Whitfield Diffie and Susan Landau
Privacy on the Line
MIT Press, 1998. ISBN: 0-262-04167-7. $25.00.

Reviewed by Rick Umali
<rgu@world.std.com>

On April 4 1998, The New York Times front page reported that Douglas Groat, a CIA technician, was charged with spying. This disgruntled employee, dismissed after years of service, told two foreign nations how the United States had spied on them. Groat was involved in "the penetration of cryptographic systems of foreign governments." Revealing which two nations "would gravely endanger American national security," said the Justice Department.

Whitfield Diffie and Susan Landau's book, Privacy on the Line, attempts to shed light on the complex and fascinating field of privacy, cryptography, wiretapping, and encryption. The book puts context around stories like Mr. Groat's. by arching over the broad history of the United States government's early formulation of privacy policy, introducing many of the technical concepts, and finally bringing these together into an argument for more cryptography.

Privacy on the Line gave me a great introduction to this field. If you're like me, you've dabbled in security (perhaps you've created a public-key "just to see what it's all about"). Maybe you have used a SecureID card at one time or another. And, if you're like me, you probably are put off by the government's Clipper program, but perhaps were not sure "what it's all about." The book provides excellent background on the technologies (encryption, wiretapping) that our government debates and attempts to set policies about. The authors also attempt to provide the government's motivation for penetrating the crypto-systems of foreign governments and for having access to keys via escrow programs like Clipper.

The book is not easy to read, primarily because it is dense with information. The bibliography itself is 31 pages. The "notes" section is 40 pages, and you will be referring to it often. One thing missing is a decent glossary. Using the 24-page index to look up terms makes for a lot of back-and-forth between pages. Part of what makes the book heavy reading is the recitation of government activities, laws, acts, and various agencies surrounding cryptography and privacy, which march across the pages for historical background. It's difficult to keep track of all the acronyms without resorting to notes; a timeline of the key acts and the creation of agencies would have been a welcome addition.

The chapter introducing the different technologies is titilating. You will read about the different secure telephone units (STU-III), code "generators," and true public key facilities (for "manufacturing and distributing" secret keys). You will read about intelligence, how it's defined, how it's gathered, and where cryptography fits in. You'll learn that the largest phone tap was 12 tons (p. 259). You'll read about how US export law prohibits the shipment of the source code to Bruce Schneier's book, Applied Cryptography (p. 107), and how the government can consider this source code a "weapon of war (a munition)."

The chapter on National Security and Law Enforcement provides numerous "creepy" parts, such as agencies charged with Signal Intelligence using planes and other "provocations," forcing secret radar stations to reveal themselves (p. 258), and the use of infrared imaging to record "the veins in the face" for electronic surveillance (p. 119). I half expected Tom Clancy or some other techno-spy author to make an appearance in these chapters.

Activities by our government, and others, seem hidden behind the euphemism of national security. It was disturbing to read about the paranoia of our own government, especially during the Kennedy/Johnson/Nixon era. The authors provide many examples of governement-violated privacy.

One subject that doesn't get a lot of attention is the use of crypto systems by commercial entities. Diffie and Landau state that the commercial market for cryptography "already outstrips the military market" (p. 6), but then leave it at that. They describe how cryptography can provide "digital equivalents" for human interaction (p. 45), and they _footnote a Citicorp banking system "breach" (footnote, p. 251), but for the most part, the book stays within the realm of public policy, even though the private sector may provide the impetus for changing our government policies on cryptosystems.

Cryptography lies at the heart of our daily commerce: access to our bank accounts, to cable television, to electronic services. All of these activities rely on crypto, and its use of cryptography must remain unfettered. Commercial companies' sensitivity to their customers' privacy will be a factor when the government attempts to control the means of this privacy. Although they touch on this, the authors do not cover this territory fully enough.

Their thesis is that privacy, as defined by people talking without fear of being overheard, is hardly possible in today's world. Too many paths need to be crossed before two people can "find a safe quiet spot" to discuss matters in private. Today, these two people (your family members, your colleagues) may discuss matters over the phone, the Internet (email), or via fax, and there's no guarantee that these discussions are private. The authors contend that "we must build the means of protecting that privacy into our communication systems."

But the enemies of privacy seem to be the very public entities that we pay taxes for: our police and military. Hence we launch full bore into the debate over whether the government should have a "back door" into "private keys" (Clipper), or whether the government can compel a video store to reveal our video rental habits (p. 268, in reference to Supreme Court candidate Robert Bork), or other matters of privacy. Just how much should the US government know about our lives?

This debate quickly fosters extreme positions. The book makes no attempt to be objective. The conclusion is a plea to let cryptography grow. There are other ways for the government to insure the national security. Instead of spying on our foreign neighbors, and penetrating their crypto-systems, we can make use of other "intelligence." Diffie and Landau argue that modern wiretapping has done little to prevent or prosecute criminal activity (despite what movies and television would indicate).

Diffie and Landau plead that privacy is a fundamental human right (p. 126), and that our country is different from totalitarian countries because the United States does not violate those rights. So why not give us more "privacy" tools? What is the government afraid of? The tension in these arguments and questions is palpable. The authors end the book with a section titled "Suppose We Were to Make a Mistake?" in reference to allowing unrestricted growth of cryptography. Does the government care to let us make these mistakes? Can we all breathe easier, knowing that criminals, and "bad" governments, have access to crypto-systems that the US Government can't break?

Diffie and Landau ask us all "what kind of a society do we want to be?" They hope the answer is "a country that allows us access to privacy" and systems that maintain that privacy.