Web Encrypters 1, Big Brother 0


How the Code Rebels Beat the Government--

Saving Privacy in the Digital Age

By Steven Levy

Viking 356pp $25.95

Whitfield Diffie is not like other guys. With his shock of long, white hair, piercing eyes, and flowing beard, he looks more like a guitarist for the Allman Brothers Band than the father of Internet-computer security. Often nattily dressed in dark suits, he is a study in contrasts. And he doesn't gladly suffer fools. I recall an interview with him three years ago, when I was new to security technology and clearly boring Diffie with my sophomoric questions. "Isn't there something else you can ask me?" he sighed.

That Diffie cooperated completely with Newsweek columnist Steven Levy, author of Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age, speaks volumes about Levy's mastery of the arcane world of computer security and cryptography. It also says something about Levy's personality: He adores the offbeat world of crypto and its cast of quirky characters, a distrustful lot who have turned paranoia into a science.

But what exactly is Diffie's achievement, you ask? Every time you use a Web browser to make an online purchase, your credit-card number is protected by data-scrambling technology based on early research by Diffie and Stanford University professor Martin Hellman. For such contributions to be realized, though, Diffie and the other "code rebels" in Levy's account had to overcome a major obstacle: Big Brother. The National Security Agency, the lesser-known sibling of the CIA, for decades had a virtual monopoly on all cryptographic research. It was none too pleased that scientists and high-tech researchers were allowing cryptography to get into public hands. What about national security? The NSA, terrified that it would be unable to snoop on the communications of both upright citizens and outlaws, for three decades fought the cryptographic community, employing threats, counterthreats, and, ultimately, punitive laws that could have sent researchers to jail for just talking about their new science.

Levy, who also wrote Hackers: Heroes of the Computer Revolution and Insanely Great: The Life & Times of Macintosh, the Computer that Changed Everything, guides us through 30 years of individual innovation and U.S. government interference. His lively and detailed narrative begins with Diffie's quixotic search for new ways to protect data and ends with the government's admission that Diffie and his ilk had, turn by turn, let the cryptographic genie out of the bottle.

The author tells us that cryptography has been around since the days of ancient Greece. Its use broadened in the 1700s, although until very recent times, it remained largely a concern of diplomats, generals, and spies, hidden from the public. That changed when Diffie, a young Massachusetts Institute of Technology student who collected exotic animals, including a python, started asking questions in the 1960s. With a computer-dependent world just barely on the horizon, Diffie worried that the average citizen's privacy would soon be threatened. How to protect it?

Armed with a lot more knowledge about computers than about the secretive mathematics behind cryptography, Diffie began a cross-country odyssey that eventually led him to Hellman. They realized they were trying to solve the same problem: How do you create a cryptographic system that can be used by people who don't know each other? It's a very difficult problem, and one most thought could never be solved.

Other cryptographers whose efforts are described by Levy include MIT professor Ron Rivest and his partners, who made key refinements, and Phil Zimmerman, a social activist who risked indictment when he sent copies of his cryptography program all over the world. There's also Jim Bidzos, the flamboyant chief executive of a tiny Silicon Valley company called RSA Data Security Inc., which sold encryption technology to such industry giants as Microsoft (MSFT), Lotus, and, perhaps most significantly, Netscape Communications (AOL).

Levy doesn't try to hide his feelings about the government's heavy hand. The NSA, often portrayed as a crowd of faceless bureaucrats hiding behind the "triple fence" of the agency's sprawling Maryland headquarters, comes across as monstrous. Time and again, we watch its functionaries crawl out of some computer-lined cave to thwart the efforts of these technical visionaries. They attempt to intimidate researchers so that key findings won't be presented at important conferences. They work to quash RSA's first big licensing deal, with Lotus.

If Levy has a fault, it is overfamiliarity with his subject. While he does a yeoman's job of explaining the math behind cryptography, his obsession with minutiae occasionally leads him into territory that the average reader may find daunting. He introduces terms like Diffie-Hellman (the math algorithm that turned the field of cryptography on its head) as though it is as familiar to us as Simon and Garfunkle. As a result, Crypto is not for everyone. But it will play in the high-tech world. Indeed, anyone with a passing interest in Internet privacy will find it fascinating. While no one would ever cast the real-life Diffie in a remake of Mr. Smith Goes to Washington, Levy's tale demonstrates that the little guy can beat City Hall. He just has to be smart, defiant enough to fight--and odd enough to believe that he can win.

Before it's here, it's on the Bloomberg Terminal.