Feeds

Vint Cerf wanted to make internet secure from the start, but secrecy prevented it

Tells Google Hangout buds that tech was 'classified' at the time...

The essential guide to IT transformation

The NSA acted as a barrier to the rollout of encryption as standard from the very inception of the internet back in the mid 1970s.

Youtube Video

Engineers had wanted to add a network encryption layer as part of the original specifications for TCP/IP. Whitfield Diffie and Martin Hellman had published a paper on public key cryptography systems, so the kernel of a technology to make the internet secure was already there. However the algorithms that would have made the idea a practical reality had to wait until Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977.

Intel agencies including the NSA and GCHQ had already invented public key cryptography systems, but this work remained top secret.

Meanwhile, Vint Cerf, the pioneering internet security engineer, was working on components of a classified NSA at Stanford in the mid 1970s to build a secure, classified internet.

Cerf explained during a Google Hangout session:

I worked with the National Security Agency on the design of a secured version of the internet but we used classified security technology at the time and I couldn't share that with my colleagues. If I could start over again I would have introduced a lot more strong authentication and cryptography into the system.

Video from the key segment of the session can be found here (via YouTube).

Not sharing a fundamental leap forward in privacy communications security technology at the height of the Cold War is understandable if regrettable from the perspective of the current lamentable state of internet security.

Cert's historical footnote does, however, add an extra element to the current debate over the NSA's attempts to weaken encryption schemes and push weak algorithms through schemes like Project Bullrun and the now infamous Dual_EC_DRBG "backdoor".

Former NSA general counsel Stewart Baker, a lawyer rather than a cryptographer, argues that suggestions that his former employer is undermining net security are wide of the mark last weekend. Baker's blog post provoked a feisty exchange with regular sparing partner Jacob Appelbaum, a Tor Project developer, on Twitter. Appelbaum argued the NSA was sabotaging US companies, crypto standards and the US Constitution.

Baker responded that Edward Snowden is "under the thumb" of the Russians and that his revelations about NSA spying tactics are assisting authoritarian government, including the government of Syria.

The exchange can be reviewed here. ®

Next gen security for virtualised datacentres

More from The Register

next story
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.