Prophet of Privacy

The heat on this steamy June day is oppressive, but Whitfield Diffie doesn't seem to notice. He strides across the street from his hotel to the Washington, DC, Convention Center like a smart bomb homing in on a bunker. He has prepared for the Armed Forces Communications and Electronics Association Expo and Convention with his usual compulsive vigor. Some days before, in his office at Sun Microsystems Computer Corporation in Mountain View, California - where he holds the title of distinguished engineer - Diffie examined the list of exhibitors and methodically charted a course through the convention center that would take him past every vendor or organization that offers something related to the field he has helped revolutionize: cryptography. Diffie is quite at home in Washington. In the past 15 months he has testified three times before Congress and participated in a blue-ribbon panel on the future of crypto. This swing started two days ago, on his 50th birthday. He celebrated by having a quiet dinner with his wife, Egyptologist Mary Fischer. The following day he denounced the Clipper Chip at a conference organized by the Electronic Privacy Information Center. Now - accompanied by a small entourage of authors, including David Kahn (The Codebreakers), Bruce Schneier (Applied Cryptography), and me - he is ready to hit the convention floor of the Armed Forces show, where the theme of the day is "Digitizing the Battlefield." Even if he weren't leading a crew of cypherscribes, Diffie would cut an imposing figure. From the neck down, he fits the conservative mode of the bureaucrats, techies, and spooks in attendance: blue suit with a neatly knotted tie over a blue shirt. But hovering over the suit are piercing blue eyes framed by shoulder-length blonde hair and a beard worthy of Buffalo Bill. Then there's his unforgettable voice: Diffie speaks in a cutting tremolo that heightens the effect of his words, which are often already provocative. Diffie has a chance to exercise these vocal proclivities as he jaunts from booth to booth, happily bantering with the purveyors of surveillance systems, crypto-protected jeep communications, and "situation awareness" helmets with built-in quanta-ray sensors. At one modest display he jokes, "For an outfit of your formidability, you've managed an economical booth." The exhibitors wilt. At another booth he is offered a chance to try out an encryption-equipped walkie-talkie. "Presumably, we'll discover it works just fine," says Diffie, refusing the demo. Then Diffie reaches Booth 660, let by the National Security Agency. The agency is the world's largest repository of information about cryptography and usually operates under total secrecy. In these après Cold War days, however, the agency has been experimenting with a more public posture, and at the conference it has fronted two booths: this one, with its banner proudly unfurled, and an exhibit room off the show floor. A helpful NSA employee shows Diffie and company to the latter. It's hardly different from any other vendor's operation at a high-tech convention - except that visitors must provide social security numbers and proof of US citizenship. The room is filled with several elaborate demos of cryptosystems running off PC nets. Diffie examines a system that allows several levels of encryption to coexist on a network. The young agency technician running the demo is obviously bright, perhaps even a bit haughty as he runs the system through its paces. As Diffie turns away, someone asks the technician if he recognized that bearded fellow.
"Who?" the technician asks.
"That's Whitfield Diffie. He invented public key cryptography."
The technician's eyes widen to the size of video monitors. For a second he is paralyzed. Then he bolts forward. "Dr. Dif-fffffie...," he shouts, "Dr. Dif-fffeeeeee..." When he catches up, his attempt to describe his awe comes out in a jumble. For a moment it looks like he might outstretch his arms and execute knee-bend bows, à la Wayne and Garth: "I'm not worthy!" It was in 1976 that Diffie and Stanford University electrical engineering professor Martin Hellman blew open the cryptographic world by announcing a new way to protect secrets: the public key. It was a profound discovery; historian David Kahn (still in tow as Diffie leaves the booth) called it "the most revolutionary new concept in the field since the Renaissance." A pursuit formerly limited to the domain of spies, diplomats, and the military now had the potential to enhance the privacy of the masses. Public key has the potential to change the way we work, even the way we live.
