1 00:00:00,000 --> 00:00:04,422 2 00:00:04,422 --> 00:00:05,630 We've got a nice crowd today. 3 00:00:05,630 --> 00:00:08,390 I'd like to welcome you all to the Distinguished Lecture 4 00:00:08,390 --> 00:00:09,230 series. 5 00:00:09,230 --> 00:00:12,170 We have the pleasure of having Bob Morris here 6 00:00:12,170 --> 00:00:15,080 to talk to us about the protection 7 00:00:15,080 --> 00:00:16,790 of valuable information. 8 00:00:16,790 --> 00:00:18,440 And before we get into that, I'd like 9 00:00:18,440 --> 00:00:22,040 to continue with the tradition of giving a somewhat 10 00:00:22,040 --> 00:00:27,423 extended bio to our attended group 11 00:00:27,423 --> 00:00:29,090 here, particularly the new students, who 12 00:00:29,090 --> 00:00:31,730 like to take our distinguished speakers as role models. 13 00:00:31,730 --> 00:00:33,290 And so we'll do a little of that. 14 00:00:33,290 --> 00:00:35,600 Mike [INAUDIBLE] is unfortunately ill with the flu. 15 00:00:35,600 --> 00:00:40,010 Otherwise, we would have had him play the traditional role. 16 00:00:40,010 --> 00:00:42,050 So Bob Morris is a legendary figure 17 00:00:42,050 --> 00:00:44,610 in many areas of computer security in particular. 18 00:00:44,610 --> 00:00:48,140 He was born in Boston, grew up in northern Connecticut 19 00:00:48,140 --> 00:00:51,308 and went to school at Exeter, and then went 20 00:00:51,308 --> 00:00:52,850 to this little school down the street 21 00:00:52,850 --> 00:00:56,030 that sometimes has tried to an excess but has always failed. 22 00:00:56,030 --> 00:00:59,420 23 00:00:59,420 --> 00:00:59,960 Majored in-- 24 00:00:59,960 --> 00:01:01,940 [INAUDIBLE]? 25 00:01:01,940 --> 00:01:02,705 That direction. 26 00:01:02,705 --> 00:01:05,810 27 00:01:05,810 --> 00:01:10,760 Majored in chemistry, but actually, 28 00:01:10,760 --> 00:01:13,790 during the middle of his career at Harvard, he 29 00:01:13,790 --> 00:01:17,000 was drafted and spent a couple of years in Germany 30 00:01:17,000 --> 00:01:19,190 as a signal [INAUDIBLE] Heidelberg, 31 00:01:19,190 --> 00:01:21,890 working with the radio there. 32 00:01:21,890 --> 00:01:24,832 And was majoring in chemistry, and then changed his mind 33 00:01:24,832 --> 00:01:27,040 just as he got near the end of his career at Harvard, 34 00:01:27,040 --> 00:01:30,060 and decided he didn't want to be a salesman for DuPont. 35 00:01:30,060 --> 00:01:34,088 And so he switched to a math major his senior year, math 36 00:01:34,088 --> 00:01:35,630 being one of the fields he recognized 37 00:01:35,630 --> 00:01:37,755 as being something you could do almost anything you 38 00:01:37,755 --> 00:01:38,760 wanted afterwards. 39 00:01:38,760 --> 00:01:41,030 And as you'll see, he's done many, many things 40 00:01:41,030 --> 00:01:43,400 in many different directions ever since. 41 00:01:43,400 --> 00:01:47,217 He stayed on at Harvard, did a master's in mathematics, 42 00:01:47,217 --> 00:01:49,050 studying areas of algebra and number theory, 43 00:01:49,050 --> 00:01:51,350 particularly, looking at class field theory 44 00:01:51,350 --> 00:01:54,710 and putting bounds on the size of class groups for his thesis 45 00:01:54,710 --> 00:01:56,010 there. 46 00:01:56,010 --> 00:01:57,830 After that, he went directly to Bell Labs 47 00:01:57,830 --> 00:02:00,920 as a mathematician in 1960, then. 48 00:02:00,920 --> 00:02:03,260 And he was working on a very interesting project, which 49 00:02:03,260 --> 00:02:05,100 didn't have the term at the time, 50 00:02:05,100 --> 00:02:07,460 but now has become to be known as modems. 51 00:02:07,460 --> 00:02:10,280 He was working on the first modems. 52 00:02:10,280 --> 00:02:12,620 They didn't exist at the time, and people at Bell Labs 53 00:02:12,620 --> 00:02:15,050 thought maybe that would be a good idea, not realizing 54 00:02:15,050 --> 00:02:17,258 of course that the whole internet and everything else 55 00:02:17,258 --> 00:02:19,850 is built around these things at the time now. 56 00:02:19,850 --> 00:02:23,360 So they were aiming for a high-speed modem 57 00:02:23,360 --> 00:02:25,028 of 48 bits per second. 58 00:02:25,028 --> 00:02:27,020 [LAUGHTER] 59 00:02:27,020 --> 00:02:30,380 With an error rate of 10 to the minus 5th bit error that. 60 00:02:30,380 --> 00:02:33,590 So that was a couple of years they were working on that, 61 00:02:33,590 --> 00:02:36,128 and he pointed out that at the time, 62 00:02:36,128 --> 00:02:37,670 it seemed maybe they would be getting 63 00:02:37,670 --> 00:02:38,795 near the theoretical limit. 64 00:02:38,795 --> 00:02:41,150 And the theoretical limits have been reached and passed 65 00:02:41,150 --> 00:02:44,270 several times since then at 1,200 and 9,600. 66 00:02:44,270 --> 00:02:47,053 Now we're at 56 kilobits, but every time people 67 00:02:47,053 --> 00:02:48,720 say that we're at the theoretical limit. 68 00:02:48,720 --> 00:02:50,137 But at the time, they were working 69 00:02:50,137 --> 00:02:52,520 near the theoretical limit then. 70 00:02:52,520 --> 00:02:54,980 I asked him if he knew Claude Shannon at the time. 71 00:02:54,980 --> 00:02:57,330 Claude had left Bell Labs at that time, 72 00:02:57,330 --> 00:03:00,350 but Bob had known him in other contexts, and used to love, 73 00:03:00,350 --> 00:03:02,390 he said, trampolining with them. 74 00:03:02,390 --> 00:03:07,460 [LAUGHTER] 75 00:03:07,460 --> 00:03:11,000 So then he moved into the math department at Bell Labs. 76 00:03:11,000 --> 00:03:11,960 Ron Graham was there. 77 00:03:11,960 --> 00:03:14,210 The math department was shifting into computer science 78 00:03:14,210 --> 00:03:17,570 at the time, and Bob got interested in computer science 79 00:03:17,570 --> 00:03:19,170 a number of different ways. 80 00:03:19,170 --> 00:03:20,540 One of the interesting things, and the connection 81 00:03:20,540 --> 00:03:22,665 with MIT here, was he got involved with the Multics 82 00:03:22,665 --> 00:03:23,660 project. 83 00:03:23,660 --> 00:03:27,350 So he wrote the first PLO, PL/I compiler for the Mutlics 84 00:03:27,350 --> 00:03:29,845 project, which was around for, I think, 85 00:03:29,845 --> 00:03:31,970 he said an embarrassing, long, long time afterwards 86 00:03:31,970 --> 00:03:34,190 or something. 87 00:03:34,190 --> 00:03:37,018 So he was involved with that, and up here, he's 88 00:03:37,018 --> 00:03:38,310 used Multics quite a bit since. 89 00:03:38,310 --> 00:03:40,435 I'm surprised to see that some of the design errors 90 00:03:40,435 --> 00:03:41,332 are still around. 91 00:03:41,332 --> 00:03:43,790 I guess there was a question as to whether Multics is still 92 00:03:43,790 --> 00:03:44,938 running anywhere. 93 00:03:44,938 --> 00:03:45,980 We were talking with him. 94 00:03:45,980 --> 00:03:48,522 I don't think either of us knew exactly, maybe up until quite 95 00:03:48,522 --> 00:03:50,570 recently, anyway. 96 00:03:50,570 --> 00:03:53,150 He did a lot of number theory, and he kept his mathematics 97 00:03:53,150 --> 00:03:53,650 going too. 98 00:03:53,650 --> 00:03:56,630 He did a lot of number theory at the same time he was there. 99 00:03:56,630 --> 00:03:59,690 He worked on implementations of various mathematical functions 100 00:03:59,690 --> 00:04:02,222 for the 7090, and for Unix, he did all the math 101 00:04:02,222 --> 00:04:04,430 implementations, sines, cosines and things like that, 102 00:04:04,430 --> 00:04:06,740 for the Unix implementation. 103 00:04:06,740 --> 00:04:08,270 Also did the Unix security scheme, 104 00:04:08,270 --> 00:04:11,720 the password scheme the way, et cetera, a password works. 105 00:04:11,720 --> 00:04:13,040 Passwords get hashed into that. 106 00:04:13,040 --> 00:04:16,279 107 00:04:16,279 --> 00:04:18,959 In 1980-- so that was software, some mathematics. 108 00:04:18,959 --> 00:04:20,660 Then he got into hardware. 109 00:04:20,660 --> 00:04:22,910 He started on a project working with the Navy 110 00:04:22,910 --> 00:04:27,410 on very high-speed computer, one of the fastest in time. 111 00:04:27,410 --> 00:04:31,230 They were aiming for $100 million operations per second. 112 00:04:31,230 --> 00:04:32,855 This was for sonar processing. 113 00:04:32,855 --> 00:04:33,980 He said it was interesting. 114 00:04:33,980 --> 00:04:36,140 He got into the project, and he was talking to some Navy guys, 115 00:04:36,140 --> 00:04:38,040 and they realized he'd never been on a boat. 116 00:04:38,040 --> 00:04:40,850 And they said some order like, get his ass out to sea, 117 00:04:40,850 --> 00:04:43,640 and so they took him out on a nuclear submarine 118 00:04:43,640 --> 00:04:46,601 for a week, which he said was very interesting. 119 00:04:46,601 --> 00:04:48,960 120 00:04:48,960 --> 00:04:50,585 So that that machine he was working on, 121 00:04:50,585 --> 00:04:53,183 it actually got built and was in service for quite a while. 122 00:04:53,183 --> 00:04:54,350 The machine was interesting. 123 00:04:54,350 --> 00:04:56,420 It was primarily hardware design he was involved with then. 124 00:04:56,420 --> 00:04:58,280 It had multiple processors, and so the usual issues 125 00:04:58,280 --> 00:05:00,680 of synchronization and coordination of the processors 126 00:05:00,680 --> 00:05:03,170 was a big issue. 127 00:05:03,170 --> 00:05:09,020 In 1984, he retired from Bell Labs and went to work at NSA. 128 00:05:09,020 --> 00:05:11,900 I asked him if he'd done any cryptography before he went 129 00:05:11,900 --> 00:05:13,910 over to NSA, and he admitted that actually he 130 00:05:13,910 --> 00:05:17,630 had worked on a paper on cryptanalysis 131 00:05:17,630 --> 00:05:19,670 that he thought was kind of interesting. 132 00:05:19,670 --> 00:05:20,780 And he sent it off to the NSA-- this 133 00:05:20,780 --> 00:05:21,650 is while he was at Bell Labs. 134 00:05:21,650 --> 00:05:23,270 He sent it off the NSA saying, you 135 00:05:23,270 --> 00:05:25,670 don't mind if if publish this, do you? 136 00:05:25,670 --> 00:05:27,990 And they came back and said, yes. 137 00:05:27,990 --> 00:05:30,140 And [INAUDIBLE] several high-level visitors 138 00:05:30,140 --> 00:05:31,640 from the agency coming to Bell Labs, 139 00:05:31,640 --> 00:05:34,520 and it was agreed that he wouldn't publish this. 140 00:05:34,520 --> 00:05:36,020 And it still has not been published, 141 00:05:36,020 --> 00:05:38,270 and I look forward to seeing it someday. 142 00:05:38,270 --> 00:05:40,280 But he says it was perhaps the best 143 00:05:40,280 --> 00:05:41,679 paper he's ever written, so. 144 00:05:41,679 --> 00:05:45,431 [LAUGHTER] 145 00:05:45,431 --> 00:05:47,778 146 00:05:47,778 --> 00:05:49,820 But he also feels that it's maybe not appropriate 147 00:05:49,820 --> 00:05:55,280 for it to be published either, so, one of these days. 148 00:05:55,280 --> 00:05:57,147 At NSA, he started off as chief scientist 149 00:05:57,147 --> 00:05:58,730 of the Computer Security Center, which 150 00:05:58,730 --> 00:06:01,485 was a new center at the time, working on computer security, 151 00:06:01,485 --> 00:06:03,110 both inside the government and outside. 152 00:06:03,110 --> 00:06:06,770 Did consulting, a number of different directions. 