Inkwell: Authors and Artists
Linda Castellani (castle) Wed 7 Feb 01 12:47
Steven Levy is a senior editor at Newsweek, anchoring its technology coverage. He is author of five books, most recently CRYPTO: HOW THE CODE REBELS BEAT THE GOVERNMENT--SAVING PRIVACY IN THE DIGITAL AGE. Other books include HACKERS, ARTIFICIAL LIFE, INSANELY GREAT and THE UNICORN'S SECRET. He lives in New York City. He has, incidentally, been a WELL user since its inception. Crypto is about privacy in the information age and about the nerds and visionaries who, nearly twenty years ago, predicted that the Internet's greatest virtue-free access to information-was also its most perilous drawback: a possible end to privacy. To provide tools that would use the ancient practice of cryptography to provide that protection to communications they had to do two things: create the biggest breakthrough in the field ever envisioned, and then fight the government to get the right to distribute the tools. Crypto tells the story of how they did it, a tale that winds from MIT's AI lab to the White House. Steven will be interviewed by Mike Godwin, who has had extensive involvement with the legal and social issues affecting cyberspace, serving as the first Staff Counsel for the Electronic Frontier Foundation, where he informed users of electronic networks about their legal rights and responsibilities, instructed criminal lawyers and law-enforcement personnel about computer civil-liberties issues, and conducted seminars about civil liberties in electronic communication for a wide range of groups. In addition to contributing to the Center for Democracy and Technology's work as Policy Fellow, Mike also currently serves as Chief Correspondent at IP Worldwide, a publication of American Lawyer Media, and as a columnist for American Lawyer magazine. Godwin's articles for print and electronic publications on topics such as electronic searches and seizures, the First Amendment & electronic publications, and the application of international law to computer communications have appeared in the Whole Earth Review, The Quill, Index on Censorship, Internet World, WIRED, HotWired, Time, Reason, and Playboy. Godwin served as co-counsel to the plaintiffs in the Supreme Court case Reno v. ACLU. EFF was also a plaintiff in that case. Godwin's first book, CYBER RIGHTS: DEFENDING FREE SPEECH IN THE DIGITAL AGE, was published by Random House/Times Books in the summer of 1998. -- Please join me in welcoming Steven and Mike to inkwell.vue!
Undo Influence (mnemonic) Wed 7 Feb 01 15:09
Steven, It's great to have you here. Folks here may be interested to know at the outset that we've known each other for about ten years (I think we met at Computers, Freedom, and Privacy) and been friends for about that long, and that we have in common both a) that we each persuaded the Freedom Forum to subsidize books for us, and b) that we're serious fans of the Macintosh. (For years before we met, I'd been a devotee of your Mac journalism, by the way -- you were always a Mac booster, but your articles were invariably fairminded, substantive, and fun to read.) We're here to talk about the book that you wrote with Freedom Forum support, CRYPTO, which has just come out. But I also hope we can talk more generally about tech journalism and your career as a journalist. I mention what we have in common in the hope that maybe your career arc will rub off on me a little -- in the 1980s you wrote the seminal book about microcomputer culture, HACKERS, which is still in print, and in the 1990s you've established yourself as one of the top tech journalists in the U.S., covering everything from the Internet porn panic to the Microsoft antitrust case, usually for NEWSWEEK but sometimes for WIRED and other publications. In fact, it was your article on public-key cryptography and crypto-activists in the very second issue of WIRED that persuaded me to subscribe to that magazine -- it struck me as the very best explanation of public-key crypto that I'd seen, and I immediately started photocopying the article and sending it around to people I thought needed a quick briefing on the issue. That article, in the May/June 1993 issue of WIRED, can be found online (minus its helpful illustrations) at <http://www.wired.com/wired/archive/1.02/crypto.rebels.html>. But despite the crypto story's being on the cover of WIRED, and despites its occasional surfacing in the newsmagazines or in the major newspapers, it seems to me that the crypto story has never been given the kind of newsplay it deserves. The mainstream media seem for the most part of have missed both the social implications of the availability of cheap, powerful encryption and the heated, ongoing public-policy debate as to whether our government should discourage, encourage, ignore, or outright ban this tool. (A recent exception: NEWSWEEK's featuring of a long excerpt from CRYPTO last month.) So, the first question I want to ask you upfront is whether you think the press has given this story adequate play so far, and, if not, why not? A second question: Could you say something to explain the federal government's panic over the fact that crypto theory suddenly became the subject of public academic inquiry in the 1970s? Or about their even more acute panic in the 1990s when it became clear anyone's home computer is potentially capable of scrambling a message so effectively that even snoops equipped with supercomputers may find it difficult or impossible to unscramble it (unless the snoop is the intended recipient)? A third question: Am I right in guessing that you're trying to steer us all (journalists and readers alike) to use the standard term "crypto" for all this stuff, in place of "encryption," "cryptography," "cryptology," "cryptanalysis," etc. -- related terms that nevertheless have different and distinct meanings? Has the NEWSWEEK style manual been appropriately updated yet?