Prophet of Privacy (Page 2) Compared to ordinary encryption, public key is a type of magic. By splitting the scrambling-and-descrambling "key" into two components, a widely distributed public key and a closely held private key, it enables users to communicate in complete secrecy with people they've never met. And when that person replies, only the user will be able to read that message. Even more remarkable, it makes possible a "digital signature," assuring that an electronic message was generated by the person who claims responsibility for it. Together, these features allow us to create new forms of digital commerce with an unprecedented level of privacy. These possibilities also present a challenge to government, particularly to the NSA, which is accustomed to controlling the nation's cryptosystems. As cryptography slips into the mainstream, the agency is faced with a dramatic reassessment of its mission. And looking over the agency's shoulder is Whit Diffie, who has emerged as a passionate and public critic of government cryptographic policy. His eloquence alone would make him a formidable figure in the debate over whether the feds should limit the spread of crypto, but his credentials make him a figure truly to be reckoned with. "I would say he is the elder statesman of cryptography," says Jim Bidzos, president of RSA Data Security. "Few people have the kind of insights he does." Yet at one time, it looked like Diffie might slip into obscurity as an eccentric hacker who never made much of his genius for math and his laser-focus mind. As his wife tells it, on the very eve of the historic discovery of public key crypto, Diffie was virtually despondent. "He was telling me that he should do something else," recalls Mary Fischer, "that he was a broken-down researcher." This was 1975. Diffie was 31, with only a bachelor's degree, and he had reached a point in life where, he says, "I was worried that I wasn't particularly remarkable as a programmer and that my lot in life would get progressively worse if things continued going as they were." All his life Diffie had jigged in perfect cadence to an internal tune, heeding little of convention. Had the music led him to a dead end? Whit Diffie, it seems, had always been different. Born in 1944, he was the sole offspring of Bailey Wallace Diffie and Justine Louise Whitfield. They had met as foreign service workers in Madrid in the 1920s and married in Paris in 1928. Diffie senior became a City College of New York history professor specializing in Iberia and its colonies, and Whit grew up in Queens, in perhaps the only atheist Camelite household in a mostly Jewish neighborhood. "One of Whit's oldest friends told me he had an alternative lifestyle at age 5," says Mary Fischer. Diffie didn't learn to read until he was 10 years old. There was no question of disability; it was obvious he was a bright, curious child. He simply didn't read, and no one considered it a horrible problem. During the fifth grade he spontaneously worked his way through a tome called The Space Cat and immediately progressed to one of the Wizard of Oz books. Later that year, his teacher at PS 78 - "Her name was Mary E. Collins and if she is still alive I would like to find her," says Diffie - spent an afternoon on the subject of ciphers, and Diffie was so taken he had his father check out all the cryptography books in the City College library. But his code mania soon faded, and he pursued other interests - castles, camouflage rockets, and poison gases. (As late as his junior year in high school, he considered a career in the military.) Diffie also became interested in math - "I thought of myself as a mathematician in high school," he says. At the Massachusetts Institute of Technology, he harbored contempt for computers - he thought himself too pure a mathematician to have much truck with them. This began to change after he earned his degree in 1965. The Vietnam War dampened Diffie's military enthusiasm, and he became a self-described "peacenik," with no desire to deploy the armed rockets and poison gases that had entranced him in his youth. Like many, he found a way to avoid the draft - working for a defense contractor. It was the Mitre Corporation, a Massachusetts systems engineering company that worked for the Defense Department. The job was a plum - while technically a Mitre employee, he would write LISP code at the MIT Artificial Intelligence Lab. There Diffie was exposed to the best computer hackers in the world. By the time he left Mitre in 1969, Diffie was over his contempt for computers.