153 00:06:06,770 --> 00:06:09,410 He was promoted to chief scientist of the Information 154 00:06:09,410 --> 00:06:11,363 Security Section thereafter, working 155 00:06:11,363 --> 00:06:13,280 on protection of information in general, which 156 00:06:13,280 --> 00:06:16,820 is the topic of today's talk. 157 00:06:16,820 --> 00:06:19,190 While he was there, he had an interesting experience, 158 00:06:19,190 --> 00:06:20,690 as it's the destiny of most children 159 00:06:20,690 --> 00:06:21,815 to embarrass their parents. 160 00:06:21,815 --> 00:06:24,230 In November of '88, the internet worm came up. 161 00:06:24,230 --> 00:06:26,540 So again, interesting experience with him 162 00:06:26,540 --> 00:06:31,520 to deal with that both in his family and externally. 163 00:06:31,520 --> 00:06:36,020 In August of 1990, his career took a very interesting turn 164 00:06:36,020 --> 00:06:38,510 with the invasion of Kuwait. 165 00:06:38,510 --> 00:06:40,820 He was pulled out of his ordinary work 166 00:06:40,820 --> 00:06:45,860 and put on a special team whose goal was to essentially nullify 167 00:06:45,860 --> 00:06:48,440 the Iraqi air defense system. 168 00:06:48,440 --> 00:06:50,480 And he spent eight months on this project 169 00:06:50,480 --> 00:06:53,705 and effectively had the rank of a two- or three-star general, 170 00:06:53,705 --> 00:06:55,580 and was getting everything he needed in terms 171 00:06:55,580 --> 00:06:56,663 of cooperation, of course. 172 00:06:56,663 --> 00:06:58,880 And he didn't say a lot about what he did 173 00:06:58,880 --> 00:07:01,280 or the details of that, but I think we all 174 00:07:01,280 --> 00:07:02,970 know that what happened in that war 175 00:07:02,970 --> 00:07:07,160 was astounding in a number of regards. 176 00:07:07,160 --> 00:07:10,160 Then in 1994, he retired from the NSA. 177 00:07:10,160 --> 00:07:14,750 He's now living up in Hanover next to our sister institution, 178 00:07:14,750 --> 00:07:17,090 Dartmouth, where he has an adjunct professorship. 179 00:07:17,090 --> 00:07:18,780 And he also has an adjunct professor 180 00:07:18,780 --> 00:07:20,630 at Cambridge University in England, 181 00:07:20,630 --> 00:07:24,837 so he goes back and visits there substantially as well. 182 00:07:24,837 --> 00:07:25,670 So he's retired now. 183 00:07:25,670 --> 00:07:27,200 He says he likes to split wood. 184 00:07:27,200 --> 00:07:29,890 I know he's interested in languages too. 185 00:07:29,890 --> 00:07:31,280 He speaks very many languages. 186 00:07:31,280 --> 00:07:34,530 I think if you came up and challenge him with languages, 187 00:07:34,530 --> 00:07:36,245 ask him questions on languages at the end 188 00:07:36,245 --> 00:07:37,880 or after the talk or something, he's 189 00:07:37,880 --> 00:07:41,030 probably better able to respond than anybody I know. 190 00:07:41,030 --> 00:07:42,770 He spends Tuesday afternoons at lunch, 191 00:07:42,770 --> 00:07:45,265 he tells me, reading the Bible in ancient Greek 192 00:07:45,265 --> 00:07:46,140 with a reading group. 193 00:07:46,140 --> 00:07:50,600 And so as usual, we like to ask our speakers 194 00:07:50,600 --> 00:07:55,580 to sum up their life experiences in an epigram to follow, 195 00:07:55,580 --> 00:07:58,940 and what kind of advice to give very young students. 196 00:07:58,940 --> 00:08:01,670 And after thinking, he said, if you're not having fun, 197 00:08:01,670 --> 00:08:03,420 you should be doing something else. 198 00:08:03,420 --> 00:08:06,683 And that actually makes a lot of other distinguished lectures 199 00:08:06,683 --> 00:08:07,350 [INAUDIBLE] too. 200 00:08:07,350 --> 00:08:08,150 You know, find your passion. 201 00:08:08,150 --> 00:08:08,670 Go after it. 202 00:08:08,670 --> 00:08:10,430 So without further ado, I am pleased to introduce 203 00:08:10,430 --> 00:08:10,940 Bob Morris. 204 00:08:10,940 --> 00:08:15,780 205 00:08:15,780 --> 00:08:16,590 That's a yes. 206 00:08:16,590 --> 00:08:23,100 207 00:08:23,100 --> 00:08:23,600 Oh. 208 00:08:23,600 --> 00:08:26,620 209 00:08:26,620 --> 00:08:27,700 Yeah, high tech. 210 00:08:27,700 --> 00:08:33,210 211 00:08:33,210 --> 00:08:39,090 In order to deliver what message I have, 212 00:08:39,090 --> 00:08:41,940 I actually have to change the way you think 213 00:08:41,940 --> 00:08:43,260 about some kinds of things. 214 00:08:43,260 --> 00:08:46,000 215 00:08:46,000 --> 00:08:51,070 And when we're finished-- 216 00:08:51,070 --> 00:08:52,820 well, when I'm finished talking and you're 217 00:08:52,820 --> 00:08:58,220 finished listening to me, we have to check back 218 00:08:58,220 --> 00:09:00,860 with these initial notions. 219 00:09:00,860 --> 00:09:05,150 I worked for an organization, NSA, 220 00:09:05,150 --> 00:09:07,700 which is characterized as being, let's 221 00:09:07,700 --> 00:09:15,940 say, somewhat paranoid, to which I can respond, 222 00:09:15,940 --> 00:09:17,948 just because you're paranoid doesn't mean 223 00:09:17,948 --> 00:09:19,240 the whole world is against you. 224 00:09:19,240 --> 00:09:22,930 225 00:09:22,930 --> 00:09:26,290 And even at NSA, I was considered, 226 00:09:26,290 --> 00:09:29,490 in that organization, unusually paranoid. 227 00:09:29,490 --> 00:09:33,190 [LAUGHTER] 228 00:09:33,190 --> 00:09:35,410 And let me give you some examples of this. 229 00:09:35,410 --> 00:09:38,200 230 00:09:38,200 --> 00:09:42,040 These are, by the way, random view graph 231 00:09:42,040 --> 00:09:45,340 that I'm putting up here with-- 232 00:09:45,340 --> 00:09:54,190 perhaps relevant but not necessarily very well ordered. 233 00:09:54,190 --> 00:09:57,400 I've given a talk on this subject 234 00:09:57,400 --> 00:10:01,360 to many groups in the past, some academic, 235 00:10:01,360 --> 00:10:04,690 as this is, some military, some God knows what. 236 00:10:04,690 --> 00:10:08,150 237 00:10:08,150 --> 00:10:12,510 But the best abstract of the talk that I've given 238 00:10:12,510 --> 00:10:17,800 is in, God help us, WIRED magazine. 239 00:10:17,800 --> 00:10:18,910 Is there no dignity? 240 00:10:18,910 --> 00:10:20,404 [LAUGHTER] 241 00:10:20,404 --> 00:10:23,392 [APPLAUSE] 242 00:10:23,392 --> 00:10:26,380 243 00:10:26,380 --> 00:10:30,310 But it's the March 1996 issue of WIRED magazine, 244 00:10:30,310 --> 00:10:34,368 and actually, if you care more about what I'm talking about, 245 00:10:34,368 --> 00:10:36,160 it's a good place to look for it because it 246 00:10:36,160 --> 00:10:40,300 is a very good and rather accurate 247 00:10:40,300 --> 00:10:43,450 summary of what I talked about at a talk I gave just 248 00:10:43,450 --> 00:10:45,670 over two years ago. 249 00:10:45,670 --> 00:10:48,490 And it also goes into some details 250 00:10:48,490 --> 00:10:50,740 of a conversation I had with Phil 251 00:10:50,740 --> 00:10:52,840 Zimmerman at that conference, and you 252 00:10:52,840 --> 00:10:55,510 can imagine, if you know the people involved, 253 00:10:55,510 --> 00:10:58,431 that that must have been a hell of an interesting conversation. 254 00:10:58,431 --> 00:11:03,350 255 00:11:03,350 --> 00:11:04,565 Now, paranoia. 256 00:11:04,565 --> 00:11:08,150 257 00:11:08,150 --> 00:11:12,300 This appears to be a telephone. 258 00:11:12,300 --> 00:11:18,390 This is commonly called a line cord and this the handset cord. 259 00:11:18,390 --> 00:11:21,030 I have to tell you in the strongest terms 260 00:11:21,030 --> 00:11:24,090 that I have different names for this. 261 00:11:24,090 --> 00:11:25,320 This is called an antenna. 262 00:11:25,320 --> 00:11:28,560 [LAUGHTER] 263 00:11:28,560 --> 00:11:30,180 This is also called an antenna. 264 00:11:30,180 --> 00:11:32,900 265 00:11:32,900 --> 00:11:36,020 Many people refer to this object as a microphone and this 266 00:11:36,020 --> 00:11:38,420 as an earphone. 267 00:11:38,420 --> 00:11:41,840 I think of this as a rather high-quality microphone 268 00:11:41,840 --> 00:11:45,020 and this as a rather low-quality microphone. 269 00:11:45,020 --> 00:11:48,350 270 00:11:48,350 --> 00:11:51,320 People think that I have a tendency of seeing microphones 271 00:11:51,320 --> 00:11:52,940 and antennas everywhere. 272 00:11:52,940 --> 00:11:54,830 [LAUGHTER] 273 00:11:54,830 --> 00:11:59,480 I do, and that habit is a necessary habit 274 00:11:59,480 --> 00:12:02,720 to be at all effective in the kind of job 275 00:12:02,720 --> 00:12:05,150 that I was doing in NSA. 276 00:12:05,150 --> 00:12:07,500 I was involved in-- 277 00:12:07,500 --> 00:12:10,340 I was the chief scientist of the section of NSA 278 00:12:10,340 --> 00:12:14,480 that deals with the protection of valuable or sensitive 279 00:12:14,480 --> 00:12:17,030 US information. 280 00:12:17,030 --> 00:12:19,640 And we did things like, there was 281 00:12:19,640 --> 00:12:22,850 a crew of young people who went over to the Pentagon, 282 00:12:22,850 --> 00:12:26,540 to the office of the Chairman of the Joint Chiefs, 283 00:12:26,540 --> 00:12:31,670 and looked at that office in great detail 284 00:12:31,670 --> 00:12:36,020 to assure themselves and others that there were not 285 00:12:36,020 --> 00:12:42,170 any undue number of bugs planted in his office. 286 00:12:42,170 --> 00:12:47,120 And they came to me many times for advice and help 287 00:12:47,120 --> 00:12:50,060 and consultation, and I recollect the day 288 00:12:50,060 --> 00:12:52,280 when they came back and pointed out to me 289 00:12:52,280 --> 00:12:55,820 that in the office of the Chairman of the Joint Chiefs, 290 00:12:55,820 --> 00:12:57,830 there was a bathroom. 291 00:12:57,830 --> 00:12:58,600 Oh my god. 292 00:12:58,600 --> 00:13:02,640 293 00:13:02,640 --> 00:13:05,040 One might have noticed in a bathroom 294 00:13:05,040 --> 00:13:10,290 that if somebody opens the door or closes 295 00:13:10,290 --> 00:13:13,650 the door of a bathroom, you look at a sink with water in it, 296 00:13:13,650 --> 00:13:15,150 or the toilet bowl, and you notice 297 00:13:15,150 --> 00:13:16,560 it actually changes level. 298 00:13:16,560 --> 00:13:20,790 I mean, there actually is some connection between air pressure 299 00:13:20,790 --> 00:13:23,460 waves and water pressure waves, and the fact 300 00:13:23,460 --> 00:13:25,050 that he had his own bathroom caused 301 00:13:25,050 --> 00:13:29,340 us more cost, time and expense than you would ordinarily 302 00:13:29,340 --> 00:13:29,970 believe. 303 00:13:29,970 --> 00:13:31,570 But that kind of thing does happen. 304 00:13:31,570 --> 00:13:32,100 It was. 305 00:13:32,100 --> 00:13:34,680 306 00:13:34,680 --> 00:13:36,030 More paranoia. 307 00:13:36,030 --> 00:13:38,730 Now, this is a building without an outside window, which 308 00:13:38,730 --> 00:13:41,730 means that I don't have a prop for the next thing 309 00:13:41,730 --> 00:13:46,500 I was going to talk about, but I might, with any luck-- 310 00:13:46,500 --> 00:13:47,670 Yeah, I do have some chalk. 311 00:13:47,670 --> 00:13:49,128 I probably even know how to use it. 312 00:13:49,128 --> 00:13:52,050 313 00:13:52,050 --> 00:13:53,180 Think of this as a window. 314 00:13:53,180 --> 00:13:56,270 315 00:13:56,270 --> 00:14:02,360 If you aim a laser beam from a distance-- 316 00:14:02,360 --> 00:14:07,520 and that distance can be quite long, like easily half a mile, 317 00:14:07,520 --> 00:14:09,680 probably more-- 318 00:14:09,680 --> 00:14:13,370 then that laser beam will illuminate objects 319 00:14:13,370 --> 00:14:16,010 in the window. 320 00:14:16,010 --> 00:14:17,030 This is very convenient. 