Steven Levy (steven) Wed 7 Feb 01 16:51
Wow, that's a lot. First, thanks Mike, for the nice words and also thanks to the Well for hosting this discussion. Mike is right, we've walked down some roads together, and it will be fun taking this hike. OK, question one. In a way, I think that it's surprising that such a potentially frightening subject has gotten significant attention at all. There are all sorts of major stories that don't get, for instance, front page stories in the NY Times (and an NY Times mag cover that I wrote in 1994), zillions of stories in the trade press, congressional attention, and space in just about every major media (with TV somewhat lagging). That said, considering its importance, I think there still should be more. I've very happy to have come out with Crypto, which I think tells this vital story with the depth it deserves. But there are some aspects of it that can't be dispatched in a couple of pithy statements, and that holds us back. Can I argue that this subject is as important as another I've covered, the Microsoft trial, and thus deserves as much attention? Yeah, I can, but I know how the media works, and considering all that, Crypto is far from a candidate for the "most censored story" list. Question two is fairly easy. The government went ballistic at the advent of an independent community studying crypto -- and coming up with groundbreaking innovations in the field -- because it rocked their cold-war world. Among the unquestioned assumptions at the NSA was the belief that the nation would be best served if ANY sophisticated knowledge of crypto were kept away from public channels, where foes might see it and make use of it. By th 1990s, at the NSA at least, they figured out that it was impossible to totally snuff the stuff, and that there was a need for some form of crypto for citizens. So the idea was the keep the strong stuff out of general useage, by banning its export. The law enforcement folks werfe stuck longer in the hard-core phase, and still are, even now using Bin Laden to suggest that crypto has GONE TOO FAR, damn it. (Imagine, a terrorist using stuff sold by dozens of software companies!) As for whether I'm on a campaign to make the word "crypto" the default identifier for all that stuff, well, I haven't thought of it that way. After seeing what happened to the word Hacker after my book came out (watching the meaning change from the way I used it -- as a term of honor more or less, as the actual hackers consider it -- to something quite different), I have no illusions that I can control language. I used "crypto: as I did because it made sense and if people pick it up, great. Again, this is the way people on the ground refer to it.
Undo Influence (mnemonic) Wed 7 Feb 01 20:14
One of the great aspects of the recent Bin Laden/crypto stories, I've been thinking, is how they manage to combine crypto, terrorism, porn, and the Internet. Take stories like these, for example: <http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm> <http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen-side.htm>. I get the impression from these stories that some U.S. officials aren't taking the recent liberalization of American crypto policy lying down -- they're still sounding the alarm about the threat of powerful crypto in terrorist hands. Could you say something, Steven, about the government's past strategies for suppressing and controlling powerful crypto (through the export laws or other means), and whether you have any signs that the new administration will revisit this issue? Also, could you talk a little bit about what some readers are likely to find a surprising aspect of the crypto-policy story -- that the Clinton Administration (and Al Gore in particular) were much bigger supporters of schemes to limit or control the spread of crypto than the preceding administrations had been? (My own impression, prior to reading CRYPTO, was that there was a large degree of continuity between the Bush I and Clinton administrations on this issue -- especially in light of Bush advisor Brent Scowcroft's memo linking crypto control to the DOJ's "Digital Telephony" wiretap initiative.)
