Avast CISO Jaya Baloo asks cryptographer Phil Zimmermann about privacy in the age of Facebook
“Here’s how it works!” Dan Aykroyd energetically tells the SNL audience. “Catch a bass, remove the hook, and drop the bass – that’s the WHOLE bass – in the Bass-O-Matic 76!” As he says this in his best punchy announcer voice, he picks up a real fish and drops it in a blender. The audience begins to titter, nervously anticipating what might happen next. When he punches that blender button, turning the fish into puree, the audience loses it, laughing hysterically at what would become one of the most famous SNL sketches in history.
When cryptographer Phil Zimmermann created the first algorithm for his Pretty Good Privacy (PGP) email encryption service, he had to give it a name. That visual of the fish in the sketch getting completely eviscerated was an apt, if not hilarious, representation of what his encryption did to the data – scrambled it up until it was completely unrecognizable from its former self. Phil released his BassOmatic symmetric-key cipher in 1991.
Back then, in ‘91, the only folks using email were the ones who actually had the technical know-how to implement encryption. As 2000 neared, more and more laypeople began using email, and encryption like PGP, involving trust models and public keys, was a bit too much to wrap their heads around. By that time, however, Phil was turning his attention to secure voice protocols, a pursuit, he says, that he found much more fun than encrypting emails.
Today, encryption is more widely accepted, which is a good thing as far as Phil is concerned. Citing nation states, hostile foreign powers, and the recent Colonial Pipeline ransomware attack, he believes we need strong encryption to protect every part of society, from industry and ecommerce to individuals, police, and military. “The damage done to our national security interest by not having end-to-end encryption is worse than the damage done by a few criminals that are doing end-to-end encryption,” he tells Avast CISO Jaya Baloo in our 7th episode of Avast Hacker Archives.
Phil also tells Jaya about his history with cryptography, even including a mini-lesson on the history of cryptography. “Cryptography is the product of an arms race,” he says. “There has been for centuries, many centuries, an arms race between cryptologists and crypto-analysts. The cryptographers make an algorithm, the crypto-analysts break it. The cryptographers improve their algorithm, the crypto-analysts improve their crypto-analytic techniques and break it again. And it goes on and on for centuries.”
Jaya asks Phil what he makes of the sweeping migration of WhatsApp users to Signal when WhatsApp announced that it was changing its terms of service to work more with Facebook. His answer was simple: “Facebook is in the metadata business. And WhatsApp started collecting a lot more metadata and sending it to Facebook. And that means that even though you have an end-to-end secure channel for talking or texting with someone, the metadata is still being collected.” That metadata includes with whom you’re chatting, how long the chat lasted, the time stamp of the chat, and other details. “I think social networks, and Facebook especially, have done a great deal of harm to the world. They might be fun for a lot of things, but they come at a steep price,” he adds. “If you’re not paying for the product, you are the product.”
Click the link below to hear Phil and Jaya cover more topics, including how nuclear power could save the world and how Phil’s pursuit of cryptography fell perfectly in line with his passion for activism and social justice. “PGP was originally designed for withstanding the attacks of nation states,” he reveals, expounding on how encryption protects civil liberties. It’s with great pride that we kick off Episode 7 of Avast Hacker Archives. Please enjoy!
In the eighth episode of our podcast Avast Hacker Archives, security expert Dave Aitel demystifies the NSA, explains the fallacy of the term “zero-day,” and tells Avast CISO Jaya Baloo what started him down the hacker’s path.
With deep sadness, we share that Vince Steckler, our former Avast CEO and Avastian legend, passed away in a tragic car accident on Tuesday.
In the sixth episode of our podcast Avast Hacker Archives, Avast CISO Jaya Baloo talks with Wendy Nather, Head of the Advisory CISO team at Cisco, about the challenges CISOs face today and the steps we need to take to make security effective for everyone.