321 00:14:17,030 --> 00:14:19,080 This is the best example. 322 00:14:19,080 --> 00:14:20,780 This, by the way, is going to turn out 323 00:14:20,780 --> 00:14:24,221 to be, no great surprise, a microphone. 324 00:14:24,221 --> 00:14:27,110 325 00:14:27,110 --> 00:14:29,790 You put it on the windowsill. 326 00:14:29,790 --> 00:14:33,180 Now, a laser beam coming in the window-- 327 00:14:33,180 --> 00:14:34,950 hits that, reflected back-- 328 00:14:34,950 --> 00:14:38,310 will be subject to ordinary Doppler shift 329 00:14:38,310 --> 00:14:40,050 changes of frequency. 330 00:14:40,050 --> 00:14:43,980 You can detect those very easily with very inexpensive 331 00:14:43,980 --> 00:14:47,070 equipment, and then with the laser 332 00:14:47,070 --> 00:14:49,770 beam aimed through the window at this, 333 00:14:49,770 --> 00:14:53,320 you can hear everything that is spoken in a room. 334 00:14:53,320 --> 00:14:56,560 If this had-- well, I wasn't set up to do that, 335 00:14:56,560 --> 00:14:58,590 but if this room had an outside window, 336 00:14:58,590 --> 00:15:00,930 it would be a very easy demonstration 337 00:15:00,930 --> 00:15:03,760 to show just how accurately this can be done, 338 00:15:03,760 --> 00:15:05,790 and it can be done with rather high quality. 339 00:15:05,790 --> 00:15:09,060 That's a high-quality microphone. 340 00:15:09,060 --> 00:15:10,260 Plastic is much better. 341 00:15:10,260 --> 00:15:13,050 The cardboard cups do a poor job. 342 00:15:13,050 --> 00:15:15,900 The plastic cups do a rather good job. 343 00:15:15,900 --> 00:15:19,050 344 00:15:19,050 --> 00:15:21,900 Now, I'm talking about the protection of information, 345 00:15:21,900 --> 00:15:24,510 and a couple of things that I need to-- 346 00:15:24,510 --> 00:15:28,500 347 00:15:28,500 --> 00:15:30,080 I had some notes here once. 348 00:15:30,080 --> 00:15:31,080 Well, it doesn't matter. 349 00:15:31,080 --> 00:15:36,470 350 00:15:36,470 --> 00:15:42,830 I ought to say a bit about what I view as valuable information. 351 00:15:42,830 --> 00:15:45,740 In the past, the valuable information 352 00:15:45,740 --> 00:15:47,690 that people most wanted to protect 353 00:15:47,690 --> 00:15:50,180 or most wanted to exploit were sort of 354 00:15:50,180 --> 00:15:56,210 both the same, were primarily military and diplomatic 355 00:15:56,210 --> 00:15:58,340 messages. 356 00:15:58,340 --> 00:16:01,220 In peacetime, you wanted to know what some foreign government 357 00:16:01,220 --> 00:16:02,510 was planning to do. 358 00:16:02,510 --> 00:16:06,800 Obvious the thing to do was to tap the ambassador's telephone. 359 00:16:06,800 --> 00:16:09,500 In wartime, you wanted to know what the military was planning 360 00:16:09,500 --> 00:16:13,340 to do, and so you would intercept, 361 00:16:13,340 --> 00:16:18,370 in World War I and II, their radio communications. 362 00:16:18,370 --> 00:16:20,510 Well, this is not new, then. 363 00:16:20,510 --> 00:16:23,150 I mean, you couldn't in the United States during the Civil 364 00:16:23,150 --> 00:16:28,520 War find any telegraph line anywhere in the country 365 00:16:28,520 --> 00:16:32,270 where there was fighting going on that didn't have taps on it. 366 00:16:32,270 --> 00:16:35,030 I mean, that was a really, really big deal 367 00:16:35,030 --> 00:16:37,130 during the Civil War. 368 00:16:37,130 --> 00:16:39,260 All telephone and telegraph lines-- 369 00:16:39,260 --> 00:16:41,570 in those days, it was telegraph, not telephone. 370 00:16:41,570 --> 00:16:44,300 They were all tapped, mostly encrypted 371 00:16:44,300 --> 00:16:46,460 or protected some way or another, 372 00:16:46,460 --> 00:16:47,980 but people got the messages. 373 00:16:47,980 --> 00:16:51,410 So it's nothing new, but military 374 00:16:51,410 --> 00:16:55,430 and diplomatic is sort of-- 375 00:16:55,430 --> 00:16:57,180 it's becoming a thing of the past. 376 00:16:57,180 --> 00:16:59,270 Not that it's less important, but other things 377 00:16:59,270 --> 00:17:02,700 are gaining importance to shift the balance. 378 00:17:02,700 --> 00:17:07,740 So currently, the most important information 379 00:17:07,740 --> 00:17:13,410 that's floating around is probably largely financial. 380 00:17:13,410 --> 00:17:16,770 Suppose that there is a good deal of money 381 00:17:16,770 --> 00:17:18,839 in some Swiss bank account, but it's 382 00:17:18,839 --> 00:17:23,369 the wrong account, like not yours, 383 00:17:23,369 --> 00:17:25,394 and you want to fix that. 384 00:17:25,394 --> 00:17:28,050 [LAUGHTER] 385 00:17:28,050 --> 00:17:31,810 Well, OK. 386 00:17:31,810 --> 00:17:34,990 That means that the people who are responsible for this system 387 00:17:34,990 --> 00:17:36,730 probably go to some lengths-- 388 00:17:36,730 --> 00:17:38,080 in fact, they do-- 389 00:17:38,080 --> 00:17:39,387 to protect the information. 390 00:17:39,387 --> 00:17:41,470 The people who want the money go to some lengths-- 391 00:17:41,470 --> 00:17:46,030 they do-- to extract the information 392 00:17:46,030 --> 00:17:51,160 and engage in various transfers of wealth 393 00:17:51,160 --> 00:17:53,720 from the wrong place to the right place. 394 00:17:53,720 --> 00:17:58,660 And there have been a number of very few of these incidents. 395 00:17:58,660 --> 00:18:02,810 About 5% are ever reported even to the police 396 00:18:02,810 --> 00:18:06,070 so that it is difficult to get a good measure of just how 397 00:18:06,070 --> 00:18:07,240 much of this is going on. 398 00:18:07,240 --> 00:18:09,100 There was a widely publicized event 399 00:18:09,100 --> 00:18:12,160 at Citibank a few years back. 400 00:18:12,160 --> 00:18:15,650 Others, even larger ones, have not become public, 401 00:18:15,650 --> 00:18:18,960 but they have in any case happened. 402 00:18:18,960 --> 00:18:21,590 So that's the present. 403 00:18:21,590 --> 00:18:24,950 I'll talk about ATMs in a minute. 404 00:18:24,950 --> 00:18:27,530 For the future, we're getting, I think, 405 00:18:27,530 --> 00:18:33,110 into a number of areas that are a bit different. 406 00:18:33,110 --> 00:18:35,900 Moving from financial to generally 407 00:18:35,900 --> 00:18:39,800 commercial transactions, the best 408 00:18:39,800 --> 00:18:43,310 figures I have, which are good and relatively recent, 409 00:18:43,310 --> 00:18:47,570 from people who run their businesses associated 410 00:18:47,570 --> 00:18:50,330 with the internet, so that somebody orders 411 00:18:50,330 --> 00:18:55,040 something on the internet and gets it shipped to them-- 412 00:18:55,040 --> 00:18:57,290 the percentage of transactions that turn out 413 00:18:57,290 --> 00:18:59,480 to be fraudulent fraudulent in the sense 414 00:18:59,480 --> 00:19:02,750 that the person does not intend to pay for what he's getting, 415 00:19:02,750 --> 00:19:05,170 is about 20%. 416 00:19:05,170 --> 00:19:06,250 Hey, that's low. 417 00:19:06,250 --> 00:19:09,280 Just wait. 418 00:19:09,280 --> 00:19:11,170 And so in the future, I think we are 419 00:19:11,170 --> 00:19:13,630 going to see more emphasis on privacy, 420 00:19:13,630 --> 00:19:17,680 more emphasis on commercial transactions, 421 00:19:17,680 --> 00:19:20,830 and these will shift the balance. 422 00:19:20,830 --> 00:19:25,460 If the World Wide Web turns out to be a big success, 423 00:19:25,460 --> 00:19:28,870 then this i going to vastly overweigh all 424 00:19:28,870 --> 00:19:30,640 of the other considerations. 425 00:19:30,640 --> 00:19:33,270 That hasn't happened yet, but likely, it will happen. 426 00:19:33,270 --> 00:19:41,310 427 00:19:41,310 --> 00:19:41,810 OK. 428 00:19:41,810 --> 00:19:44,680 429 00:19:44,680 --> 00:19:51,500 We've seen enough of this, but if you ask me, is cryptanalysis 430 00:19:51,500 --> 00:19:55,400 my my answer is, yes, it is. 431 00:19:55,400 --> 00:19:57,800 Sending things encrypted with weak codes 432 00:19:57,800 --> 00:20:02,000 puts you at considerable risk, and if you 433 00:20:02,000 --> 00:20:04,205 want to gather information using cryptanalysis, 434 00:20:04,205 --> 00:20:08,390 it is a method that pays off rather well. 435 00:20:08,390 --> 00:20:09,860 Is it the most important? 436 00:20:09,860 --> 00:20:12,930 No, it is not the most important. 437 00:20:12,930 --> 00:20:18,400 Within the past 20 or 30 years, the other four-- 438 00:20:18,400 --> 00:20:22,050 all of them begin with B, by the way-- 439 00:20:22,050 --> 00:20:24,510 burglary, blackmail and bribery have 440 00:20:24,510 --> 00:20:27,810 become much more important ways of gaining information 441 00:20:27,810 --> 00:20:29,640 for the best of all possible reasons. 442 00:20:29,640 --> 00:20:31,830 They're cheaper. 443 00:20:31,830 --> 00:20:34,500 Cryptanalysis costs a lot of money. 444 00:20:34,500 --> 00:20:38,400 And when you think in terms of encryption, 445 00:20:38,400 --> 00:20:41,460 don't keep thinking in terms of, oh, we can't use this code. 446 00:20:41,460 --> 00:20:42,390 It's been broken. 447 00:20:42,390 --> 00:20:43,630 Or go out and use that one. 448 00:20:43,630 --> 00:20:44,547 It hasn't been broken. 449 00:20:44,547 --> 00:20:48,170 That's not the way life is. 450 00:20:48,170 --> 00:20:52,970 People often ask me, can you read such and such code. 451 00:20:52,970 --> 00:20:58,000 The answer is always yes, but some are cheaper than others. 452 00:20:58,000 --> 00:21:00,390 Some are more expensive than others. 453 00:21:00,390 --> 00:21:02,540 It's a dumb answer to a dumb question. 454 00:21:02,540 --> 00:21:06,770 The core question was, can you afford to read that code, 455 00:21:06,770 --> 00:21:09,590 and the answer to that in many cases, 456 00:21:09,590 --> 00:21:12,890 yeah, we can read that code, but it costs so much. 457 00:21:12,890 --> 00:21:14,580 So think in those terms. 458 00:21:14,580 --> 00:21:17,120 And I sort of want to bend your brains a bit 459 00:21:17,120 --> 00:21:19,400 at this point to make sure that you understand 460 00:21:19,400 --> 00:21:23,990 that the intelligence area is very, very financially based, 461 00:21:23,990 --> 00:21:24,740 cost-based. 462 00:21:24,740 --> 00:21:27,320 463 00:21:27,320 --> 00:21:30,740 If you ask me a detailed question like how much would 464 00:21:30,740 --> 00:21:32,990 the Soviets-- 465 00:21:32,990 --> 00:21:35,210 well, I'm going back a few years. 466 00:21:35,210 --> 00:21:37,880 We're talking now about the former Soviet Union. 467 00:21:37,880 --> 00:21:40,070 How much would they be willing to pay 468 00:21:40,070 --> 00:21:45,290 to get a good, long-term wiretap on the president's telephone 469 00:21:45,290 --> 00:21:47,000 or on the ambassador's telephone? 470 00:21:47,000 --> 00:21:49,220 The answer is, a million dollars? 471 00:21:49,220 --> 00:21:49,943 Oh, yeah. 472 00:21:49,943 --> 00:21:51,860 They would be happy to get something like that 473 00:21:51,860 --> 00:21:53,050 for a million dollars. 474 00:21:53,050 --> 00:21:53,870 $10 million? 475 00:21:53,870 --> 00:21:55,710 Nah, that's a bit high. 476 00:21:55,710 --> 00:21:58,820 So that's the range we're working with. 477 00:21:58,820 --> 00:22:05,630 To get a good line on, well, the US ambassador to Moscow, 478 00:22:05,630 --> 00:22:08,690 it's something that they would spend a few million dollars, 479 00:22:08,690 --> 00:22:10,760 barely questioning the idea. 480 00:22:10,760 --> 00:22:12,150 So it is important. 