Steven Levy (steven) Thu 8 Feb 01 20:19
The government used to actually be able to control powerful crypto, because none of it existed outside its control (except maybe in foreign intelligence services that weren't eager to see it spread, either). When the cow is in the barn, it's simple to keep it in the barn. But when an independent community started making breakthroughs and publishing papers, the task became more difficult. The first initiative was to try to intimadate the academics who were publishing. When the profs showed backbone (and a decision in the justice dept, not made public, indicated that such efforts and maybe even the export laws themselves were unconstitutional), the NSA backed off. From there, the export laws were the firewall. The bin Laden thing is interesting. I've been predicting that the next big test of whether the government has really changed will come when it's clear that truly bad guys are using crypto. True to form, that day is here, though an actual massacre that could have been prevented if only the perps didn't use crypto, would have been more dramatic. As for the Clinton administration, I write in the book that actually the Clintonistas took a step that the Bushies had been avoiding -- signing off on the key escrow policy. The Bush people were certainly sympathetic with the spooks and G-men, but were wary of untried initiatives that might, one government source told me, "wind up on their suits." The Clinton people were ripe for plucking. They didn't want to alienate the hard-liners. They were intimidated by sudden responsibility. And they were manipulated by the NSA and FBI, who gave them three choices: let crypto run free (and suffer the consequences of people dead in the streets), ban crypto totally (risking riots in Silicon Valley), or take the alleged middle-road, a supposedly plug ready key escrow path that had, well, something for everybody. Cool.
Undo Influence (mnemonic) Fri 9 Feb 01 10:23
It was interesting to read in CRYPTO that the public knowledge of cypher stuff in the academic world wasn't too much deeper than what I had learned as a kid when reading about "secret writing." Everybody interested in the subject knew the basics -- substitution schemes, frequency analysis, and so forth. I think what your book captures is the extent to which some really smart math and computer guys took the whole field out of its, I dunno, moribundity and actually sort of created the public study of crypto from nearly nothing. Your book focuses on some of these key personalities -- notably Whit Diffie -- and the sequence of their progress gives your book a great narrative structure. Was it hard to get smart-but-difficult personalities like Diffie, and Jim Bidzos, and Bobby Ray Inman and Stew Baker to cooperate with you on this book, and even to let their hair down about these issues? I ask because I know a bunch of these people too, and while they're very different in most respects, there's a certain edginess they have in common. More generally, what difficulties did you run into in researching and writing the book? Some of the stuff you talk about, like the notorious "secret briefing" the NSA/DOJ cryptopponents used to give congressmen and senators and the White House staff, are still secret, so far as I know -- did you ever get hold of the contents of that briefing? And on a more general note: Could you say something about how you got into tech journalism in general, and into writing about computers and computer people in particular? One of the remarkable things about HACKERS, it seems to me, is that relatively few journalists realized before you produced that stuff that there are real and compelling stories in the computer field. Even Tracy Kidder, who did realize that there was a lot to write about when it came to computer geeks, ended up focusing on, of all things, Data General and its product developers. (HACKERS shows, among other things, that computer geekery extends far beyond the electrical-engineering crowd.)
Undo Influence (mnemonic) Fri 9 Feb 01 12:43
By the way, "cryptopponents" is a deliberate neologism and not a typo.
Declined To State (jrc) Fri 9 Feb 01 12:50
Hi Steven. Long-time fan, first time typist -- in this topic. I have a bunch of questions; I'll space them out. i was interested that one of the books I loved the most when i woas younger, the wonderful Code breakers by David Kahn, was considered subversive by the government. It also got a lot of the crypto people involved in the first place; I'm trying to think of an equivalent piece of popular writing that had that much effect on national policy. I'm wondering what you think about Carnivore, the new FBI eavesdropping program that is, in soem ways, an acknowledgment that cryto has won at least for the moment and that it's gonna try to get its info by people stoopid enough to plan their terrorist attacks in plaintext. Of course,l maybe some of their targets -- child pornographers and such -- are the clueless. So I supposed the follow-up question would be: To what extent do you think an awareness of the possibilities of crypto has entered the public consciousness?
