An age-old art with
many modern twists
CRYPTOGRAPHY — the art of secret writing — is nearly as old as the art of writing itself, and goes back at least 4,000 years in history. From the handwritten ‘Caesar Cipher’ used by Julius Caesar, to the contemporary ‘PGP’ (Pretty Good Privacy), a freely available cryptographic system on the Internet — the fascinating evolution of this art (some call it science) has transformed it into a key technology of the information age. As far as information security goes, cryptography is of great significance to conduct electronic business, viz. electronic banking, secure communications and online transactions. However, the same technology is also being exploited by criminal and terrorist groups to clandestinely communicate and carry out their operations. This has been the crux of the crypto-debate in the USA and some other Western nations. On one side is the government, expressing its predicament in deciphering high-end encryption used by criminals and terrorists. Opposing them are the activists, who regard restrictions imposed on encryption as an infringement of their right to communicate securely in an information society.
undoubtedly emerged as one of the key dual-use technologies, with
critical military and commercial applications. The evolution of this
ancient art, fraught with controversy, can be clearly understood only by
undertaking a brief journey into its contentious past. One would then
observe its transition from the exclusive custody of the military and
intelligence community to the public domain. While evidence indicates
that the earliest form of cryptography was used in Egypt, the Arabs in
the 7th century were the first to write down the methods of
cryptanalysis (the art of cracking cryptographic codes). Interestingly,
in India the Kamasutra places secret writing as 45th in a list of arts
women ought to know. Gradually, as technology improved, handwritten
forms of cryptography were rendered obsolete, and by World War II,
electro-mechanical devices replaced handwritten forms of cryptography.
During the war some incredible feats in cryptography were accomplished.
Noteworthy among them, were the invention of the revolutionary German
communication system called ‘Enigma’ and the consequent espionage
and cryptanalysis that led to the breaking of the Enigma code by British
Intelligence. Intercepts of Enigma (code named ‘Ultra’), apparently
contributed towards Germany’s setback during the war. Historians also
express that US may have averted the attack on Pearl Harbour, had they
been able to decipher the Japanese coded messages. They however, cracked
the Japanese code later, which gave them a distinct advantage in the
Battle of Midway.
Symmetric or secret key cryptography (for instance DES) has an inherent limitation, in that, a single key is used by both the sender and the receiver of the message, whereby security can be compromised by the interception of the key during the transmission process. To overcome this drawback, the concept of Public Key Cryptography (or asymmetric cryptography) was first introduced by Whitfield Diffe and Martin Hellman in 1976. Here, two keys are brought into use — the public and private key. The message is encrypted with the public and decrypted using the private key. The public key, as the name suggests, is available in a directory or public listing while the private key is stored confidentially in the owners’ possession. In 1977, a team of scientists — Ron Rivest, Adi Shamir and Leonard Adelman created RSA — the first public key cryptographic system (named after its creators). America’s worst fears came true, when Phil Zimmerman, a computer scientist, used RSA to create PGP - a public domain version of RSA (an exceptionally strong encryption program offering 128 bits) and made it available in downloadable form on the Internet. With PGP accessible online, a strong encryption program - once forbidden for public use, was suddenly within reach and that too, with a mere click of the mouse (for the latest version of PGP, one can visit www.pgpi.org).
Ever since, the number of Websites offering free cryptography and steganography tools has grown at a frantic pace. Steganography - a form of cryptography (which literally means hidden writing) is fast gaining popularity between terrorist and criminal groups, where images and even sound files are distributed over the Internet with hidden documents and messages. Such abuse of encryption methodologies, is in fact, well documented by American researchers and one of the pioneering efforts was made by Dorothy Denning and William Baugh in a report titled ‘Encryption and Evolving Technologies as Tools of Organised Crime and Terrorism’, published in 1997 by the National Strategy Information Centre’s US Working Group on Organised Crime. The report had interestingly, highlighted the case of Ramsey Yousef, alleged member of the Al Qaeda network, responsible for bombing the World Trade Center in 1993 and a Manila airliner in 1995. When detained at Manila, the FBI discovered several encrypted files on his laptop, revealing information on further plans of blowing up 11 US-owned commercial airliners in the Far East. The report also included the notorious Aum Shinri Kyo cult responsible for the 1995 Sarin nerve gas attack in a Tokyo subway. The cult had apparently stored their records in databases, encrypted with RSA. The encrypted files held evidence that was crucial to the investigation, including plans of deploying weapons of mass destruction in Japan and the USA. Even in the Indian scenario, there have been reports indicative of similar patterns employed by terrorist groups. For instance, militants of the Laskar-e-Taiba group were found to have used a cyber café in North Delhi during the Red Fort attack carried out on the Republic Day last year. The Delhi police were astounded to find pornographic pictures stored on the computers and only later realised that the pictures actually contained hidden messages.
Unable to curb the flow of such technologies on the Internet, sophisticated surveillance and monitoring systems like ‘Echelon’ and ‘Carnivore’ came into existence. While Echelon is a global surveillance system where the US, UK, Canada, Australia and New Zealand collectively operate an extensive network of stations that regularly intercepts e-mail, fax, telex and telephone communications around the world, Carnivore, is an electronic wire-tapping tool used by the FBI for specifically monitoring Internet traffic and is installed at the gateway of the ISP (Internet Service Provider). In recent times, Carnivore has generated considerable controversy as it is suspected of monitoring e-mail and online conversations of ordinary citizens too.
However, September 11 has raised immense doubts on the credibility of such monitoring technologies. The fact that the US intelligence agencies were blissfully unaware of the attacks whose planning began more than a year back reiterates this viewpoint. Even though the thrust on surveillance technologies would continue unabated, one can expect even more stringent legislation and controls on encryption technology. Whether the extremely strong lobby of civil liberty activists allows such legislation to get through, remains to be seen. The scars of the ‘Clipper Chip’ controversy are after all only a decade old and not completely forgotten. Brainchild of the NSA the chip (with Skipjack algorithm) was designed to be built-in cell phones in a manner that the government could monitor all cell phone conversations. The public outcry, with privacy activists at the forefront never allowed the initiative to see the light of day. Post WTC, however, the scenario has changed radically and the government might seem justified in passing the Anti-terrorist Act - even if deemed as highly intrusive and draconian by privacy activists. Moreover, citizens too, fresh with images of the twin towers crumbling down, would be willing to put their privacy at stake for the sake of their security. Finally, even the most stringent legislation, backed with highly sophisticated technology may not provide a completely foolproof solution against non-state actors exploiting technology for their nefarious motives. The simple fact is that the cutting edge of technology works both ways, and that’s why the cliché - ‘technology is a double-edged sword’ becomes most relevant in the information age.