481 00:22:12,150 --> 00:22:14,660 The other area-- people have been 482 00:22:14,660 --> 00:22:17,390 trying to work on me to change the wording of this a bit, 483 00:22:17,390 --> 00:22:20,850 but it remains the way it is, so it goes. 484 00:22:20,850 --> 00:22:26,330 It's become an important notion, unathorized modifications 485 00:22:26,330 --> 00:22:27,450 of equipment. 486 00:22:27,450 --> 00:22:30,050 It's very difficult to protect, for example, 487 00:22:30,050 --> 00:22:35,780 your cryptographic equipment at night from the cleaning lady. 488 00:22:35,780 --> 00:22:38,660 I mean, embassies and other military installations 489 00:22:38,660 --> 00:22:40,700 have cleaning ladies and janitors and things 490 00:22:40,700 --> 00:22:42,830 of that sort. 491 00:22:42,830 --> 00:22:47,270 That's unavoidable, and there is always the risk 492 00:22:47,270 --> 00:22:48,852 that your equipment will be modified 493 00:22:48,852 --> 00:22:49,810 without you knowing it. 494 00:22:49,810 --> 00:22:54,150 495 00:22:54,150 --> 00:22:58,097 So I put this up here, and it has become extremely important. 496 00:22:58,097 --> 00:23:03,180 497 00:23:03,180 --> 00:23:03,680 Why? 498 00:23:03,680 --> 00:23:04,610 Because it's cheap. 499 00:23:04,610 --> 00:23:13,020 500 00:23:13,020 --> 00:23:15,330 I should say a few things. 501 00:23:15,330 --> 00:23:18,030 I promised people that at the beginning of this talk-- 502 00:23:18,030 --> 00:23:20,280 and it's still the beginning of the talk-- 503 00:23:20,280 --> 00:23:24,330 that I would detail some subjects that either I 504 00:23:24,330 --> 00:23:29,040 don't talk about much or at all, or that you cannot expect me 505 00:23:29,040 --> 00:23:30,950 to tell the truth about. 506 00:23:30,950 --> 00:23:31,750 [LAUGHTER] 507 00:23:31,750 --> 00:23:34,080 I will detail those. 508 00:23:34,080 --> 00:23:37,860 You cannot expect me to tell the truth about the vulnerabilities 509 00:23:37,860 --> 00:23:41,490 of any cryptographic equipment, whether it's used by the US 510 00:23:41,490 --> 00:23:44,220 or our allies or by our opponents. 511 00:23:44,220 --> 00:23:46,860 I don't talk about the vulnerabilities 512 00:23:46,860 --> 00:23:48,570 of cryptographic equipment. 513 00:23:48,570 --> 00:23:51,990 My knowledge in that area is world class, 514 00:23:51,990 --> 00:23:54,780 so much so the NSA is not happy about me 515 00:23:54,780 --> 00:23:57,250 being loose on the streets. 516 00:23:57,250 --> 00:23:59,280 OK, that's one. 517 00:23:59,280 --> 00:24:03,160 Second, though I would tell the truth if I talked about it, 518 00:24:03,160 --> 00:24:04,980 I don't talk about cryptanalysis. 519 00:24:04,980 --> 00:24:08,070 That's mostly because even among the bunch of people here, 520 00:24:08,070 --> 00:24:10,020 it's basically none of your business. 521 00:24:10,020 --> 00:24:11,680 Cryptanalytic techniques? 522 00:24:11,680 --> 00:24:13,260 No. 523 00:24:13,260 --> 00:24:15,780 I'd be happy to help you with a newspaper cryptogram, 524 00:24:15,780 --> 00:24:17,650 show you an easier your way to solve them, 525 00:24:17,650 --> 00:24:19,067 but that's about as far as I'd go. 526 00:24:19,067 --> 00:24:22,300 527 00:24:22,300 --> 00:24:26,310 The third thing is, though, certain goings-on 528 00:24:26,310 --> 00:24:27,330 during the Gulf War. 529 00:24:27,330 --> 00:24:33,090 I was closer to the Gulf War than most honest civilians 530 00:24:33,090 --> 00:24:34,560 were. 531 00:24:34,560 --> 00:24:39,330 Ron started to talk about some of the aspects of that, 532 00:24:39,330 --> 00:24:43,050 but it got worse. 533 00:24:43,050 --> 00:24:46,760 Yeah, the worst day was the day when 534 00:24:46,760 --> 00:24:49,860 I went to the general counsel of NSA and said, 535 00:24:49,860 --> 00:24:53,090 Elizabeth, two or three people and I 536 00:24:53,090 --> 00:24:57,480 are planning to assassinate a foreign head of state. 537 00:24:57,480 --> 00:25:00,930 And she said, Bob. 538 00:25:00,930 --> 00:25:03,180 She was able to guess pretty rapidly which 539 00:25:03,180 --> 00:25:06,060 foreign head of state we had in mind, 540 00:25:06,060 --> 00:25:09,360 but still, it was not a part of the normal business 541 00:25:09,360 --> 00:25:14,100 of the National Security Agency to assassinate anyone, 542 00:25:14,100 --> 00:25:15,068 certainly-- 543 00:25:15,068 --> 00:25:17,972 [LAUGHTER] 544 00:25:17,972 --> 00:25:19,770 And certainly not foreign heads of state. 545 00:25:19,770 --> 00:25:24,850 546 00:25:24,850 --> 00:25:29,220 So I'm going to be talking to some degree 547 00:25:29,220 --> 00:25:33,330 about cryptographic protection and exploitation 548 00:25:33,330 --> 00:25:35,220 of encrypted things, but to a greater 549 00:25:35,220 --> 00:25:37,690 degree about the other aspects of it, 550 00:25:37,690 --> 00:25:39,550 because they are far more important. 551 00:25:39,550 --> 00:25:42,120 And I really mean to pound on that, 552 00:25:42,120 --> 00:25:46,620 but cryptanalysis is only one of the weaknesses of information 553 00:25:46,620 --> 00:25:48,090 that allows exploitation. 554 00:25:48,090 --> 00:25:53,590 The others really exist, more used, and are generally 555 00:25:53,590 --> 00:26:00,200 enough cheaper that are you don't try to use cryptanalysis 556 00:26:00,200 --> 00:26:02,890 on some system unless the other techniques have failed. 557 00:26:02,890 --> 00:26:06,360 558 00:26:06,360 --> 00:26:13,580 But if you're dealing with cryptanalysis, 559 00:26:13,580 --> 00:26:20,480 now, here are some of the things you need to think about, 560 00:26:20,480 --> 00:26:24,630 because I read in the press, all over the place, 561 00:26:24,630 --> 00:26:30,260 in fact, all of the discussion that goes on of people who 562 00:26:30,260 --> 00:26:33,050 say that such and such a scheme doesn't 563 00:26:33,050 --> 00:26:35,300 have a long enough key length. 564 00:26:35,300 --> 00:26:36,830 Only 40-bits. 565 00:26:36,830 --> 00:26:40,070 Ought to have 60 or 100 or some other number. 566 00:26:40,070 --> 00:26:44,300 And I hear a good deal of weeping and moaning 567 00:26:44,300 --> 00:26:50,610 about systems that have inadequate key length, to which 568 00:26:50,610 --> 00:26:54,330 part of my response is, what in the world difference 569 00:26:54,330 --> 00:26:58,110 does it make if you've got a 40-bit key or 60-bit key when 570 00:26:58,110 --> 00:27:01,060 I've already stolen the information? 571 00:27:01,060 --> 00:27:02,810 And that's real. 572 00:27:02,810 --> 00:27:06,100 I mean that, that a key length is 573 00:27:06,100 --> 00:27:09,310 just one factor of cryptographic systems 574 00:27:09,310 --> 00:27:10,540 that needs to be looked at. 575 00:27:10,540 --> 00:27:11,160 Important? 576 00:27:11,160 --> 00:27:12,460 Yes, it's important. 577 00:27:12,460 --> 00:27:13,420 Most important? 578 00:27:13,420 --> 00:27:15,850 Not by any means. 579 00:27:15,850 --> 00:27:18,820 Proper custody of cryptographic material is right there. 580 00:27:18,820 --> 00:27:21,700 581 00:27:21,700 --> 00:27:24,190 If one of your employees is peddling this stuff 582 00:27:24,190 --> 00:27:30,790 to the Soviet Union, that's not proper custody. 583 00:27:30,790 --> 00:27:35,500 The name Walker and Whitworth should ring a bell. 584 00:27:35,500 --> 00:27:38,035 That was basically a family operation. 585 00:27:38,035 --> 00:27:40,330 That's the American use of the word "family," 586 00:27:40,330 --> 00:27:41,905 not the Sicilian use. 587 00:27:41,905 --> 00:27:47,020 [LAUGHTER] 588 00:27:47,020 --> 00:27:50,380 Who were peddling US Navy key material 589 00:27:50,380 --> 00:27:53,320 to the Soviets for 12 years before they got caught. 590 00:27:53,320 --> 00:27:56,770 They got caught in the early, early 1980s, 591 00:27:56,770 --> 00:28:00,700 and most of them at this point are in jail 592 00:28:00,700 --> 00:28:03,580 under relatively uncomfortable situations. 593 00:28:03,580 --> 00:28:05,770 So it's not a good idea, but still, we 594 00:28:05,770 --> 00:28:08,350 had a tremendous loss of information 595 00:28:08,350 --> 00:28:13,150 over that period of time because the cryptographic material that 596 00:28:13,150 --> 00:28:15,850 was being used was also being sold to the Soviets, 597 00:28:15,850 --> 00:28:20,610 and that's not the way to do business. 598 00:28:20,610 --> 00:28:23,325 Now, choice in distribution of keys. 599 00:28:23,325 --> 00:28:26,480 600 00:28:26,480 --> 00:28:31,610 I don't see this much directly in terms of encryption keys. 601 00:28:31,610 --> 00:28:37,250 I do see it in terms of login passwords on like Unix systems 602 00:28:37,250 --> 00:28:41,450 and systems like it that require a password before you log in. 603 00:28:41,450 --> 00:28:46,170 You find on that in many cases, in too many cases, 604 00:28:46,170 --> 00:28:48,140 people are using names of girlfriends, 605 00:28:48,140 --> 00:28:51,650 names of dogs and things like that for passwords. 606 00:28:51,650 --> 00:28:58,510 So if I know Ron's wife's name and his dog's name, 607 00:28:58,510 --> 00:29:01,546 I'm halfway there. 608 00:29:01,546 --> 00:29:04,680 I mean, he will claim that his password-- 609 00:29:04,680 --> 00:29:05,180 [INAUDIBLE] 610 00:29:05,180 --> 00:29:05,710 Blind. 611 00:29:05,710 --> 00:29:07,323 OK, that's good. 612 00:29:07,323 --> 00:29:14,430 [LAUGHTER] 613 00:29:14,430 --> 00:29:17,430 Actually, I got a percentage of that, a paper 614 00:29:17,430 --> 00:29:22,170 that I published in the late 1970s 615 00:29:22,170 --> 00:29:27,600 where we came to the conclusion that about 5% of all passwords 616 00:29:27,600 --> 00:29:28,830 were names of dogs. 617 00:29:28,830 --> 00:29:32,150 618 00:29:32,150 --> 00:29:35,443 Still, nothing much I can do except just 619 00:29:35,443 --> 00:29:36,860 to keep pointing to it and saying, 620 00:29:36,860 --> 00:29:38,910 actually, it is important. 621 00:29:38,910 --> 00:29:42,632 And if you let users pick encryption keys, 622 00:29:42,632 --> 00:29:43,340 you had a patrol. 623 00:29:43,340 --> 00:29:45,960 624 00:29:45,960 --> 00:29:48,850 This happened in some ways which were quite publicized 625 00:29:48,850 --> 00:29:50,200 during World War II. 626 00:29:50,200 --> 00:29:52,080 Adequate key space. 627 00:29:52,080 --> 00:29:56,700 40 bits is a fairly small key, and you want something bigger 628 00:29:56,700 --> 00:29:59,770 than that, but it is only one of a number of factors. 629 00:29:59,770 --> 00:30:01,980 Another thing which is quite important people don't 630 00:30:01,980 --> 00:30:07,410 pay much attention to is that that text 631 00:30:07,410 --> 00:30:12,280 that you're trying to produce is typically awfully predictable-- 632 00:30:12,280 --> 00:30:17,620 ASCII characters, perhaps, where the letters come together 633 00:30:17,620 --> 00:30:20,710 to make words and the words come together to make sentences. 634 00:30:20,710 --> 00:30:23,500 If you reduce that predictability-- 635 00:30:23,500 --> 00:30:26,110 and any good compression scheme will, 636 00:30:26,110 --> 00:30:28,540 and the better the compression is 637 00:30:28,540 --> 00:30:31,698 the better this works to help cryptography-- 638 00:30:31,698 --> 00:30:34,630 639 00:30:34,630 --> 00:30:37,060 it's a useful thing, fairly cheap, 640 00:30:37,060 --> 00:30:40,660 and it may have even other advantages that might help. 641 00:30:40,660 --> 00:30:45,220 You compress first and then encrypt, 642 00:30:45,220 --> 00:30:49,120 and this actually makes it more difficult to decrypt text. 643 00:30:49,120 --> 00:30:51,400 Now, when I say system design where 644 00:30:51,400 --> 00:30:55,720 the entire key participates in each encryption operation. 