Prophet of Privacy (Page 3) Ever since his freshman year at MIT, though, when he spent the summer in Berkeley, Diffie had been pining to move west. "I hung out with the red diaper set in New York, the frontier of the sexual revolution. I'd been used to having a full social life - folk singing parties and stuff like that. There were such scenes in Cambridge, but I fell in with what was easy: hanging out with these guys at MIT's East Campus - with 25 women in a class of 950, it was a Boy Scout camp. But when I went back to Berkeley, immediately I was in among what I thought of as the real people. I have always believed the thesis that one's politics and the character of one's intellectual work are inseparable." Diffie got his chance to go west when he heard that artificial intelligence pioneer John McCarthy was interested in a mathematical problem that fascinated Diffie: proof of correctness of programs. Diffie was hired to work at Stanford's Artificial Intelligence Lab, where McCarthy was a professor. But he now conjectures, "In his view, McCarthy probably hired me as the LISP system programmer." Nonetheless, Diffie's work in proof of correctness (funded, ironically, by the NSA) apparently met with McCarthy's approval. Then McCarthy, in essence, lost Diffie as a worker by urging him to consider crypto once more. Diffie's long-dormant penchant for cryptography was quickly rekindled, and he began working on crypto obsessively. There are several reasons that cryptography so entranced Diffie. He has always had a visceral interest in personal privacy. Though he prefers not to label them as such - after trying several labels to characterize his views, Diffie finally decided none applied - his politics are strongly libertarian. There was also the challenge of investigating a problem that was, in a sense, forbidden. "It was a whole secret field," he says. "Ostensibly my reason for getting interested in it was that I thought it was important to personal privacy. It seems to me now that I was also fascinated with investigating this business that people wouldn't tell you about. But it was unlike a lot of other secret things where it was very, very hard to get at real evidence because somebody else had control of the information and you had to try to get informants or something like that. With cryptography, there was a certain amount of solid information one could figure out merely by doing mathematics." Finally, there was Diffie's personal quest - his belief that solving the problems of crypto would provide some meaning to things. "I think somewhere deep in my mind is the notion that if I could just learn the right thing I would be saved," Diffie says, laughing at his own struggles. "So I've been looking all my life for some great mystery. And this is the most successful one I've investigated. I mean, I certainly feel the lure of things that are in some way mysterious. I felt that if I could just get to the bottom of this it would somehow be incredibly satisfying." Diffie poured over David Kahn's 1,164-page 1967 opus, The Codebreakers. "It must have taken me a year to read it," he says. "I read it more carefully probably than anyone had ever read it. It's like the Veda - in India if a man loses his cow, he looks for it in the Veda. In any event, by the spring of 1973, I was doing nothing but cryptography." Diffie took a leave from the AI lab and embarked on an epic sojourn to discover cryptographic truths. It was a lonely quest. True, NSA headquarters at Fort Meade, Maryland, was teeming with people working on these problems, but all the results were classified. Precious little information about the subject existed in the public domain. If someone did publish something, or try to patent a cryptographic innovation, the agency might attempt to classify that information. "My attitude was to keep my head down at first," says Diffie. For two years, Diffie crisscrossed the country in a Datsun 510. He hit every library that might have some information and attempted to talk to anyone whose ideas might inform his own. Some people refused to talk to him. But the journey helped in establishing the key problems Diffie needed to tackle in cryptography. (Besides, the trip wasn't all cryptography: he managed to take in several Skylab launches and, most significantly, to hook up with Fischer, who became his traveling companion.) When Diffie and Fischer finally returned to the West Coast in the fall of 1974, Diffie heard about a Stanford prof named Martin Hellman who was also interested in crypto. Diffie gave him a call; Hellman agreed to a half-hour meeting.
