritarian mind would think, as I do, that the important thing about a free society is the distinction between being held to account for your actions and being forced to do what society wants.

In terms of the role of information technology, what kind of society do we have now?

I hate to use buzzwords, so take me seriously here – we’re moving into an information society. Here’s what I mean by that.

We have personal computers, which I think of as manufacturing objects, like factories.

They mostly manufacture services; sometimes they manufacture code or documents, but it’s a standardized unit of production. What distinguishes one from another is the information it has about what to produce. For example, an orchestra is a standardized piece of machinery that manufactures music; you feed it scores, and it manufactures music. We’re moving toward a world in which we can imagine, say, chip compilers or biological compilers that manufacture drugs. This will be a world in which small units of society – whether individual families, corporations or states – have standardized means of production. What goes on is a function of what information they have to feed into their means of production to turn it into more information or goods. In such a society, the flows of information describe the parameters of social control and social interaction.

What does that mean individually?

People born today will grow up in a world in which much of what we do is online. I have had a vision for 30 years, which I think is coming about. A marketing presentation that would have taken a month in 1980 can now be produced by one capable person in an afternoon. My vision was that early in this century one would be able to create a color movie with the ease formerly required to write a personal letter. We’re close. We grew up being creative because we lived largely within our own minds. Soon, the fantasies one can manage in one’s own mind unsupported won’t be able to compete with the ones that can be manufactured using available machinery. What are the implications of that?

You are on record as consistently saying things like, “People have the right to make any effort they wish to keep conversations private.” But in a networked world, corporate identity may well come to supplant individual identity. What will “privacy” mean then?

There are two different questions. The broader one is about the impact of information technology. The second is whether corporate identity will supplant individual identity, which may or may not turn out to be true. Information technology makes it possible to maintain larger organizations. This benefits not only corporations but nation-states as well. I was once bemoaning the rash of mergers and centralization of power, and a friend said, “Oh, we’ve had that sort of thing before; larger organizations always develop phony economics internally and, after a while, break up.” But I haven’t seen that in 20 years. We are still in an era of consolidation, because better information technology makes it feasible to have an organization of so many workers all over the world in a way that wasn’t feasible before.

Your description of the security landscape might sound pessimistic if one only reads the words, but you sound optimistic. What maintains your optimism? What can you communicate to younger security practitioners about that?

I don’t expect younger people to see things as I do. One of the most important things about the young is that they’re ignorant. When you’re older, you realize that people 30 years younger have never heard of many of the things that define the context of your life. We think of younger people as knowing a whole bunch of new stuff that we don’t, but it’s at least as important that they aren’t burdened with the direct experience of the earlier culture. What people think of as fundamental is what we’re used to. The argument about Caller ID a decade ago is an example. Where did the idea come from that you have the God-given right to make an anonymous telephone call? It’s an accident of the technology. Yet people were indignant about the fact that they were going to be identified.

Copyright © 2003 Information Security, a division of TruSecure Corporation

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: