Cryptography and Scientific Freedoms
Ian Goldberg
iang@cs.berkeley.edu
ISAAC Group
University of California, Berkeley
Who are the Scientists?
- Mathematicians and Theoreticians
- research in "pure" cryptography
- developing and analyzing algorithms
- Engineers and Systems researchers
- research in "applied" cryptography
- using crypto to implement secure systems and secure network protocols
What is the Research?
For example,
- A lack of strong cryptography exacerbates security problems on the Internet
- password sniffing
- session hijacking
- defeating authentication
- info warfare concerns
- We want to improve Internet security
- Internet commerce will require solutions that resist fraud
What are the Issues?
- American researchers cannot communicate with international colleagues
- American researchers cannot publish their results on the Internet
- American researchers are stifled when conducting research in important areas
Current Problems:
Communication with Colleagues
Researchers cannot discuss their work or collaborate with international colleagues.
- International Protocol Security effort
- Improvements to cryptographic algorithms
- In each case, researchers in the US cannot contribute very much
- "Technical Assistance" provisions make it illegal to give help to international colleagues
Current Problems:
Publication of Results
- Peer review is an especially important part of pure and applied cryptographic research
and products
- Dan Bernstein: denied the ability to publish his new encryption algorithm
- PGP: could not make their software freely available for review on the Internet
Current Problems:
Conducting of Research
The restrictions on publication of work done in the US frustrate American researchers.
- Americans cannot publish cryptography on the Internet
- Cryptography research is left to the non-Americans who happen to be outside of the US
- Non-Americans (including myself) can leave the US, do crypto-related wprk out of the country, and publish it on the Internet (from a foreign site) before returning
Effects
- The Internet has many security problems
- Researchers face barriers when they try to solve those problems
- Some researchers don't bother investigating these important problems, because they would not be allowed to make their work widely available
Conclusion
|
We must reverse policies that stifle the ability of researchers to study and build cryptographic algorithms,
secure information systems, and secure network protocols.
|
This document is a reproduction of slides prepared by Ian Goldberg for a presentation on August 1, 1997.
Cryptography: Scientific Freedom and Human Rights Issues