Technology and Society

Book Reviews
Home
What's New
Privacy & Individual Rights
Commerce, Security, & the Law
Net Culture, Art, & Literature
International Affairs & National Security
Ethics, Rhetoric, & Metaphysics
Science Fiction

Other Resources
News
Publishers
Other Book Review Sites
Letters
Contact
Copyright

Title: Crypto
Author: Steven Levy
Publisher: Viking
Copyright: 2001
ISBN: 0-670-85950-8
Pages: 356
Price: $25.95
Rating: 92%

Cryptography is an issue the average citizen doesn't know a lot about, and for good reason: the science of scrambling messages so their contents can't be read by anyone except the intended recipients is a complex, specialized discipline that requires constant study and vigilance. One slip, and a perfectly valid scheme protecting vital intellectual property or financial data can betray the secrets it was designed to protect while offering the owner a false sense of security.

In Crypto, author Steven Levy chronicles the development of modern cryptography using the same technique he marshaled so brilliantly in Hackers: profiles of the major personalities in the field. He starts the book with a chapter on Whitfield Diffie, the researcher who, along with Martin Hellman and Ralph Merkle, developed and popularized asymmetric, or public-key, cryptography. Unlike symmetric cryptography, where a single key is used to encrypt and decrypt a file, asymmetric cryptography divides keys into two parts -- a part you keep secret and a part you make publicly available (hence the name public-key). To encrypt a file for one other person to read, you encrypt a file with the secret half of your key and the public half of the recipient's key.

As public-key encryption evolved, the ability to send the same message to more than one recipient by encrypting a message with multiple public keys, to sign a file digitally to verify authorship, and to create a message digest, or hash, to verify the file hadn't been changed since the has was generated, were added to make public-key cryptography a more versatile tool.

The first developers to build a commercially viable version of the Diffie-Hellman techniques were MIT professors Rivest, Shamir, and Adelman. Their algorithm, named RSA, was the core intellectual property behind RSA Data Security, the company they formed to capitalize on their work. After the company suffered through a few years of corporate management by academics, the board brought in Jim Bidzos, another forceful and colorful personality. Bidzos' tireless efforts to bring RSA Data Security back from the brink, his clashes with Phil Zimmerman over the latter's use of the RSA algorithm in his Pretty Good Privacy encryption program, and his running battle with the US government over the International Trafficking in Arms Regulations (ITAR) that prohibited exporting all but the weakest encryption make for fascinating reading.

In fact, the struggle to control cryptography between the government, as personified by the eminence gris of the National Security Agency (NSA), and the private sector is always present in Crypto. This emphasis is not hype...the government long held the position that cryptographic knowledge was classified sui generis (from the moment it was comprehended) and threatened to prosecute anyone who disseminated crypto technology. The charge would be espionage and conviction would entail a severe penalty. Levy's telling of the struggles pitting academics, civil libertarians, and entrepreneurs (with some individuals representing all three categories) against the government is quite well done. Rather than resort to inflammatory language, Levy lets the events and personalities carry his narrative with relatively minimal guidance from the author. He also devotes his epilogue to James Ellis, the English cryptographer who developed public-key cryptography before Diffie and Hellman but was unable to make the fact known because of his work for the English defense establishment's equivalent to the NSA, the General Communications Headquarters.

While all of the facts in Crypto have been published at one time or another, this is the first book to bring everything together into a single work. No comparable works, including the policy-oriented Privacy on the Line, by Diffie and Landau, have the hand of an accomplished storyteller to shape the narrative and pace the material to best advantage.

Curtis D. Frye (cfrye@teleport.com)  is the editor and chief reviewer of Technology and Society Book Reviews.  He worked for four years as a defense industry analyst at The MITRE Corporation in McLean, VA, and is the author of Privacy-Enhanced Business, from Quorum Books.