Editors' Rating
Published: 12 Jul 2007
A lot has happened in the wiretapping business since 1998, when the first edition of this book appeared. Since then, the UK has seen squabbles over the rights and wrongs of data retention, while in the US AT&T is being multiply sued over allegedly colluding with the National Security Agency in spying illegally on US citizens. The book’s publication date (end of May) nearly coincides with the deadline (14 May) by which US cable, broadband and internet phone operators were required to join traditional phone companies in implementing a back door to enable wiretapping under the Communications Assistance for Law Enforcement Act (CALEA). Control communications, and you control society.
Even more significantly, the battle fought throughout the early and mid 1990s over the question of whether strong encryption should continue to be restricted as a military weapon came to an end. Partly, that was due to the fact that technology such as PGP — software designed to encrypt personal email — had escaped onto the internet for public download. Partly, it was due to widespread acceptance that the peacetime need for strong cryptography in applications such as electronic commerce was too great to continue to block its export, or continue squabbling over facilitating government access via key escrow.
The second edition recounts the history of these changes in detail. Obviously, most of this history is American. But for British readers it's still important, because UK policy on these security matters has largely followed the US's lead. The debates over the provisions of the UK's 2000 Regulation of Investigatory Powers Act (RIPA) therefore make their appearance, although when the book went to press the details of the rules hadn't yet been published — that took until last week.
Whitfield Diffie is, of course, the Diffie in the Diffie-Hellman key exchange, the research insight that established public key cryptography — you use the results of that research every time you connect securely to a Web site to commit an act of ecommerce. Susan Landau is a leading researcher specialising in privacy and security topics, and may be best known recently for work she did exposing the serious consequences for internet design of requiring that VoIP services comply with CALEA. Both work at Sun Microsystems, and both are concerned with balancing legitimate government interests in security with the checks necessary to ensure government powers are not abused.
In today's world, that often means giving users the technology they need to protect themselves. This new edition of Privacy on the Line therefore also talks about anonymising technology such as TOR (for 'the onion router'). Yet it seems that in general promulgating cryptographic products is a hard road to follow. The US government failed with the Clipper Chip in the mid 1990s. Many companies have tried and failed to gain acceptance for electronic cash. Other companies have tried and failed to make a commercial success of privacy protection products. It is ironic, Landau and Diffie note, that the only really successful encryption-based security products are SSL, the Secure Sockets Layer that protects credit card information in transit; the cryptographic software that protects GSM conversations; and digital rights management systems.
But of course the biggest change since the first edition is the 9/11 attacks and the advent of the War on Terror, which seem to justify almost any amount of government snooping. Landau and Diffie examine what research exists and take a different tack: since we may not be able to prevent all attacks, perhaps we should focus instead on building systems that can recover from them.
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
