RSA CONFERENCE 2020 — San Francisco — In a typically wide-ranging conversation, the Cryptographers' Panel at the RSA Conference here Tuesday showed how cryptography is wending its way into more and more parts of society. The discussion spanned election security, blockchain use cases, SIM swapping, the right to be forgotten, encryption backdoors, "quantum-proofing," new revelations about the CIA's secret ownership of Crypto AG, and more.
This year Adi Shamir -- Borman professor of computer science at the Weizmann Institute in Israel and the "S" in "RSA" -- returned to the panel after missing last year because of a widely reported visa issue. The panel, led by RSA CTO Zulfikar Ramzan, included a trio of crypto panel regulars: Ron Rivest, MIT professor and the "R" in RSA; cryptographer and security expert Whitfield Diffie; and Tal Rabin, head of research for the Algorand Foundation. Princeton University associate professor Arvind Narayanan also joined the conversation.
Diffie shared nuanced insights relating to the joint report released two weeks ago by the Washington Post and German public broadcaster ZDF. According to a Dark Reading article, "Crypto AG, a Switzerland-based communications encryption firm, was secretly owned by the CIA [US Central Intelligence Agency] in a classified partnership with West German intelligence. For years, it sold rigged devices to foreign governments with the intent of spying on messages its users believed to be encrypted."
Diffie says he's "enthusiastic" about intelligence gathering -- that it actually increases global stability when nations know more about each other. Nevertheless, the CIA's successes and excesses with Crypto AG have new lessons for the cryptography community.
"I think the first thing we learned is it's easy to get the illusion working in academic cryptography that there's some playing fair. And intelligence is not about playing fair -- it's about succeeding," said Diffie. "And there's no reason [for an intelligence agency] to be sitting waiting for [another nation or adversary] to make up cryptographic algorithms that maybe you can break and maybe you can't if instead you could push one [algorithm] on them that you can. And that is what this did with amazing success for 20, 30, 40 years."
However, Diffie says, if cryptographic algorithms were all made public -- as many cryptographers have long preached -- then customers would not have to rely on an encryption company's word that the communications are indeed secure. The sort of espionage carried out by Crypto AG would not have occurred if the algorithms were public, Diffie says.
Also, cryptography is hard, he says. And it isn't something that everyone should go do themselves. Nevertheless, if more nations had endeavored to create their own algorithms, the code-breakers and eavesdroppers at intelligence agencies would face a far greater challenge. Instead, many countries rely on the same technology, which might be compromised right out of the box.
"So these lessons are very relevant today," he said, "where we're accusing Kaspersky in Russia or Huawei in China of building compromises into their equipment or haven't been buying them for that reason. And I think perhaps we should be and perhaps they should.
Right to Be Forgotten
The panelists discussed the operational and societal challenges of protecting European citizens' privacy under the European Union's "right to be forgotten" regulations, as well as its limitations.
"The 'right to be forgotten' can't be anything other than something that keeps the little people in line," said Diffie. "But it's not a right to be forgotten by the secret police. It's not going to be effective for anybody who can keep their own records. It just affects small researchers, nosy busybodies, and employers."
Narayanan countered that while that may indeed be the case, these uses alone can be powerful. For example, Narayanan cited how a common cause of recidivism is that people with a criminal history have a difficult time getting a job after they've served their sentences because the first search result about them may be about their incarceration.
For those individuals, the right to "delist" that information -- not necessarily to "forget" it -- could make a big difference.
"I think that in the context of the right to be forgotten we can discuss about it in various ways," said Rabin. "But I think we do need technologies to eliminate data from the Internet. Of course there are things that we as a society, not just as an individual, want removed."
Rabin cited the example of child pornography and the need to protect children who appeared in these published videos.
Just because we cannot not satisfy the right to be forgotten, or maybe because we think something should not be forgotten, does not mean we shouldn't "work on these types of technology that enable deletion of information," she said.
Shamir, however, noted a challenge with this. "Clearly, global trade is all about making the past immutable," he said. "So any legislation that will require that people will be able to undo past actions is going to lead to the idea of the blockchain -- where after some amount of blocks have been accumulated there is no way to patch the past."
Election Security & Blockchains
Shamir said he has "major reservations" about blockchain. "Not because it doesn't work, but because in most cases it is overhyped, and there are much simpler ways to achieve the same goal," he said.
Blockchain proponents continue to hunt for the killer app or breakthrough use case that will move the technology mainstream. Some have proposed that the next promising frontier for blockchain is at the voting booth.
But Rivest disagreed. "Blockchain is the wrong security technology for voting," he said.
"Many things we do in society -- like flying an airplane -- you need high tech," said Rivest. "Voting is a place where you don't really need high tech to make it work. You can get by just fine with paper ballots." Rivest described and recommended election practices that use a voter-verified paper trail with regular audits of those paper records to validate the tabulations of voting machine software.
The risk of running elections without the verified paper trail is that to trust the results, you must trust the software. "That's a dangerous path to go down if you don't need to. And with voting we don't need to," he says. "Blockchains provide us certain things -- 'garbage in, garbage stored forever,'" but if an adversary does change or manipulate a vote, "it goes on the blockchain and never gets changed again. So blockchain is just a mismatch for voting."
Looking forward, Rivest said wryly that while preparing or "future-proofing" for quantum-powered attacks on encryption is good, "I hope that the people who are building quantum computers, uh, fail."
Rabin said that the future for the crypto profession is bright. The power and beauty of the field, she says, is partly in the fact that there are innovations and technologies that "maybe today we don't even know 100% what to do with them, but maybe in 20, 40 years we will. ... I see a future for everybody here for a long time."
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Wendy Nather on How to Make Security 'Democratization' a Reality."