Software developer, racing fan
608 stories
·
21 followers

The Professor vs. the NSA

2 Comments and 3 Shares

Today, Martin Hellman stands before a crowd of hundreds, narrating the history of his research in public key encryption. It’s foundational: internet security is built on mathematics, and Hellman (along with collaborator Whitfield Diffie) helped to fashion that math. Throughout the talk, you can see their adorable bromance: Diffie heckles from the front row, and Hellman banters right back.

Back in the 1970s, Hellman and Diffie couldn’t have known that their work would lead to this stage. In fact, there was a likelier destination.

Federal prison.

Image (1)

“It’s July 1977,” Hellman tells the audience. “Whit and I are involved in a major fight with NSA over the data encryption standard.”

American law banned the unlicensed export of weapons. Makes sense: the government doesn’t want civilians wandering into Moscow with a trenchcoat full of fighter jet parts. The question is: Does this law apply to abstract mathematical ideas? By developing new approaches to cryptography, are Hellman, Diffie, and their collaborators de facto arms traffickers? If so, Hellman says, “then by publishing our papers in international journals, we are in some sense exporting plans for implements of war.”

“I think the penalty,” Hellman recalls, “was something like five years in jail.”

Image (2)

As a Stanford professor, Hellman sought the advice of the university’s general counsel, John Schwartz. Schwartz told him that, in his view, prosecuting a computer scientist for cryptography research was unconstitutional—a violation of the first amendment. But he also warned that only a court of law could settle the matter.

His next words remain burned in Hellman’s memory.

“If you’re prosecuted,” Schwartz said, “we will defend you. If you’re convicted, we will appeal. But I have to warn you… if all appeals are exhausted, we can’t go to jail for you.”

It’s a line straight out of a Hollywood thriller, which cannot be said of most conversations in the faculty lounge.

That October, Hellman planned to present two cryptography papers, co-written with students, at a conference. He intended to shine a spotlight on the students by having them give the talks.

Schwartz advised against it. “From a practical point of view,” Hellman says, “I was a tenured professor, and the students were just starting out.” That left them more vulnerable. “A multi-year court case could totally ruin a new PhD.”

The students courageously insisted on taking the risk—until their parents intervened. Hard to blame them: an academic career unfolds slowly enough, even without taking a five-year federal-prison hiatus.

“We came up with a very good system,” says Hellman. “When it was time for the papers, both of us went up… I explained to the audience, who already knew what was going on, that on the advice of Stanford’s general counsel, I would be giving the paper instead of the students. But from every perspective except legally, I wanted them to consider the words I was saying as if they were coming from the student.”

“And so,” Hellman explains, “the students stood there, not saying anything.” This bizarre visual amount to the best sales pitch a PhD could hope for: you as the ventriloquist, and a star professor as your cheerful dummy.

Image (4)

The conflict simmered until 1978. Then, out of the blue, Hellman received a call from the office of NSA director Admiral Bobby Inman to schedule a meeting.

“Whit and I had been fighting this out with the NSA in the press, and never actually talking to them,” remembers Hellman. “It’s a bad way to have a disagreement, and so I jumped at the opportunity.”

Weeks later, he found himself face to face with his adversary. Inman leaned over and said wryly, “Nice to see that you don’t have horns.”

Hellman looked back and said, “Same here.”

Image (5)

That broke the tension. Hellman soon learned that Inman had scheduled the meeting against the advice of all his senior colleagues at the NSA. But he, like Hellman, saw no harm in talking things out. “Out of that very cautious initial meeting grew, eventually, a friendship,” says Hellman. “That’s something we should keep in mind today, and not just in the cryptographic community.”

Hellman began his talk by joking that Diffie was his “partner in crime.” It was an offhand bit of humor; for the moment, he was not reflecting on how close they came to making that phrase literal.

 

Advertisements











Read the whole story
jepler
7 days ago
reply
I was totally unaware of this history.
Earth, Sol system, Western spiral arm
vitormazzi
5 days ago
reply
Brasil
Share this story
Delete
1 public comment
hannahdraper
7 days ago
reply
"“If you’re prosecuted,” Schwartz said, “we will defend you. If you’re convicted, we will appeal. But I have to warn you… if all appeals are exhausted, we can’t go to jail for you.”