645 00:30:55,720 --> 00:30:58,660 I'm reminded of newspaper cryptograms 646 00:30:58,660 --> 00:31:03,270 where all you have is some permutation of the alphabet. 647 00:31:03,270 --> 00:31:05,650 A turns into X every time A appears, 648 00:31:05,650 --> 00:31:09,490 and B turns into V every time it appears. 649 00:31:09,490 --> 00:31:11,920 It was just a permutation. 650 00:31:11,920 --> 00:31:15,340 Now, in that case, you've got a key length 651 00:31:15,340 --> 00:31:18,400 which is absolutely enormous. 652 00:31:18,400 --> 00:31:20,080 Anybody that wants to work out what 653 00:31:20,080 --> 00:31:24,220 is 26 factorial, that's the number of possible keys 654 00:31:24,220 --> 00:31:25,360 for the scheme. 655 00:31:25,360 --> 00:31:29,470 And newspaper cryptograms choose a key, one key out 656 00:31:29,470 --> 00:31:32,320 of 26 factorial possible ones. 657 00:31:32,320 --> 00:31:36,520 But the entire key does not participate in each encryption 658 00:31:36,520 --> 00:31:37,720 operation. 659 00:31:37,720 --> 00:31:39,200 It's quite the reverse of that. 660 00:31:39,200 --> 00:31:40,700 So as a matter of fact, all you need 661 00:31:40,700 --> 00:31:44,860 is something on the order of 6, 8, 10 words 662 00:31:44,860 --> 00:31:47,710 to be able to come up with and know 663 00:31:47,710 --> 00:31:53,720 you've come up with the plain text of the message. 664 00:31:53,720 --> 00:31:57,590 By the way, I'm a very experienced and very relaxed 665 00:31:57,590 --> 00:31:58,370 speaker. 666 00:31:58,370 --> 00:32:02,340 And I welcome questions, complaints, whatever. 667 00:32:02,340 --> 00:32:04,370 The more interaction, in fact, the better. 668 00:32:04,370 --> 00:32:08,310 If anybody wants to say something, just say it. 669 00:32:08,310 --> 00:32:16,220 670 00:32:16,220 --> 00:32:17,630 That's purely cryptographic. 671 00:32:17,630 --> 00:32:21,350 But it's only part of the story because cryptography is only 672 00:32:21,350 --> 00:32:22,150 part of the story. 673 00:32:22,150 --> 00:32:32,545 674 00:32:32,545 --> 00:32:35,350 This gets into a number of things-- 675 00:32:35,350 --> 00:32:41,380 carelessness-- important in many cases, 676 00:32:41,380 --> 00:32:43,530 you find that if you want some information, 677 00:32:43,530 --> 00:32:45,900 you don't need to do cryptanalysis. 678 00:32:45,900 --> 00:32:49,290 You just go in the back of the organization's parking lot 679 00:32:49,290 --> 00:32:51,810 and pick the stuff you want out of the garbage can, which 680 00:32:51,810 --> 00:32:53,460 is where it got thrown. 681 00:32:53,460 --> 00:32:54,810 And it shouldn't happen. 682 00:32:54,810 --> 00:32:56,280 But it does happen. 683 00:32:56,280 --> 00:33:01,550 Overconfidence-- well, overconfidence probably 684 00:33:01,550 --> 00:33:04,910 reached its peak during World War II 685 00:33:04,910 --> 00:33:09,620 when the Germans had this encryption machine called 686 00:33:09,620 --> 00:33:10,730 Enigma. 687 00:33:10,730 --> 00:33:13,970 And they thought, hey, it was designed by a German. 688 00:33:13,970 --> 00:33:17,722 689 00:33:17,722 --> 00:33:22,880 By the way, who speaks fluent German here? 690 00:33:22,880 --> 00:33:24,776 One, two. 691 00:33:24,776 --> 00:33:26,230 Yeah, OK. 692 00:33:26,230 --> 00:33:29,460 Oh, I'll apologize in advance. 693 00:33:29,460 --> 00:33:32,520 Probably I'll write some things in German, some of which 694 00:33:32,520 --> 00:33:34,380 will be misspelled, and some of which 695 00:33:34,380 --> 00:33:36,120 will not be politically correct. 696 00:33:36,120 --> 00:33:37,380 But you'll understand that. 697 00:33:37,380 --> 00:33:41,110 698 00:33:41,110 --> 00:33:44,770 One of the things that came out of World War II that provided 699 00:33:44,770 --> 00:33:49,240 a long-term lesson for the Allies 700 00:33:49,240 --> 00:33:55,440 was that the Germans drastically underestimated the time, money, 701 00:33:55,440 --> 00:34:02,230 expense that the Allies would put into decrypting the Enigma 702 00:34:02,230 --> 00:34:03,370 traffic. 703 00:34:03,370 --> 00:34:06,350 They totally underestimated that. 704 00:34:06,350 --> 00:34:10,790 And since then, a good deal of attention has gone-- 705 00:34:10,790 --> 00:34:13,060 and they set up committees several times 706 00:34:13,060 --> 00:34:18,070 during the war to reassess the Enigma encryption scheme. 707 00:34:18,070 --> 00:34:23,630 And the answer always came back from these committees 708 00:34:23,630 --> 00:34:26,480 that everything was fine. 709 00:34:26,480 --> 00:34:30,409 It's just too many possibilities here 710 00:34:30,409 --> 00:34:32,150 for anyone to get in any trouble. 711 00:34:32,150 --> 00:34:35,000 All the time, the Allies were reading them. 712 00:34:35,000 --> 00:34:36,830 It makes you wonder about committees. 713 00:34:36,830 --> 00:34:37,330 Sir? 714 00:34:37,330 --> 00:34:39,030 It makes you wonder about committees. 715 00:34:39,030 --> 00:34:39,860 Yes. 716 00:34:39,860 --> 00:34:42,260 In David Cohen's book, David Cohen 717 00:34:42,260 --> 00:34:45,739 talks about those committees in some detail. 718 00:34:45,739 --> 00:34:48,710 But hey, the machine was designed by a German. 719 00:34:48,710 --> 00:34:53,320 720 00:34:53,320 --> 00:34:57,280 But that overconfidence can really kill you. 721 00:34:57,280 --> 00:34:59,950 And in many cases, people nowadays 722 00:34:59,950 --> 00:35:03,490 are using, on the internet and on the world wide web, 723 00:35:03,490 --> 00:35:06,580 encryption schemes which are plainly too weak to do 724 00:35:06,580 --> 00:35:07,870 the job that needs to be done. 725 00:35:07,870 --> 00:35:11,720 726 00:35:11,720 --> 00:35:17,630 Information is most often lost by theft or purchase. 727 00:35:17,630 --> 00:35:23,420 Most inside jobs-- now, I have in my pocket a floppy-- 728 00:35:23,420 --> 00:35:25,880 not a floppy disks, what do you call those guys? 729 00:35:25,880 --> 00:35:32,030 A CD that is enough to contain the whole Encyclopedia 730 00:35:32,030 --> 00:35:33,470 Britannica. 731 00:35:33,470 --> 00:35:35,760 It's a lot of information. 732 00:35:35,760 --> 00:35:38,030 And if I walk out the door, no one's 733 00:35:38,030 --> 00:35:40,580 going to know that I have one of these in my pocket. 734 00:35:40,580 --> 00:35:42,170 And that's true at any installation, 735 00:35:42,170 --> 00:35:44,410 whether it's diplomatic, or military, or whatever. 736 00:35:44,410 --> 00:35:47,380 737 00:35:47,380 --> 00:35:52,570 Information just gets packaged into tiny forms. 738 00:35:52,570 --> 00:35:58,400 It started with floppy disks and went from there to CDs. 739 00:35:58,400 --> 00:36:01,800 740 00:36:01,800 --> 00:36:04,290 Most jobs are, in fact, inside jobs 741 00:36:04,290 --> 00:36:05,760 or have an inside component. 742 00:36:05,760 --> 00:36:10,320 I mentioned [INAUDIBLE] before, but it keeps coming up. 743 00:36:10,320 --> 00:36:14,670 And these two-- microphones are everywhere, 744 00:36:14,670 --> 00:36:18,090 and antennas are everywhere. 745 00:36:18,090 --> 00:36:23,490 Just again reflects my paranoia about that sort of thing. 746 00:36:23,490 --> 00:36:28,110 But that paranoia tends to be very global. 747 00:36:28,110 --> 00:36:31,590 I mean, suppose I'm at a military base working 748 00:36:31,590 --> 00:36:32,910 in a military base. 749 00:36:32,910 --> 00:36:37,350 And a piece of cryptographic equipment that we ordered 750 00:36:37,350 --> 00:36:40,440 arrives on the loading dock, perfectly good 751 00:36:40,440 --> 00:36:45,240 KG84 encryption machine that we ordered. 752 00:36:45,240 --> 00:36:47,940 And hey, it arrived. 753 00:36:47,940 --> 00:36:53,430 My attitude towards it is, even though it says KG84 on it 754 00:36:53,430 --> 00:36:57,390 and it looks like KG84, it looks like the last KG84 that I saw, 755 00:36:57,390 --> 00:36:59,670 what is it? 756 00:36:59,670 --> 00:37:01,970 How did it get here? 757 00:37:01,970 --> 00:37:04,680 Who sent it here? 758 00:37:04,680 --> 00:37:08,700 What were the motives of whoever sent it here? 759 00:37:08,700 --> 00:37:14,820 Now, there we've crossed the line into clinical paranoia. 760 00:37:14,820 --> 00:37:17,862 But that is still the way that I think about such a thing 761 00:37:17,862 --> 00:37:20,070 and that I recommend that others think about a thing. 762 00:37:20,070 --> 00:37:23,970 You need to carry paranoia about to that point. 763 00:37:23,970 --> 00:37:26,400 For the last several years I was in NSA, 764 00:37:26,400 --> 00:37:29,730 I was one of the roadblocks in the development 765 00:37:29,730 --> 00:37:33,390 and design of new US cryptographic equipment. 766 00:37:33,390 --> 00:37:36,270 And I would get, every few months, 767 00:37:36,270 --> 00:37:39,150 about any project that was under development design 768 00:37:39,150 --> 00:37:43,620 a briefing by the designers as to the details of what 769 00:37:43,620 --> 00:37:45,420 it was they were designing. 770 00:37:45,420 --> 00:37:48,010 And we would have these conversations 771 00:37:48,010 --> 00:37:55,250 that went like, well, is your machine resistant to this sort 772 00:37:55,250 --> 00:37:56,225 of attack. 773 00:37:56,225 --> 00:37:59,590 The response was, oh, no one would ever do that. 774 00:37:59,590 --> 00:38:02,540 Uh huh. 775 00:38:02,540 --> 00:38:04,340 Well, you need to get on my side. 776 00:38:04,340 --> 00:38:06,050 You need to get on the paranoid side 777 00:38:06,050 --> 00:38:08,150 that indeed no one would ever do that, sure. 778 00:38:08,150 --> 00:38:21,110 779 00:38:21,110 --> 00:38:23,210 I've run out of new graphs at probably 780 00:38:23,210 --> 00:38:28,400 just the right time because this is part of the important-- 781 00:38:28,400 --> 00:38:33,375 the most important of the things I have to address. 782 00:38:33,375 --> 00:38:35,910 783 00:38:35,910 --> 00:38:36,810 But I'll leave it up. 784 00:38:36,810 --> 00:38:39,477 Might as well stare at it. 785 00:38:39,477 --> 00:38:48,530 786 00:38:48,530 --> 00:38:49,030 OK. 787 00:38:49,030 --> 00:38:52,000 So World War II had a number of effects 788 00:38:52,000 --> 00:38:57,670 on protection of information that are old but still valid 789 00:38:57,670 --> 00:39:00,070 in very many important ways. 790 00:39:00,070 --> 00:39:03,470 791 00:39:03,470 --> 00:39:08,500 Certainly, this kind of thing is an important part of it. 792 00:39:08,500 --> 00:39:12,340 793 00:39:12,340 --> 00:39:17,110 And the overconfidence probably was the most important 794 00:39:17,110 --> 00:39:20,680 negative aspect of the way people 795 00:39:20,680 --> 00:39:22,660 thought about protection of information 796 00:39:22,660 --> 00:39:29,400 and actually did the protection. 797 00:39:29,400 --> 00:39:37,100 First off was loss of machines. 798 00:39:37,100 --> 00:39:40,500 During the war-- 799 00:39:40,500 --> 00:39:41,970 I'm talking about World War II. 800 00:39:41,970 --> 00:39:45,760 And I'm talking about the war that began in 1939. 801 00:39:45,760 --> 00:39:46,380 Remember that. 802 00:39:46,380 --> 00:39:47,940 Don't think about Pearl Harbor. 