Undo Influence (mnemonic) Fri 9 Feb 01 13:04
That's a great question, Jon -- the story of Kahn and his book THE CODEBREAKERS is a fascinating one, although it's dealt with only in passing in CRYPTO. In a fit of paranoia in 1993, I bought the pricey hardbound edition of THE CODEBREAKERS because I thought it was just barely possible that the government might, in its anti-crypto panic, outlaw it somehow.
Steven Levy (steven) Fri 9 Feb 01 14:18
I'm writing a column at the minute, so it will be a little while before I get to all these. I can correct you Mike is saying that CODEBREAKERS is actually dealt with in some detail insofar as I tell Kahn's experience while writing it and the NSA's attempts to kill it. The then director of the NSA went to Little Brown with a manuscript they'd obtained. I thought of the contrast with my own experience. When we were planning the excerpt for Newsweek, we asked if we could shoot Clint Brooks,the NSA guy who thought up the key escrow scheme. They called me back and asked if we could send them an advance copy of the book (which was just about to be published). All along I'd thought they'd probably have a copy before I wrote it!
Undo Influence (mnemonic) Fri 9 Feb 01 14:31
Didn't mean to seem to dis your account of Kahn's experience with the NSA, Steven -- I was just trying to say that the David Kahn story is a pretty big and cool story all by itself, IMHO. It's kind of amazing how much the NSA has come out from behind the veil of secrecy since the 1970s. Back then you couldn't get anyone official to acknowledge its existence -- now they actually give the public tours of Fort Meade (or so I understand).
Joe Flower (bbear) Fri 9 Feb 01 15:03
Joe Flower here, Steven - a fellow writer for Wired back in the days (I think I had an article in that same second issue). Just finished the book. Very well done. A great explanation - and you took the time and skill to tell the human stories of people on all sides of the question, which made the battles not only more interesting but much more understandable. I had never before understood the government's weird intransigence on crypto. One comment: The Bin Laden situation reminds me of the concerns about human rights in China. People say, "Omigod omigod they're doing this horrible thing!" To which the proper answer is: "And what effective counter-measure are you proposing?" How precisely would the hard-liners propose to keep strong crypto out of the hands of the Bin Ladens of the world, now that it it already in their hands?
Farooq Khan (farooq) Fri 9 Feb 01 15:19
Dear Steven, I would be extremely grateful if you could answer these questions for me. How big do you think the gulf is in terms of cyptography between the public and private sector, is there a big technological difference and if so isn't privacy an impossible thing to achieve? Is quantum cryptography a reality yet, or is it still a matter of research and development? Do you think cryptography alone is the key to making ecommerce a success, in preventing crime and the like?
Bob 'rab' Bickford (rab) Fri 9 Feb 01 15:23
Hi Steven, I was invited to help in the interview process here but Mike is doing such a great job that I have little to add. I do want to ask one thing, though. It's kinda vague..... Your book HACKERS really changed a lot in my life, and in others. One could argue that the WELL itself might not have begun with such a technologically savvy membership (if it began at all) if the folks at Whole Earth had not been inspired by your book to create the conference of the same name. And obviously the bunch of us who got together on the WELL in 1986 to create the annual version of that conference would not have done so. On a more personal note, I probably would never have heard of, let alone met, my girlfriend in 1986 or my [later] wife in 1987 if not for the WELL's existence. And, as I've remarked to you, I wouldn't have been trying for the next ten years to preserve the meaning of 'hacker'. ;-) Out in the real world, I think that book brought a lot of people together in various ways who simply would never have made any connection without some similar kind of history and manifesto. Would things like the EFF and CFP have happened if you hadn't written up the defining history of the techno-culture? I suspect something like them was going to be necessary, but..... So I wonder if you have any speculation or vision about how _CRYPTO_ might contribute to some developments like _HACKERS_ did before it? Do you have any specific hopes for connection-making here? Probably you'll say that you just wrote it because it needed to be written, but now that it is I wonder about any visions you might have for it? Oh, I was shocked to recognize aspects of my own life an interests in some of the people descriptions in CRYPTO. I was very interested in cryptography in the 1970s and very disappointed that there didn't seem to be anywhere to go with it. Little did I know, advanced math was the path to take....