Prophet of Privacy (Page 4) "There was an immediate meeting of the minds," Hellman recalls. "I'd been working in a vacuum and getting disappointed and wondering whether it was really worth it. So meeting Whit was just fantastic. He had some ideas I'd already had and vice versa, and we each had some ideas that were different, and it was just an interplay." The half-hour meeting lasted the rest of the afternoon, moved to Hellman's house, and didn't break up until late at night. Hellman and Diffie agreed that Hellman would hire Diffie as a research programmer, and Diffie would eventually enroll as a Stanford graduate student - but in truth they were collaborators. (Diffie, who describes himself as incapable of working on anything that doesn't interest him, never took his formal graduate studies seriously and eventually dropped out of the program. It was not until 1992 that he received a doctorate from the Swiss Federal Institute of Technology for his public key work.) At that point Diffie was thinking mainly about two problems that plagued cryptography. One was encryption, the practice of using codes to protect information over insecure channels. How could one get around the problem of key management, which required passing a secret key from one party to another? The second problem was that of authentication - was it possible to concoct a method whereby a recipient of a message could know without question that it came from a certain person, in the same way a written signature indelibly identifies a document? Pondering some ideas that came from techniques in military "identification friend or foe" systems, and combining them with an innovative scheme of protecting computer passwords using a mathematical technique called one-way functions, Diffie came up with a method to solve the authentication problem - a true digital signature. Two weeks later, he realized that by cracking that puzzle, he had also uncovered a way to solve the encryption problem - an amazing solution that used not one but two cryptographic keys. He clearly remembers that day in May 1975. He and Fischer were living in John McCarthy's house, with the understanding that Diffie would act as a househusband, taking care of McCarthy's daughter and watching the house, while McCarthy was on leave. His routine at the time was to fix Mary breakfast before she went to work at her job analyzing geologic findings at British Petroleum. Then he would spend the rest of the day alternating between domestic chores and research. Sometime during that afternoon he altered the course of cryptographic history by "splitting the key." "The thing I remember distinctly is that I was sitting in the living room when I thought of it the first time and then I went downstairs to get a Coke and I almost lost it," he says. "I mean, there was this moment when - I was thinking about something. What was it? And then I got it back and didn't forget it." That night, he went over to Hellman's and told his collaborator about the idea. Hellman recalls during the brief conversation that he first thought Diffie's heretical idea "was a little bit crazy." But as he thought about it later that night, he began to get excited. Maybe it could work. "I started to think of some analogies," he says. "It still wasn't like 'This is it,' because it wasn't at all clear that you could do it. We now had to figure out how to do it." Over the next few months they did just that, working together to mathematically flesh out the conceptual skeleton that Diffie had envisioned. By the time they were ready to publish, both were aware of the significance of what they had. The first line of their paper, which eventually appeared in IEEE Transactions on Information Theory , in November 1976, said it all:
"We stand today on the brink of a revolution in cryptography."
Now that the aforementioned revolution is well under way, no prospective cryptographer will ever experience the isolation in which Whit Diffie worked in the early 1970s. The Diffie-Hellman breakthrough was a contributing factor to the establishment of an independent nonmilitary movement in cryptography. At 50, Diffie is an elder figure in this community. His advice and comments are eagerly sought from all quarters. He has been a key participant in the work of the Digital Privacy and Security Working Group, an aggregation of more than 50 computer, communications, and public interest groups looking at the problems of privacy in the computer age. He is held in high esteem at meetings of the crypto-rebel Cypherpunks.
Prophet of Privacy (Page 5) Diffie has managed all this while largely skirting jobs with either of the two most common employers of cryptographers - the government and academia. In 1978 he took a job as manager of secure systems research for Northern Telecom, the Canadian equivalent of Western Electric, working in its laboratory in Mountain View, California. One of the best pieces of work he did there was designing a secure phone system; it never saw commercial use, but part of its design became the heart of an innovative product called PDSO, or packet data security overlay, used to provide end-to-end security between hosts on packet data networks. In 1991, Diffie moved to Sun Microsystems, where he became a sort of internal consultant, a companywide resource on security issues. And, of course, a crypto researcher.
"You know, I never know exactly what I do," Diffie says of the latter work. "I mean, every now and then, of course, I produce something, so I can say, 'I did that,' but most of the time I can't remember anything except sort of looking off into space.
