SAN FRANCISCO – This year’s RSA Conference Cryptographers’ Panel started on a sour note when it was announced that longtime participant Adi Shamir, one of the inventors of the RSA algorithm, would be absent because of visa issues with the U.S. Department of State.
Shamir, who addressed the conference via a prerecorded video message, said he applied for a visa nearly two months ago and while not explicitly denied a visa, he was not granted one. In a video statement to attendees he said:
“I’m a member of the National Academy of Science, I’m a Foreign Member of the Royal Society. I’m a member of the French Academy of Science. I am a member of the Israeli Academy of Science. I received the Turing Award, the Japanese Prize, the Israel Prize and numerous other prizes. If someone like me cannot get a tourist visa from the U.S. in order to give a keynote at the major conference of this field – and it seems others having similar problems – perhaps it’s time we rethink how and where we have these scientific conferences.”
Panelist Shafi Goldwasser, director of the Simons Institute for the Theory of Computing, remarked: “In [Shamir’s] case it is really magnificent in its unreasonableness. There are other researchers who also haven’t been able to secure visas to be here. These are researchers who are very well known and very instrumental to the success of our endeavors… It is completely unclear who is in charge.”
Other panelists, which included Ronald Rivest, MIT Institute Professor; Whitfield Diffie, cryptographer and security expert, Cryptomathic; Tal Rabin, manager of the Cryptographic Research Group, IBM Research; and Paul Kocher, an independent security researcher, each expressed exasperation that Shamir and other would-be participants and attendees were denied access to the United States.
Panel Highlights Pros and Cons of Past Year
Besides decrying the US visa policies, the panel discussed a wide range of issues ranging from Australia’s Assistance and Access Act, GDPR, Bitcoin currency manipulation, and securing computational cryptography platforms.
The first topic of discussion was the latest salvo in the encryption wars, identified by panelists as Australia’s Assistance and Access Act. The act was passed in December 2018 and requires companies to provide a backdoor on any encryption used in their products and also forces them to crack their encryption at the government’s request.
When Diffie was asked about the move he quipped at its absurdity: “It has given us this great line from the [Australian] Prime Minister that the laws of mathematics may be all well and good, but the laws of Australia, apply to Australia.”
Diffie likened that logic to the laws of physics and nature. “If you extend that view to covering the laws of physics and the laws of chemistry then if he outlawed high energy reactions and uranium and plutonium, they can protect themselves from nuclear weapons. And, with the right chemical laws they can protect themselves from global warming.”
Diffie said the Australian laws made it clear that corporations and governments have the clear upper hand “disrupting the use of cryptography” than terrorists.
On the flipside of the regulation issue, other panelists said more stringent privacy laws, such as GDPR, are needed in the United States.
“We desperately need regulation here,” Kocher said of California’s proposed Privacy Protection Act. “I expect regulation is going to be messy and poorly matched to the problem and controversial. How GDPR and U.S. laws play out aren’t clear yet.”
From a consumers’ point of view, Goldwasser noted verifying what companies say they are doing with data is the sticking point. “How do we really know if companies are doing what they say?” she said.
Cryptographer Rabin tackled recent developments in blockchain, stating that, despite recent attacks and negative attention, the technology was sound. “I think that this whole area of cryptocurrency in practice made a very interesting jump in our technologies and people’s interest in our technology,” she said.
Rabin said, just as software is developed over time, so will blockchain. She compared the current iteration of cryptocurrency to the Mosaic browser and AltaVista search engines – early predecessors to modern browsers and search engines.
“These things (Mosaic and AltaVista) did huge thing for our community. Maybe they died out. Maybe the current cryptocurrencies will die and new ones will take their place. But they are contributing to our community I view it as something good rather than as something bad, despite the price quality,” she said.
Panelist Kocher discussed cryptography in an age of Meltdown and Spectre vulnerabilities.
“Cryptography is the one piece [of technology] that works, but it sits on top of other things; operating systems, processors, application code, firmware and microcode… If those things don’t work perfectly, then the stuff that doesn’t work well, ends up failing,” Kocher said.
Rivest echoed the point, mentioning that implementing cryptography in the real world is still a challenge with insecure platforms vulnerable to things such as side channel attacks. Diffie chimed in, noting computing systems have matured to become more integrated, as opposed to isolated, making it harder to separate vulnerable memory – for example, from micro-processes.
Rabin likened the role of the cryptographer in the world today as similar to that of a biologist or a physicist. She said cryptography can be the tool needed to address issues around personal data and privacy.
“As a community of cryptographers we have the tools to protect privacy of data by requiring processors follow rules,” Rabin said. “So it’s important to realize our responsibility is not just to be motivated by profit, but some sort of social responsibility.”
For all Threatpost’s RSA Conference 2019 coverage, please visit our special coverage section, available here.