Whitfield Diffie may have helped lead a revolution in computer cryptography decades ago, but he still spends plenty of time worrying about the same questions: How safe are our digital communications? And what’s the next threat up around the bend?
For decades, Diffie has held a senior statesman position among those crypto specialists who work outside the military and the halls of the NSA. The 71-year-old spends some of his days at Stanford University now, where he is a consulting scholar for the Center for International Security and Cooperation. But the technology he helped developed — public key cryptography — underlies many Internet services in constant use around the world, and the encryption of online communications has once again become a hot topic after politicians raised fears about terrorist use of encrypted apps in the aftermath of the attacks in Paris and San Bernardino, California.
These days, nearly 40 years after he and partner Martin Hellman published a paper describing their public key breakthrough, in which they built on the work of computer scientist Ralph Merkle, Diffie says he is as worried as ever about the threats to privacy and security in an ever-evolving online world.
"To my mind, the most critical thing is [that] our grand vulnerability is not to physical terrorism, but to a cyber attack on our critical infrastructure," Diffie said in an interview with NBC News on Monday.
"There are half a dozen critical infrastructures: power, of course, gas and water, transportation, banking, communications," Diffie said. "They’ve been growing up for a long time, and opponents who have real capability to survey these systems stand a chance of developing a technique for causing them to collapse."
Even with more people concerned about hacks in the aftermath of prominent breaches at Sony, Anthem and Target, among others, the sort of future threat Diffie envisions still isn’t the kind of thing most Americans worry about regularly. Far more topical, at least in recent months, has been the issue of whether terrorists are using encryption to hide from the watchful eyes of Western intelligence.
In the United States, officials from the director of the FBI to the Manhattan district attorney have pushed for a legal "backdoor" into encrypted devices and services, as tech companies including Google and Apple have set up their systems so that they don’t even have the keys to turn over should the cops come knocking.
On Wednesday, FBI Director James Comey told a Senate committee hearing that one of the Garland, Texas, shooters had exchanged 109 messages with an "overseas terrorist" before carrying out the attack, but that the messages couldn't be read by investigators because they were encrypted.
Diffie, who spoke to NBC News before Comey's remarks, doesn't think it's a good idea to limit the use of encryption just because it can be misused by a few.
"This is like saying, well, you know, cars are of use to bank robbers. This was at one time a very major thing," he said. "Nobody ever took seriously at that time the notion that you should cut down the abilities of cars in order to solve one particular sort of crime."
And while the men and women tasked with keeping Americans safe say they fear that encryption will help terrorists "go dark," Diffie says that building in access for investigators will open a number of new and challenging questions. Diffie was one of 15 cryptography and computer experts who authored a 31-page report published in July in which they said that creating "exceptional access" for law enforcement would lead to "unanticipated, hard to detect security flaws."
Those could include making it difficult to deny ally countries or other partners access to the “backdoors,” even if that was not the original intent, he said.
"If you think about building trapdoors into these things, there are several problems that come up. There have been people who’ve said — I think too carelessly — that basically, if you build a trapdoor into it, somebody else will discover it," Diffie said. "I think what’s actually true is, if you build a trapdoor into it, you will not be able to not deny use of that trapdoor to other people. So you have other governments, maybe other kinds of entities, economically powerful, militarily powerful, the people you want favors from."
"Once you have a capability, the basic thing that happens with it is you begin trading it with other people," Diffie said. "And so it’s hard to see how that could ever be kept just to the U.S. government."