Undo Influence (mnemonic) Fri 9 Feb 01 16:07
By the way, people who want to know more general stuff about Steven can and his work can find plenty at <http://mosaic.echonyc.com/~steven/index.html>, his website. This includes the fact that Steven was the journalist who uncovered the secret of who was keeping Einstein's brain, which had been removed for study after the scientist's death. (The rest of Einstein's body was cremated.) Strangely, some other guy got a book contract out of the Einstein's-brain story more than 20 years after Steven did the spadework. Go figure.
Steven Levy (steven) Fri 9 Feb 01 18:24
Waiting for my column to get edited... Wow. plenty of questions here. Let me go back to Mike's question about getting people to talk to me. It's always one of the most intriguing challenges of doing the kind of book I write, since I'm often asking people to share what (I hope) is their essence: how their personality affects the significant things they do. When you're talking to people in the crypto world, as Mike correctly suspects, there's an additional problem in that, well, secrets are kind of big in that realm. Two things I had going for me. One was time. Doing a book (and being a couple years late in finishing!) means you get to be a presence on the scene, you get to see people a lot even if they've been reluctant to speak freely to date. They get to know you a bit. They get to see you're serious. They get to thinking maybe if I talk to the guy he'll leave me alone. (that's facetious, but maybe not totally). They certainly will hear you out when you explain why you want to talk to them,and it helps when they know others are. This works with the second thing, my track record. It was a help here insofar as a lot of people were familiar with Hackers or Artificial Life. In talking to government folks, the Newsweek connection helped too, as did the story I did for the Times magazine which people considered fair to all side. Let me check with my editor now...
Linda Castellani (castle) Fri 9 Feb 01 21:14
And let me just pop in to add that if any of you who are not WELL members and are reading along on the Web would like to participate by asking your own questions or adding your own comments, please send them to firstname.lastname@example.org and we will see that they get posted for you.
Steven Levy (steven) Fri 9 Feb 01 22:03
Mike's question about how I got started in sort of explained in Insanely Great. Essentially I was a garden-variety freelance writer who wound up doing a story about computer hackers in 1981. It appeared in Rolling Stone in April 1982. I was so blown away by these people and their culture that I wanted to do much more, and soon I was spending all my time on the subject. That was the period during which I wrote Hackers. As Bob Bickford's comments illustrate, this book meant a lot to a lot of people, and I am constantly delighted at the response I still get. And it's kind of a rare experience to actually see a lot of the key subjects in one's book -- including many who never met before -- get together at an amazing event and totally mind-jam with each other. That's what happened at the first Hacker's Conference (thanks Kevin and Stewart!), which I consider the best publication party ever held for a book. Will Crypto have a similar effect? As Bob implies, it's certainly not something I think about. My goal is to tell a story I think is important. In a way, I think Crypto has a feel that's similar to Hackers, and there are some subtle notes in it that may not be apparent on a quick reading. Stuck in there are some little seeds about cryptography and its relationship to the world around us. My suspicion is that the eventual impact of Crypto won't be similar to that of Hackers but my hope is that something differnent will come about. Certainly as policy issues heat up I hope the book will be useful. But I also would like it if readers picked up on those little seeds.