803 00:39:47,940 --> 00:39:52,380 Think about the actual war, which began in 1939. 804 00:39:52,380 --> 00:39:58,230 The Germans lost quite a few Enigmas that were currently 805 00:39:58,230 --> 00:40:01,410 in use to send messages. 806 00:40:01,410 --> 00:40:05,458 Lost them, that's a dishonest way of putting. 807 00:40:05,458 --> 00:40:07,500 We stole a large number of them from the Germans. 808 00:40:07,500 --> 00:40:13,376 809 00:40:13,376 --> 00:40:16,570 And as happens fairly often, the Germans 810 00:40:16,570 --> 00:40:22,030 changed the internal wiring of the Enigma machine. 811 00:40:22,030 --> 00:40:24,700 It made it very difficult-- and by difficult, 812 00:40:24,700 --> 00:40:26,200 I mean expensive-- 813 00:40:26,200 --> 00:40:31,150 for us to continue cryptanalysis with the modified Enigma. 814 00:40:31,150 --> 00:40:35,320 And what we would do-- we knew that the Germans, 815 00:40:35,320 --> 00:40:38,140 in order to get decent weather forecasting, 816 00:40:38,140 --> 00:40:39,880 stationed a whole bunch of-- 817 00:40:39,880 --> 00:40:43,390 well, not a whole bunch, a few, two or three-- 818 00:40:43,390 --> 00:40:47,020 ships in the Atlantic, Central Atlantic, 819 00:40:47,020 --> 00:40:50,260 to get them reasonable weather forecasts 820 00:40:50,260 --> 00:40:54,430 of Germany a few days later. 821 00:40:54,430 --> 00:40:59,110 Those ships had up-to-date Enigmas on board 822 00:40:59,110 --> 00:41:02,440 and have the keying material for them. 823 00:41:02,440 --> 00:41:07,630 We would send out a Naval vessel to basically demolish 824 00:41:07,630 --> 00:41:10,960 that weather ship, sink if necessary, 825 00:41:10,960 --> 00:41:13,600 and steal the Enigma and the key material 826 00:41:13,600 --> 00:41:16,327 from it, which would typically make 827 00:41:16,327 --> 00:41:18,410 all everything happy for another couple of months. 828 00:41:18,410 --> 00:41:20,020 We did that constantly during the war. 829 00:41:20,020 --> 00:41:23,430 830 00:41:23,430 --> 00:41:28,500 I remember sitting at dinner with the Brit who 831 00:41:28,500 --> 00:41:31,110 was actually responsible for sending those things up. 832 00:41:31,110 --> 00:41:34,640 And I said, you're morally bankrupt. 833 00:41:34,640 --> 00:41:36,210 He smiled and said, you bet. 834 00:41:36,210 --> 00:41:40,180 835 00:41:40,180 --> 00:41:43,300 So there was a lot of loss of machines, 836 00:41:43,300 --> 00:41:47,740 whereas the Brits had actually a machine which 837 00:41:47,740 --> 00:41:50,230 was very similar to the Enigma. 838 00:41:50,230 --> 00:41:51,460 It had a different name. 839 00:41:51,460 --> 00:41:52,810 It was called Typex. 840 00:41:52,810 --> 00:41:57,700 And I don't know whether or not they lost any during the war. 841 00:41:57,700 --> 00:41:59,050 I believe they did not. 842 00:41:59,050 --> 00:42:01,550 The US had also a very small machine, 843 00:42:01,550 --> 00:42:06,370 which was called the SIGABA, which 844 00:42:06,370 --> 00:42:10,030 one can be quite certain we did not lose any during the war, 845 00:42:10,030 --> 00:42:13,090 did not lose custody of a single one through the war. 846 00:42:13,090 --> 00:42:15,730 And that provided a great deal in protection. 847 00:42:15,730 --> 00:42:19,750 Codes using the American machine were never read during the war. 848 00:42:19,750 --> 00:42:22,630 And to a large extent, that was because we 849 00:42:22,630 --> 00:42:24,280 didn't lose track of them. 850 00:42:24,280 --> 00:42:27,040 851 00:42:27,040 --> 00:42:38,650 Now, some habits of the German signal authorities 852 00:42:38,650 --> 00:42:40,450 were a bit unfortunate. 853 00:42:40,450 --> 00:42:44,960 854 00:42:44,960 --> 00:42:48,920 For example, for most of the war, 855 00:42:48,920 --> 00:42:52,980 every German military message began with the three letters 856 00:42:52,980 --> 00:42:53,480 ANX. 857 00:42:53,480 --> 00:42:57,980 858 00:42:57,980 --> 00:42:58,520 Why? 859 00:42:58,520 --> 00:43:00,710 Well, I'm not going to teach you much German. 860 00:43:00,710 --> 00:43:03,410 But this is just a way you would normally 861 00:43:03,410 --> 00:43:05,450 expect a message to begin. 862 00:43:05,450 --> 00:43:07,400 The X stands for space. 863 00:43:07,400 --> 00:43:11,540 It just says to somebody, and who cares. 864 00:43:11,540 --> 00:43:18,290 But having the message begin with a known set of characters 865 00:43:18,290 --> 00:43:21,770 is just asking for trouble because when 866 00:43:21,770 --> 00:43:24,500 you get into key search now, you can speed the thing up 867 00:43:24,500 --> 00:43:31,740 enormously by knowing that the message begins 868 00:43:31,740 --> 00:43:32,610 with these letters. 869 00:43:32,610 --> 00:43:34,230 This was changed later in the war. 870 00:43:34,230 --> 00:43:36,400 But for the first two or three years of the war, 871 00:43:36,400 --> 00:43:37,470 this was always used. 872 00:43:37,470 --> 00:43:42,300 Another habit which the Allies found very useful 873 00:43:42,300 --> 00:43:46,750 was the habit of, particularly with a high ranking 874 00:43:46,750 --> 00:43:50,460 and important officer, never abbreviating 875 00:43:50,460 --> 00:43:51,645 his name or position. 876 00:43:51,645 --> 00:43:54,360 877 00:43:54,360 --> 00:43:59,580 And that's combined with a particular characteristic 878 00:43:59,580 --> 00:44:05,760 of the Enigma that-- 879 00:44:05,760 --> 00:44:07,380 it doesn't seem very important. 880 00:44:07,380 --> 00:44:10,080 But it never encrypted a character 881 00:44:10,080 --> 00:44:11,640 into the same character. 882 00:44:11,640 --> 00:44:13,920 If the plain text character was A, 883 00:44:13,920 --> 00:44:16,890 the ciphertext character was never A. 884 00:44:16,890 --> 00:44:22,260 Now, that means that after you get a few dozen characters 885 00:44:22,260 --> 00:44:25,800 and you have a suspected text might have appeared 886 00:44:25,800 --> 00:44:27,630 in the plain text, you will simply 887 00:44:27,630 --> 00:44:30,990 run it through until you don't get any letter going 888 00:44:30,990 --> 00:44:34,150 into the same letter and with some probability, which 889 00:44:34,150 --> 00:44:38,670 I can compute, place that text. 890 00:44:38,670 --> 00:44:42,090 Now, the kind of thing that would happen would be-- 891 00:44:42,090 --> 00:44:44,340 I'm going to write down the beginning of a message 892 00:44:44,340 --> 00:44:46,020 to a very high ranking officer. 893 00:44:46,020 --> 00:44:49,320 And here, I will have both the misspelling 894 00:44:49,320 --> 00:44:51,120 and the politically incorrect material 895 00:44:51,120 --> 00:44:52,200 that I spoke of earlier. 896 00:44:52,200 --> 00:44:55,040 897 00:44:55,040 --> 00:44:59,055 ANX, that's just to, to somebody. 898 00:44:59,055 --> 00:45:05,300 899 00:45:05,300 --> 00:45:10,760 I'm going to write the rank of a very high ranking SS officer, 900 00:45:10,760 --> 00:45:12,650 partly just so you see how long it is. 901 00:45:12,650 --> 00:45:24,680 902 00:45:24,680 --> 00:45:25,340 Oh, hey. 903 00:45:25,340 --> 00:45:30,640 904 00:45:30,640 --> 00:45:31,360 That's the title. 905 00:45:31,360 --> 00:45:34,450 906 00:45:34,450 --> 00:45:36,575 By the way, did I spell it incorrectly? 907 00:45:36,575 --> 00:45:37,640 That's correct. 908 00:45:37,640 --> 00:45:38,320 That is correct? 909 00:45:38,320 --> 00:45:38,820 Yeah. 910 00:45:38,820 --> 00:45:40,010 OK, fine. 911 00:45:40,010 --> 00:45:44,260 Other people have not been sure whether they should be HN. 912 00:45:44,260 --> 00:45:45,906 I believe this is correct. 913 00:45:45,906 --> 00:45:46,860 [INAUDIBLE] 914 00:45:46,860 --> 00:45:48,180 Yeah. 915 00:45:48,180 --> 00:45:50,760 But that's not the end of it because you would never 916 00:45:50,760 --> 00:45:52,860 omit or abbreviate his name. 917 00:45:52,860 --> 00:45:55,740 It just would not be a habit that would ever occur 918 00:45:55,740 --> 00:45:57,008 in the German signal service. 919 00:45:57,008 --> 00:45:58,800 So we have to continue with the guy's name. 920 00:45:58,800 --> 00:46:03,410 921 00:46:03,410 --> 00:46:05,660 And this will go on forever. 922 00:46:05,660 --> 00:46:19,070 923 00:46:19,070 --> 00:46:20,660 And I'm not exaggerating. 924 00:46:20,660 --> 00:46:24,170 This kind of thing at these lengths actually occurred. 925 00:46:24,170 --> 00:46:26,785 926 00:46:26,785 --> 00:46:28,160 I haven't gotten to his name yet. 927 00:46:28,160 --> 00:46:38,700 928 00:46:38,700 --> 00:46:42,913 And now, well, for the Germans, the apologies 929 00:46:42,913 --> 00:46:43,830 apply here, of course. 930 00:46:43,830 --> 00:46:47,690 931 00:46:47,690 --> 00:46:49,255 Pardon? 932 00:46:49,255 --> 00:46:50,030 [INAUDIBLE] 933 00:46:50,030 --> 00:46:50,530 Oh. 934 00:46:50,530 --> 00:46:53,770 This is not particularly untypical. 935 00:46:53,770 --> 00:46:58,370 This kind of thing happened in actual messages all the time. 936 00:46:58,370 --> 00:47:00,340 And when you have the-- 937 00:47:00,340 --> 00:47:02,800 and with a high ranking like this, 938 00:47:02,800 --> 00:47:06,070 you knew he was traveling around, planning 939 00:47:06,070 --> 00:47:07,240 to visit North Africa. 940 00:47:07,240 --> 00:47:10,750 You could be absolutely sure that his name and title, not 941 00:47:10,750 --> 00:47:15,070 abbreviated, would occur in a message where he was going. 942 00:47:15,070 --> 00:47:18,280 So you knew that this was highly likely to appear. 943 00:47:18,280 --> 00:47:20,680 So you could put this as a probable text 944 00:47:20,680 --> 00:47:22,240 against the encrypted text. 945 00:47:22,240 --> 00:47:26,950 And it meant that key search became almost a triviality 946 00:47:26,950 --> 00:47:29,240 once you knew that kind of thing. 947 00:47:29,240 --> 00:47:31,060 The other kinds of things which would 948 00:47:31,060 --> 00:47:34,510 be sigma carelessness of one kind or another 949 00:47:34,510 --> 00:47:39,220 that some German unit that had an Enigma 950 00:47:39,220 --> 00:47:42,280 and was not doing anything of the slightest importance 951 00:47:42,280 --> 00:47:45,910 was ordered to report every day. 952 00:47:45,910 --> 00:47:47,500 OK, they reported every day. 953 00:47:47,500 --> 00:48:03,570 954 00:48:03,570 --> 00:48:06,870 And that's the precise German that would, in fact, be 955 00:48:06,870 --> 00:48:10,140 used to say, nothing to report. 956 00:48:10,140 --> 00:48:14,610 And there was one unit that throughout the war dependably, 957 00:48:14,610 --> 00:48:17,100 every day nothing to report. 958 00:48:17,100 --> 00:48:20,130 959 00:48:20,130 --> 00:48:21,360 OK. 960 00:48:21,360 --> 00:48:24,120 But don't imagine the Germans were dumb or dumber 961 00:48:24,120 --> 00:48:25,890 than others. 962 00:48:25,890 --> 00:48:27,120 The Allies were dumber. 963 00:48:27,120 --> 00:48:30,560 And the dumbest was the US. 964 00:48:30,560 --> 00:48:37,220 And the use of a code in World War II that the Brits knew 965 00:48:37,220 --> 00:48:41,610 had been read by the Germans during World War I, Admiralty 966 00:48:41,610 --> 00:48:42,110 Cipher. 967 00:48:42,110 --> 00:48:46,190 968 00:48:46,190 --> 00:48:48,320 I have a copy that I didn't bring. 969 00:48:48,320 --> 00:48:50,930 It's called Admiralty Cipher Number 2. 970 00:48:50,930 --> 00:48:52,765 I keep it because if there's another war, 971 00:48:52,765 --> 00:48:53,765 it might come in useful. 