"I've been thinking about the problem of evaluating systems," he says, referring to the challenging problem of probing a cryptosystem to see if it has a "trapdoor" built in by its creators. "Who needs to trust systems? It's customers, and sort of by definition, they don't design the systems. It may be an insoluble problem - how in the hell can you ever trust any system independent of trusting the designers? I'm not convinced you can in principle find the flaws in things that way. Hiding a trapdoor in a cryptosystem is a much more difficult mathematical problem than just designing a cryptosystem, but it's not obvious to me that you can't create a trapdoor that is in principle unfindable." In the past year, with Sun's blessing, Diffie has focused on the public-policy issues of crypto. "I've been making a living off of politics," he says, half-jokingly. But to those who advocate limiting strong crypto to preserve the wiretapping capabilities of law enforcement and intelligence agencies, Diffie's new job description isn't very funny. He has emerged as an authoritative opponent of these schemes, particularly the Clipper Chip. "The key escrow proposal is dreadful," he says, "because the big thing we've gotten away from in contemporary cryptographic technology is the vulnerability that grows out of having to maintain secret keys for longer than you actually need them. Prior to Aldrich Ames, two of the most damaging spy scandals of the last 20 years in the US - Boyce and Lee at TRW and the Walker ring in the Navy -- resulted from the fact that keys existed for longer than they needed to exist, and somebody got a chance to siphon some of them off. If you use public key correctly, particularly in interactive channels like telephones, you can avoid having this hazard. The keys exist only in the equipment, only for the duration of the call, and after that they go away. And so key escrow is just rescuing a dreadful vulnerability." (For more on public key encryption, see "Cypher Wars," page 129). The Clipper Chip is even less attractive, says Diffie, when one considers who's pushing it. "We're moving our society into a telecommunications environment. I think security mechanisms are fundamental social mechanisms, and what is needed is widespread trust in them - but there's no trusting secret mechanisms designed by an organization most of whose budget goes to spying." One would think that this sort of talk would place Diffie's picture at the top of an NSA enemy list. But relations between the agency and its most eloquent opponent are cordial. Clinton Brooks, an important architect of the NSA's key escrow scheme, has worked with Diffie on the Association of Computing Machinery's panel on crypto policy. "We came to this from quite different perspectives," says Brooks, with some understatement. "During this experience, my esteem and regard for Whit considerably increased. I found him open, considerate, and eager to listen to others' points of view."
Prophet of Privacy (Page 6) The respect is mutual. Even Diffie has tempered his opinion of the organization. "I started out being very antagonistic to them, but after a decade of studying their technology and history, I came to like and respect them much more. I believe I recognize and have for a long time been sympathetic to NSA's goals. I think from a purely nationalistic point of view those goals are certainly understandable. That does not mean that there are not other objectives that seem even more important. Personal privacy certainly seems to me as important as ever, maybe more so. I'm firmly convinced that human freedom can't stand in the long run against improving communications technology, that that will utterly destroy the independence of people." As it stands, he says, "right now people lack freedom in a way that they had it a century or two ago." How is this? Diffie explains that in the days of the Founding Fathers, there was no technological surveillance - when two people had a conversation, they communicated with confidence that no one was secretly recording their words. But with every advance in communications technology - telegraph, telephone, fax machine, computer networking, ATM machine, e-mail - more and more information that was once transmitted securely became drawn into these relatively insecure channels. And future advances will continue this trend. Thus, Diffie argues, even if the government permits us the use of strong crypto, law enforcement and intelligence agencies will thrive on a continual bonanza of new technologies that will expose our secrets. The least we can have is some crypto to protect ourselves. "Basically," Diffie says, "one of the things that frightens me about this Clipper sort of thing is that if it's accepted, society can have far more influence over people by governing what technology is available to them than it can by making laws about what they do and punishing them if they don't obey the laws." Earlier this spring, Diffie had the opportunity to explain some of these ideas to the Senate Judiciary Subcommittee on Technology and the Law, chaired by Senator Patrick Leahy, D-Vermont, who shares Diffie's skepticism about the Clipper Chip. It was interesting testimony. People from both sides of the issue had spoken on the matter, but their arguments were rather pro forma. This changed when Diffie, dressed in a bespoke blue suit from Sam of Nathan Road in Kowloon, with his hair flowing down his back, leaned into the microphone and began talking about the deeper implications of the government's policy. It was as if a creature from a smarter species had somehow been introduced into the Kabuki of congressional protocol. He walked the committee through the privacy problem from the 1790s to the present day and beyond and laid out the Clipper controversy in dazzling context. Crypto, he argued, will not upset the balance of power by giving the individual a huge edge over the government - instead we should see it as one of the few resources available to the individual who wants some privacy. "It has been thoughtlessly said ... that cryptography brings the unprecedented promise of absolute privacy," testified Diffie. "In fact, it only goes a short way to make up for the loss of an assurance of privacy that can never be regained." In the flurry of concepts, however, few appreciated the resonance of Diffie's opening sentences. They summed up Whitfield Diffie's progress since he began his quest more than two decades ago. "I first began thinking about cryptography in 1972," he testified. "My feeling was that cryptography was vitally important for personal privacy, and my goal was to make it better known. I am pleased to say that if I have succeeded in nothing else, I have achieved that goal."