It’s a line straight out of a Hollywood thriller, which cannot be said of most conversations in the faculty lounge."
Washington, DC

Oct 6th, 2017: The Fragile Giant

3 Comments and 4 Shares
Of course he isn’t real. I take that back, he is real just not a real live Elephant.
Artist Jonty Hurwitz made him by multiphoton lithography… think 3-D printing technique.
Called The Fragile Giant and measuring only 0.157 mm (0.0062 in) tall.



Isn’t he cute? He’s also the smallest man-made object ever filmed.
He was filmed image by image with a scanning electron microscope.



The link says it was created to raise awareness about the plight of elephants threatened by ivory poaching and trafficking.
OK, that’s definitely a worthy cause I support. But I see statements like that so often. It seems to be SOP for any artsy project
to associate itself, attach itself, by claiming a worthy cause as the motivation.

Maybe I’m too cynical, but it seems an insurance policy, so if anyone says something derogatory about the piece/performance,
they can be attacked for being anti good cause. :confused: Anyway cute Elephant

Link
Read the whole story
samuel
6 days ago
reply
0.0062” is just the tiniest bit taller than the thickness of a regular stock piece of paper (0.004”)
The Haight in San Francisco
vitormazzi
6 days ago
reply
Brasil
Share this story
Delete
2 public comments
skittone
3 days ago
reply
Wow.
satadru
4 days ago
reply
Is 2-photon lithography a thing now? 2-photon techniques are amazing. I wonder how long this took to print.
New York, NY

Changes in Password Best Practices

2 Comments and 22 Shares

NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:

  1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases.

  2. Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise.

  3. Let people use password managers. This is how we deal with all the passwords we need.

These password rules were failed attempts to fix the user. Better we fix the security systems.

Read the whole story
gabrielgeraldo
22 hours ago
reply
São Paulo
vitormazzi
9 days ago
reply
Brasil
popular
9 days ago
reply
Share this story
Delete
2 public comments
CallMeWilliam
9 days ago
reply
A meeting recently:
Developer Team: Our passwords require special characters, and max out at 30 characters.
Me: Why on EARTH did you do any of that? Why do you have a max?
Devs: Because ... it's hard to remember something long? How long do you want it to be?
Me: ... Get rid of the max. Get rid of the special characters.
CIO: Wait. Why do we have passwords at all? Can we link to google/linkedin/facebook and make it their problem? We are not in the security business.
Devs: Yes!
acdha
9 days ago
reply
I’ve been happy watching such sensible guidelines make it through the review process
Washington, DC

Saturday Morning Breakfast Cereal - Degradation

4 Shares


Click here to go see the bonus panel!

Hovertext:
Socrates would consume hemlock, sure, but what about Arby's?

New comic!
Today's News:

Just ten days until our BOOK TOUR OF DOOM kicks off in Seattle. All of these events have limited seating, so make sure to snag a ticket before we sell out!

Read the whole story
vitormazzi
10 days ago
reply
Brasil
Share this story
Delete

Save Your Work

1 Comment and 5 Shares
Here's a useful habit I've picked up as a software engineer. Every time you do something difficult, create a reproducible artifact that can be used to do it more easily next time, and shared with others.

Some examples of this:

  • You spent all afternoon debugging a thorny issue. Write down the monitoring you checked and the steps you took to reach the conclusion you did. Put these details in the issue tracker, before moving on to actually fix it.
  • You figured out what commands to run to get the binary to work properly. Turn the commands into a short script and check it into source control.
  • You spent a day reading the code and figuring out how it works. Write yourself some notes and documentation as you go. At the end, take half an hour to clean it up and send it to your boss or teammates who might find it helpful. Maybe even put up a documentation website if that seems appropriate.

This makes it easier to pick up where you left off for next time (for you or someone else), and makes it easier to prove that the work you're doing is difficult and has value.
Read the whole story
luizirber
16 days ago
reply
Great tips!
Davis, CA
vitormazzi
16 days ago
reply
Brasil
Share this story
Delete

Saturday Morning Breakfast Cereal - Unfinished Business

6 Shares


Click here to go see the bonus panel!

Hovertext:
Let's promote him without altering his pay.

New comic!
Today's News:
Read the whole story
vitormazzi
16 days ago
reply
Brasil
Share this story
Delete
Next Page of Stories