972 00:48:53,765 --> 00:49:03,460 973 00:49:03,460 --> 00:49:07,810 So that kind of thing goes under the general category 974 00:49:07,810 --> 00:49:12,550 of carelessness, which it is, inappropriate procedures, 975 00:49:12,550 --> 00:49:14,650 the predictability. 976 00:49:14,650 --> 00:49:16,960 The cases where identical messages were 977 00:49:16,960 --> 00:49:19,330 sent over different systems-- 978 00:49:19,330 --> 00:49:23,350 what used to happen as regularly as clockwork 979 00:49:23,350 --> 00:49:25,600 is that the German military would 980 00:49:25,600 --> 00:49:30,520 go to a new system, a complete new scheme. 981 00:49:30,520 --> 00:49:32,590 And they'd say, hey, you start using 982 00:49:32,590 --> 00:49:36,430 the scheme on November 20. 983 00:49:36,430 --> 00:49:40,060 And what would happen would be Unit 984 00:49:40,060 --> 00:49:43,210 A would send a message to Unit B. Unit B 985 00:49:43,210 --> 00:49:46,330 would send something back that says, hey, we can't read that. 986 00:49:46,330 --> 00:49:49,260 We don't have the new code yet. 987 00:49:49,260 --> 00:49:49,770 OK. 988 00:49:49,770 --> 00:49:52,530 So they would send the message again in the old code. 989 00:49:52,530 --> 00:49:56,480 990 00:49:56,480 --> 00:49:59,370 That happened on all parties. 991 00:49:59,370 --> 00:50:00,360 The Germans did it. 992 00:50:00,360 --> 00:50:02,000 But also, the Allies did that. 993 00:50:02,000 --> 00:50:03,530 And it was reasonably common. 994 00:50:03,530 --> 00:50:07,330 995 00:50:07,330 --> 00:50:09,730 Some of those problems were very serious and not 996 00:50:09,730 --> 00:50:12,700 very widely publicized, particularly the fact 997 00:50:12,700 --> 00:50:15,970 that Admiralty Code and Admiralty Cipher Number 998 00:50:15,970 --> 00:50:18,400 2 was used throughout the war, from beginning 999 00:50:18,400 --> 00:50:24,160 to end, to order the track of convoys across the Atlantic. 1000 00:50:24,160 --> 00:50:26,950 So if the German submarine service 1001 00:50:26,950 --> 00:50:33,190 wanted to know where the current convoy was going, 1002 00:50:33,190 --> 00:50:35,940 it was in Admiralty Cipher, encoded 1003 00:50:35,940 --> 00:50:38,470 in Admiralty Cipher Number 2. 1004 00:50:38,470 --> 00:50:42,370 And one tends to read more about all the wonderful things that 1005 00:50:42,370 --> 00:50:46,960 happened at Bletchley Park, rather than some of the equally 1006 00:50:46,960 --> 00:50:50,020 wonderful, long-term of course, things 1007 00:50:50,020 --> 00:50:53,750 that the Allies did that were comparable or worse. 1008 00:50:53,750 --> 00:50:55,170 I shudder to think of that. 1009 00:50:55,170 --> 00:50:55,970 But it did happen. 1010 00:50:55,970 --> 00:50:59,260 1011 00:50:59,260 --> 00:51:00,063 Speak. 1012 00:51:00,063 --> 00:51:02,230 Why did they [INAUDIBLE] three years of code if they 1013 00:51:02,230 --> 00:51:04,180 knew it had been broken? 1014 00:51:04,180 --> 00:51:07,798 Yeah, that's my question, too. 1015 00:51:07,798 --> 00:51:10,300 [INAUDIBLE] policy [INAUDIBLE]. 1016 00:51:10,300 --> 00:51:13,150 1017 00:51:13,150 --> 00:51:15,490 Maybe that's the reason. 1018 00:51:15,490 --> 00:51:17,380 I can't answer the question. 1019 00:51:17,380 --> 00:51:20,350 I mean, this was done by the Brits, 1020 00:51:20,350 --> 00:51:22,070 done by Naval intelligence. 1021 00:51:22,070 --> 00:51:24,520 And that's what they did. 1022 00:51:24,520 --> 00:51:27,070 Why they did it beats me. 1023 00:51:27,070 --> 00:51:28,570 It's not widely publicized. 1024 00:51:28,570 --> 00:51:31,570 I don't think that appears, for example, in Cohen's book, which 1025 00:51:31,570 --> 00:51:34,388 talks mostly about Bletchley Park kinds of things. 1026 00:51:34,388 --> 00:51:36,430 But Bletchley Park was not the only kind of thing 1027 00:51:36,430 --> 00:51:38,293 that happened. 1028 00:51:38,293 --> 00:51:41,060 [INAUDIBLE] 1029 00:51:41,060 --> 00:51:44,060 No, we lost convoys because of that. 1030 00:51:44,060 --> 00:51:46,680 It's bad, actually very bad. 1031 00:51:46,680 --> 00:51:51,680 1032 00:51:51,680 --> 00:51:57,230 Now, after World War II, the intelligence business 1033 00:51:57,230 --> 00:51:59,780 changed in a number of fairly important ways. 1034 00:51:59,780 --> 00:52:03,580 1035 00:52:03,580 --> 00:52:11,980 Because of the downfall of the Enigma and machines like it, 1036 00:52:11,980 --> 00:52:13,930 the intelligence services of countries 1037 00:52:13,930 --> 00:52:16,430 decided to go to different schemes, 1038 00:52:16,430 --> 00:52:26,920 go away from these rotating, highly mechanical cipher 1039 00:52:26,920 --> 00:52:31,090 machines we used in World War II to go to better things. 1040 00:52:31,090 --> 00:52:34,810 By the way, I brought with me a cipher machine was actually 1041 00:52:34,810 --> 00:52:38,650 used all over the place by the US military 1042 00:52:38,650 --> 00:52:39,730 during World War II. 1043 00:52:39,730 --> 00:52:41,260 It's called the M-209. 1044 00:52:41,260 --> 00:52:45,258 It's a lovely machine, in the sense that the Army was 1045 00:52:45,258 --> 00:52:46,800 able to bring this into the trenches, 1046 00:52:46,800 --> 00:52:50,740 the frontline units in the trenches, 1047 00:52:50,740 --> 00:52:53,650 for example in the desert in North Africa. 1048 00:52:53,650 --> 00:52:55,960 And after six months, it would still 1049 00:52:55,960 --> 00:53:00,400 be working, just beautiful construction and a fairly 1050 00:53:00,400 --> 00:53:02,840 decent encryption scheme. 1051 00:53:02,840 --> 00:53:05,410 The instructions that went with it during the war 1052 00:53:05,410 --> 00:53:07,990 said, you can expect that the enemy will not 1053 00:53:07,990 --> 00:53:12,490 read something enciphered with this machine in less 1054 00:53:12,490 --> 00:53:14,110 than 24 hours. 1055 00:53:14,110 --> 00:53:15,860 And it may not seem like much. 1056 00:53:15,860 --> 00:53:23,050 But for frontline activities, often a day just fine, 1057 00:53:23,050 --> 00:53:25,300 particularly if you know it's just a day. 1058 00:53:25,300 --> 00:53:29,380 So it was a good machine and beautifully constructed. 1059 00:53:29,380 --> 00:53:33,860 And its secrecy was perfectly adequate for what 1060 00:53:33,860 --> 00:53:36,680 it was being used for. 1061 00:53:36,680 --> 00:53:38,480 Not much better than that, though. 1062 00:53:38,480 --> 00:53:44,920 1063 00:53:44,920 --> 00:53:49,330 Other kinds of things began to show up 1064 00:53:49,330 --> 00:53:51,760 beginning about 10 years after the war. 1065 00:53:51,760 --> 00:53:55,540 For example, if the Russian government 1066 00:53:55,540 --> 00:54:00,790 gives a beautiful four foot in diameter 1067 00:54:00,790 --> 00:54:03,520 great seal of the United States to the US ambassador 1068 00:54:03,520 --> 00:54:04,645 to hang up in the embassy-- 1069 00:54:04,645 --> 00:54:07,870 1070 00:54:07,870 --> 00:54:10,580 I'm going back to what I said earlier. 1071 00:54:10,580 --> 00:54:13,750 My question is not, is there a microphone in it? 1072 00:54:13,750 --> 00:54:16,690 My question is, where is the microphone in it? 1073 00:54:16,690 --> 00:54:19,970 And where is the antenna in it? 1074 00:54:19,970 --> 00:54:22,240 But then the ambassador at the time 1075 00:54:22,240 --> 00:54:24,070 was not sufficiently paranoid. 1076 00:54:24,070 --> 00:54:29,906 And it was, in fact, installed at the embassy 1077 00:54:29,906 --> 00:54:33,044 and certainly some harm came of it. 1078 00:54:33,044 --> 00:54:36,740 1079 00:54:36,740 --> 00:54:37,430 That's one. 1080 00:54:37,430 --> 00:54:41,540 1081 00:54:41,540 --> 00:54:45,200 As time went on, during the '50s and '60s, 1082 00:54:45,200 --> 00:54:50,600 small computers began to be used for cryptography 1083 00:54:50,600 --> 00:54:54,830 instead of these kinds of mechanical monsters. 1084 00:54:54,830 --> 00:54:59,180 And the kinds of errors that used to occur gradually 1085 00:54:59,180 --> 00:55:05,390 changed from unwise operator actions, unwise 1086 00:55:05,390 --> 00:55:10,820 choice of key material to machine failure. 1087 00:55:10,820 --> 00:55:13,740 And machine failure became quite important. 1088 00:55:13,740 --> 00:55:17,335 I need to keep track of time. 1089 00:55:17,335 --> 00:55:18,814 10:15. 1090 00:55:18,814 --> 00:55:20,160 10:15. 1091 00:55:20,160 --> 00:55:20,660 OK. 1092 00:55:20,660 --> 00:55:25,470 1093 00:55:25,470 --> 00:55:29,400 So that gets me to a rule which became very important 1094 00:55:29,400 --> 00:55:31,230 during the '50s and '60s. 1095 00:55:31,230 --> 00:55:33,390 The first thing to do with a message that 1096 00:55:33,390 --> 00:55:35,830 comes over one of these important channels 1097 00:55:35,830 --> 00:55:40,470 is check for plain text because one of the most common error 1098 00:55:40,470 --> 00:55:42,870 modes of the kind of equipment being used 1099 00:55:42,870 --> 00:55:47,187 was, in fact, that it would mistakenly send plain text out 1100 00:55:47,187 --> 00:55:48,270 instead of encrypted text. 1101 00:55:48,270 --> 00:55:55,700 1102 00:55:55,700 --> 00:55:59,330 When the typewriters at the US embassy in Moscow 1103 00:55:59,330 --> 00:56:01,790 broke and needed to be repaired, they 1104 00:56:01,790 --> 00:56:08,870 were sent out to a local Soviet typewriter repair company. 1105 00:56:08,870 --> 00:56:11,630 Do I have to go on with the rest of the story? 1106 00:56:11,630 --> 00:56:13,970 Not really. 1107 00:56:13,970 --> 00:56:17,630 And what you expecting would happen in fact did happen. 1108 00:56:17,630 --> 00:56:20,510 And it was important. 1109 00:56:20,510 --> 00:56:21,770 Where was the microphone? 1110 00:56:21,770 --> 00:56:23,600 Well, the microphone was where it 1111 00:56:23,600 --> 00:56:26,660 needed to be to detect what was happening 1112 00:56:26,660 --> 00:56:28,280 when the typewriter typed. 1113 00:56:28,280 --> 00:56:32,570 And the message being sent out-- 1114 00:56:32,570 --> 00:56:35,450 if you listen for it, all you'd hear would be some 1115 00:56:35,450 --> 00:56:37,550 occasional clicks, about one click a second. 1116 00:56:37,550 --> 00:56:40,250 1117 00:56:40,250 --> 00:56:42,240 But there's nothing unusual about that. 1118 00:56:42,240 --> 00:56:44,930 If you look at the power line in this building, 1119 00:56:44,930 --> 00:56:48,710 looking for noise on it, you would find zillions of places 1120 00:56:48,710 --> 00:56:53,180 where there were clicks and various kinds of signals 1121 00:56:53,180 --> 00:56:54,960 going into the power. 1122 00:56:54,960 --> 00:56:56,570 And in fact, in the average kitchen-- 1123 00:56:56,570 --> 00:56:58,760 what with microwave ovens, toasters ovens, 1124 00:56:58,760 --> 00:57:00,890 and things of that sort-- 1125 00:57:00,890 --> 00:57:05,000 various kinds of noise and clicks 1126 00:57:05,000 --> 00:57:06,320 occur all over the place. 1127 00:57:06,320 --> 00:57:08,990 1128 00:57:08,990 --> 00:57:11,720 But I have a problem for you. 1129 00:57:11,720 --> 00:57:14,810 In the case that actually happened, 1130 00:57:14,810 --> 00:57:17,390 all that was noticed when people bore in on it 1131 00:57:17,390 --> 00:57:21,170 was that the typewriter, the repaired typewriter 1132 00:57:21,170 --> 00:57:25,410 was sending out what appeared to be a click about once a second. 