Until the twentieth century, cryptography—the scrambling of messages to make them obscure to everybody except an intended recipient—was a relatively straightforward business, based on principles used since antiquity. The exiled Jewish scribes who wrote the Book of Jeremiah, for example, sometimes obscured the word "Babylon" by using what is now known as the Atbash cipher, in which letters at opposite ends of the Hebrew alphabet were swapped. (If applied to our alphabet, the cipher would make A into Z, B into Y, and TAKE BACK JERUSALEM into GZPV YZXP QVIFHZOVN.) Julius Caesar, too, used a simple code, known today simply as the Caesar cipher, which was formed by substituting each letter of the alphabet with the one that came three places after it. (In this system, BARBARIANS COMING would become EDUEDULDQV FRPLQJ.)
Then computers came along. Ciphers like those used by Caesar and the Jewish scribes soon became almost laughably vulnerable to what are called "brute-force attacks"—that is, continuous computer trials of all possible coding combinations. This was a serious problem for modern governments, which increasingly felt the acute need for secure and private global communications, and which therefore devoted themselves to the development of advanced new cryptographic systems. (One of the main reasons computers were invented, in fact, was the effort during the Second World War to develop efficient ways to crack enemy codes.) The result of all this has been that, as the cryptographer Bruce Schneier describes it in Applied Cryptography (1995),
The United States' National Security Agency (NSA), and their counterparts in the former Soviet Union, England, France, Israel, and elsewhere have spent billions of dollars in the very serious game of securing their own communications while trying to break everyone else's. Private individuals, with far less expertise and budget, have been powerless to protect their own privacy against these governments.
As Schneier suggests, governments basically took over cryptography in the postwar era, and in the United States, where most of the innovations were taking place, all open discussion of the field was stifled—to the extent that cryptography and writing about cryptography were classified as "munitions," which made their export illegal. The government's argument was that it needed absolute secrecy and control of cryptography in order to gain and keep the upper hand against terrorists, hackers, and other criminals.
In the 1990s, however, something remarkable happened: a few dedicated and idealistic technological crusaders, troubled by the threat to privacy that government-controlled cryptography represented, managed to engineer a revolution that gave the public access to high-powered cryptography. That, in turn, enabled many of the technologies—most notably, electronic banking and commerce—that are now taken for granted as hallmarks of the New Economy.
How this revolution took place has received very little attention, but the publication of Steven Levy's new book, Crypto: When the Code Rebels Beat the Government—Saving Privacy in the Digital Age, is changing that. Levy, a senior editor and the chief technology writer for Newsweek—and the author of such celebrated books on computer culture as Insanely Great: The Life and Times of Macintosh, the Computer That Changed Everything and Hackers: Heroes of the Computer Revolution—has followed the story for years, writing about aspects of it for Newsweek, Wired, and The New York Times Magazine, among other publications. Now, in Crypto, Levy tells the full story of the cryptographic revolution, and why it matters.
|Steven Levy |
Can you speak a little bit about the way in which cryptography has already become an essential, if invisible, part of people's everyday lives?
Crypto began to become part of our lives with the advent of things like the ATM machine, which could not exist without it. In the book, I write about the Digital Encryption Standard, which is used in these machines. Crypto also secures the transfer of money between banks and financial institutions themselves. We have it in our Web browsers—it kicks in when we send personal information and credit-card numbers to e-commerce sites—and it's essential for stuff like Web gambling. And cell phones increasingly have it built in. It's used in all sorts of places now, even in the radio communications between coaches and quarterbacks in NFL games.
How would you rank the importance of the cryptographic revolution, as far as technological revolutions go?
I think it's a huge deal, but it's tough to rank, especially since it's tied in so intricately with the "other" technological revolutions. I might not go so far as Lawrence Lessig, the Stanford legal expert, who took a deep breath and wrote that it was the most important technological breakthrough in the last thousand years. Lessig admits that he might be going overboard, but insists there's a case for this. I think that the stage is set for crypto to make a huge difference to society and individuals. Without cryptography we can't hope to assure people that their personal secrets, business information, and financial transactions are secure as they move around the world electronically.
This is a revolution that's really just beginning. My book is a chronicle of how the breakthroughs were made and how the first major obstacle—government opposition—was largely overcome. Now the good stuff can begin. We're going to look to crypto to provide solutions for all sorts of problems, like how to deal with digital distribution of music and other kinds of intellectual property. I'm talking about amazing applications like digital contracts, signatures, credentials, identities, and cash. The potential is there to make significant changes in society, to bring the cyberworld to the center of our economic lives, and bring it deeper into our personal lives in a way where we aren't so exposed.
Can you give examples of the solutions you're talking about?
Essentially, crypto can provide many of the protections in the "real world" to the world of cyberspace—in enhanced form. For instance, "digital timestamping" produces documents that are fixed in time. (Forget about backdating digital checks.) Other kinds of authentication are selective and protect privacy. Crypto makes it possible to have a complete digital dossier with indisputable credentials that can authenticate you without identifying you. For instance, it's possible to verify that you are over twenty-one without revealing who you are.
The techies and math wizards are going to give us the tools, but how we decide to use them will wind up shaping how we live. For instance, will our digital money be trackable, or will we be able to spend it anonymously, as we do with cash?
Digital cash is money, just like the money in our wallets, only instead of paper it's composed of strings of bits. These are cryptographically authenticated so that they can't be copied—counterfeited—or double-spent. Right now, our spending on the Internet is largely by credit card, but it makes sense to be able to pay money to anyone and have our computers be virtual ATMs ("Dad, send me fifty bucks") which could download dollars into smart cards so that we can spend them in the real world.