Steven Levy (steven) Fri 9 Feb 01 22:11
Farooq's questions: It's really tough to get a measure of where government cryptography now stands in relation to the public community. It's clear that there are very sophisticated people and cryptosystems in the open now, but also reasonable to assume that the folks inside the Triple Fence (and a few foreign counterparts) are still ahead. Partly because of heritage, partly because of resources. Which leads me to the quantum crypto question. I have no inside knowledge of what the hell goes on in the basement of the NSA. But I do think that the first really useful quantum computer will be built there. If it isn't already cranking away. (Otherwise the horizon for quantum computers seems to be measurable in decades, not years.) And no, cryptography is not the only thing that will secure e-commerce. I sort of get into this in the last chapter of Crypto, which steers the narrative towards some vignettes that were themed, in my mind, "this ain't a panecea and crypto anarchy ain't around the corner." But I do think that it's a vital part of e-commerce, and not just in encryption but more exotic applications in authentication, non-repudiation, and other stuff that brings (and in some cases improves upon) outside protections to cyberspace.
Undo Influence (mnemonic) Sat 10 Feb 01 00:17
Here's Declan's Wired News followup on the Osama bin Laden/Internet/steganography story: <http://www.wired.com/news/politics/0,1283,41658,00.html>.
Steven Levy (steven) Sat 10 Feb 01 06:13
Declan has done good work on the Bin Laden story. One interesting aspect of this that hasn't been mentioned much is that in the embassy bombing trial, the US introduced as evidence the time. location, and parties of cell calls made by these guys. This indicates that even when conversations may be encrypted, traffic analysis is still useful. I'm not sure at all that this is the beginning of a new government push to roll back the relaxed export laws. But there still is a struggle going on behind the scenes as places like Microsoft try to deal with some remaining restrictions as they try to figure out how to get this stuff built into their systems. This requires some infrastructure, particularly in key certification, and conversations I've had with them indicate that there's some fairly knotty problems, both technically and in dealing with the government.
-N. (streak) Sat 10 Feb 01 14:37
I've still got my "This shirt classifid as a weapon by the United States government" sweatshirt. Be nice if it meant something again, though I'm not sure the side effects are worth it.
Steven Levy (steven) Sun 11 Feb 01 15:25
Yeah, and I have my "Don't Let Big Brother Have a Master Key" shirt. I want to respond to a question earlier about whether the gov't actually believes it can stop Bin Laden (and other baddies) from getting hold of crypto. Obviously, it can't, and obviously the people in our government don't think that they can wipe out crypto from the face of the earth. The fight over the past decade has been whether these tools can be built into systems. This makes it incredibly easier and more secure for the bad guys. For one thing, they can communication securely with everybody--not just the people who take pains to get software on the other end. Quite often the difficuilty of finding and using add-on secruity programs is so frustrating that people take shortcuts, which of course the government can exploit. Also, many of those programs have flaws that world-class codebreakers can jump on. On the other hand, picture the situation is Microsoft and everyone else uses a security standard. It will not only be ubitious (even "stupid criminals" would get to use it), but almost certainly more secure. Sure, we'd learn about this flaw or that as some grad student finds a weakness. But then a patch would appear, and eventually we'd have something that might even frustrate the crytanalytic ninjas at Fort Meade. So it's not about getting rid of all strong crypto, but stopping it from becoming standard.
Jon Lebkowsky (jonl) Sun 11 Feb 01 16:56
Isn't it also that it frustrates the practice (of the NSA if not other agencies) of scanning communications?
Bob 'rab' Bickford (rab) Sun 11 Feb 01 17:08
Steven, do you think the spooks realize they can't win that battle? That third-party software for this purpose is getting easier to use and install every day? Are they in denial about this, or are they simply willing to accept whatever delay they can create and call that a win?
Steven Levy (steven) Sun 11 Feb 01 17:55
Third party software might be getting easier, but you still are limited to communicating with others who use the same software. And there have been broad hints that many third party programs aren't really bulletproof. Murky stuff, huh? But Bob is right that the stuff gets better and better. And Jon is right that the more stuff is encrypted the harder it is to scan massive amounts of traffic. That's why I think that the NSA now understands that it has to accomodate a drastically new reality. And I wouldn't be surprised if some stalling were part of their strategy. Still, the OTHER part of their mission is to make sure our own communications are protected. And more and more it appears that without crypto in circulation, national security (and economic well-being) is threatened. This other reality gets harder and harder to ignore, and was, I believe, part of the reason that the export regs got relaxed.
Members: Enter the conference to participate