1133 00:57:25,410 --> 00:57:27,920 That's all, not very suspicious. 1134 00:57:27,920 --> 00:57:30,490 1135 00:57:30,490 --> 00:57:33,980 The clicks appeared to be nearly identical. 1136 00:57:33,980 --> 00:57:36,160 The timing between the clicks appeared 1137 00:57:36,160 --> 00:57:38,380 to be very close to one second. 1138 00:57:38,380 --> 00:57:40,900 1139 00:57:40,900 --> 00:57:44,380 As far as one can determine, the clicks were the same. 1140 00:57:44,380 --> 00:57:47,620 And they were sent once per second. 1141 00:57:47,620 --> 00:57:53,150 I have a problem for you, a homework exercise. 1142 00:57:53,150 --> 00:57:55,700 Putting reasonable assumptions on all this, 1143 00:57:55,700 --> 00:58:00,230 how much information could be sent with one click per second 1144 00:58:00,230 --> 00:58:03,050 where the clicks pretty much looked all the same 1145 00:58:03,050 --> 00:58:06,500 and they were pretty much all one second apart? 1146 00:58:06,500 --> 00:58:10,220 If you look at the data rate and work out 1147 00:58:10,220 --> 00:58:12,950 with just some reasonable assumptions about this, 1148 00:58:12,950 --> 00:58:16,610 you might be surprised at what the data rate could be. 1149 00:58:16,610 --> 00:58:19,370 The question is, would it keep up with the typewriter? 1150 00:58:19,370 --> 00:58:21,020 I'll tell you the answer to that, 1151 00:58:21,020 --> 00:58:25,370 yes, with essentially identical clicks 1152 00:58:25,370 --> 00:58:27,860 being sent out essentially once per second. 1153 00:58:27,860 --> 00:58:32,190 1154 00:58:32,190 --> 00:58:33,970 There's lots of other things like that. 1155 00:58:33,970 --> 00:58:37,160 Both us, and our allies, and our opponents 1156 00:58:37,160 --> 00:58:41,960 have many times sent out communication equipment, even 1157 00:58:41,960 --> 00:58:46,040 cryptographic equipment, to basically the local Radio 1158 00:58:46,040 --> 00:58:48,170 Shack to get them repaired. 1159 00:58:48,170 --> 00:58:50,495 When they come back, they're nearly the same 1160 00:58:50,495 --> 00:58:51,620 as when they were sent out. 1161 00:58:51,620 --> 00:58:54,960 1162 00:58:54,960 --> 00:58:55,460 OK. 1163 00:58:55,460 --> 00:58:57,080 Again, we're getting into my paranoia. 1164 00:58:57,080 --> 00:59:00,500 But I think I'm putting a few underpinnings 1165 00:59:00,500 --> 00:59:04,790 under the paranoia to convince you that this kind of thing 1166 00:59:04,790 --> 00:59:05,390 does happen. 1167 00:59:05,390 --> 00:59:06,110 And that's real. 1168 00:59:06,110 --> 00:59:09,660 1169 00:59:09,660 --> 00:59:12,930 I'll tell a story on the other side. 1170 00:59:12,930 --> 00:59:23,430 The Russians-- no, Soviets, had some equipment that sent out 1171 00:59:23,430 --> 00:59:28,320 encrypted traffic by FM radio. 1172 00:59:28,320 --> 00:59:33,810 There also happened to be a very small modulation of this signal 1173 00:59:33,810 --> 00:59:35,670 AM. 1174 00:59:35,670 --> 00:59:37,490 Though the main signal itself was FM, 1175 00:59:37,490 --> 00:59:40,920 there was a tiny bit, 30 decibels down 1176 00:59:40,920 --> 00:59:44,820 from the real signal, was an AM signal 1177 00:59:44,820 --> 00:59:48,660 that everybody viewed was too weak to hear. 1178 00:59:48,660 --> 00:59:50,010 OK, fine. 1179 00:59:50,010 --> 00:59:54,030 The CIA rented space in the first floor of the building-- 1180 00:59:54,030 --> 00:59:57,570 this is in Vienna in the '50s-- 1181 00:59:57,570 --> 01:00:04,940 and listened to the low, very dim AM 1182 01:00:04,940 --> 01:00:07,390 signal, which they could do because they were very close. 1183 01:00:07,390 --> 01:00:09,100 They just basically set up a shop 1184 01:00:09,100 --> 01:00:12,145 to sell lederhosen or something like that. 1185 01:00:12,145 --> 01:00:14,270 In fact, they were quite embarrassed that the store 1186 01:00:14,270 --> 01:00:19,480 they set up, which was really just a fake CIA store-- 1187 01:00:19,480 --> 01:00:21,850 was selling sufficiently high quality goods 1188 01:00:21,850 --> 01:00:23,380 that they had too many customers. 1189 01:00:23,380 --> 01:00:27,070 1190 01:00:27,070 --> 01:00:29,860 That went on for over five years when 1191 01:00:29,860 --> 01:00:34,480 we were, in fact, intercepting traffic from the principle 1192 01:00:34,480 --> 01:00:39,430 Soviet officer in Vienna back to headquarters 1193 01:00:39,430 --> 01:00:48,130 from this lederhosen store on the first floor of Austria. 1194 01:00:48,130 --> 01:00:51,340 Again, OK, so there's microphones everywhere. 1195 01:00:51,340 --> 01:00:52,960 That was the one. 1196 01:00:52,960 --> 01:00:59,060 1197 01:00:59,060 --> 01:01:02,180 But even in cryptography, one doesn't necessarily 1198 01:01:02,180 --> 01:01:03,470 have to do poorly. 1199 01:01:03,470 --> 01:01:07,100 I'm going to finish up on the bright side of things. 1200 01:01:07,100 --> 01:01:11,000 Suppose I have a cryptographic setup. 1201 01:01:11,000 --> 01:01:18,190 1202 01:01:18,190 --> 01:01:21,460 I have a box attached to a person, 1203 01:01:21,460 --> 01:01:25,960 and then a communication line someplace, 1204 01:01:25,960 --> 01:01:29,510 going to someplace else also attached to the person. 1205 01:01:29,510 --> 01:01:31,660 This is a long distance line that 1206 01:01:31,660 --> 01:01:35,120 causes these two cryptographic devices to communicate. 1207 01:01:35,120 --> 01:01:37,458 So somebody puts something in, in clear text. 1208 01:01:37,458 --> 01:01:39,000 The machine changes it to ciphertext, 1209 01:01:39,000 --> 01:01:40,840 sends it over the circuit. 1210 01:01:40,840 --> 01:01:44,290 It's decrypted here, and then the plain text. 1211 01:01:44,290 --> 01:01:48,800 And one can suppose that this line is tapped probably 1212 01:01:48,800 --> 01:01:50,010 more than once. 1213 01:01:50,010 --> 01:01:51,710 And the tap may be either passive, 1214 01:01:51,710 --> 01:01:54,230 in the sense that it just listens to the traffic going 1215 01:01:54,230 --> 01:01:57,410 over it, or it may be active, in that it changes 1216 01:01:57,410 --> 01:02:01,210 the traffic or inserts its own. 1217 01:02:01,210 --> 01:02:02,530 That's what I want. 1218 01:02:02,530 --> 01:02:04,810 I want secrecy of communication. 1219 01:02:04,810 --> 01:02:07,960 I want bad guys not to be able to find out what 1220 01:02:07,960 --> 01:02:09,310 this message actually says. 1221 01:02:09,310 --> 01:02:11,620 I want them to get only the cipher text. 1222 01:02:11,620 --> 01:02:14,240 1223 01:02:14,240 --> 01:02:16,710 Is it possible to design a system-- 1224 01:02:16,710 --> 01:02:21,350 and this is another homework exercise for you, too. 1225 01:02:21,350 --> 01:02:25,250 1226 01:02:25,250 --> 01:02:29,480 Is it possible to design a system of this sort that 1227 01:02:29,480 --> 01:02:33,950 protects the secrecy of the information in such a way 1228 01:02:33,950 --> 01:02:38,660 that the enemy, in the form of a cleaning lady or janitor, 1229 01:02:38,660 --> 01:02:42,380 can get all the information out of one of these boxes, 1230 01:02:42,380 --> 01:02:45,740 like this box, every piece of information? 1231 01:02:45,740 --> 01:02:48,440 And I mean that in the broadest possible sense-- all data, 1232 01:02:48,440 --> 01:02:52,740 all programs, all keys, anything that's in that machine-- 1233 01:02:52,740 --> 01:02:57,680 but still not be able to later read the encrypted traffic that 1234 01:02:57,680 --> 01:02:59,180 goes across the line. 1235 01:02:59,180 --> 01:03:02,350 Is it possible to design such a system? 1236 01:03:02,350 --> 01:03:04,100 It's a difficult question because you have 1237 01:03:04,100 --> 01:03:05,392 to think about a lot of things. 1238 01:03:05,392 --> 01:03:07,340 But again, I'll tell you the answer. 1239 01:03:07,340 --> 01:03:09,330 The answer is, yes, it is possible. 1240 01:03:09,330 --> 01:03:12,020 And in fact, it is done on some systems 1241 01:03:12,020 --> 01:03:14,480 that I know about and use. 1242 01:03:14,480 --> 01:03:17,000 But still, it's a difficult exercise 1243 01:03:17,000 --> 01:03:19,770 to work out just how do you do that. 1244 01:03:19,770 --> 01:03:21,280 But it can be done. 1245 01:03:21,280 --> 01:03:22,650 Sir? 1246 01:03:22,650 --> 01:03:27,830 [INAUDIBLE] they then been able to-- 1247 01:03:27,830 --> 01:03:28,720 [INAUDIBLE] 1248 01:03:28,720 --> 01:03:32,010 [INAUDIBLE] 1249 01:03:32,010 --> 01:03:34,830 Yeah, if both cleaning ladies were there 1250 01:03:34,830 --> 01:03:37,260 and the cleaning ladies could communicate, 1251 01:03:37,260 --> 01:03:39,900 then the system is broken. 1252 01:03:39,900 --> 01:03:42,460 I mean this only goes so far it goes. 1253 01:03:42,460 --> 01:03:45,960 But from on of the two machines, you 1254 01:03:45,960 --> 01:03:48,200 can get all the information in the broadest 1255 01:03:48,200 --> 01:03:49,560 sense that's in them. 1256 01:03:49,560 --> 01:03:54,720 But if you get two, then you can later decrypt any traffic 1257 01:03:54,720 --> 01:03:59,070 between those two stations, but not between one of them 1258 01:03:59,070 --> 01:04:02,970 and some third station someplace that wasn't broken into. 1259 01:04:02,970 --> 01:04:05,700 So that's about as far as you can go. 1260 01:04:05,700 --> 01:04:12,740 1261 01:04:12,740 --> 01:04:15,830 I'm going to quite while I'm ahead. 1262 01:04:15,830 --> 01:04:18,080 Questions, comments, whatever. 1263 01:04:18,080 --> 01:04:19,220 Speak. 1264 01:04:19,220 --> 01:04:21,098 Sir? 1265 01:04:21,098 --> 01:04:25,066 [APPLAUSE] 1266 01:04:25,066 --> 01:04:31,030 1267 01:04:31,030 --> 01:04:32,100 Speak. 1268 01:04:32,100 --> 01:04:34,360 [INAUDIBLE] about the protection of information 1269 01:04:34,360 --> 01:04:37,210 that is protected from knowing it 1270 01:04:37,210 --> 01:04:41,260 exists-- that is, you go to lengths 1271 01:04:41,260 --> 01:04:44,650 to ensure that no one knows if that's 1272 01:04:44,650 --> 01:04:46,630 that's the right telephone to tap. 1273 01:04:46,630 --> 01:04:49,450 How successful or problematic would that be? 1274 01:04:49,450 --> 01:04:50,440 It is done. 1275 01:04:50,440 --> 01:04:52,120 It is of some importance. 1276 01:04:52,120 --> 01:04:55,210 And it is done. 1277 01:04:55,210 --> 01:04:58,630 For example, in the intelligence business, we have sensors-- 1278 01:04:58,630 --> 01:05:00,820 these are gatherers of information-- in some 1279 01:05:00,820 --> 01:05:03,310 of the goddamnedest place. 1280 01:05:03,310 --> 01:05:05,800 How do you send that information out? 1281 01:05:05,800 --> 01:05:08,410 A priori, you don't. 1282 01:05:08,410 --> 01:05:12,140 You have to work out where you can send it out. 1283 01:05:12,140 --> 01:05:17,650 What good does it do to tap a fiber optic cable going 1284 01:05:17,650 --> 01:05:22,720 across Siberia since you have no conceivable way of getting 1285 01:05:22,720 --> 01:05:25,620 that rate of information out? 1286 01:05:25,620 --> 01:05:27,120 You've got to somehow conceal it. 1287 01:05:27,120 --> 01:05:28,830 Yes, that is an important issue. 1288 01:05:28,830 --> 01:05:31,050 And people do worry about that. 1289 01:05:31,050 --> 01:05:32,940 And it's not been well-solved. 1290 01:05:32,940 --> 01:05:35,610 But there are partial solutions to the problem. 1291 01:05:35,610 --> 01:05:38,450 Fair? 1292 01:05:38,450 --> 01:05:39,840 yes? ? 1293 01:05:39,840 --> 01:05:41,970 Suppose that some big financial institution 1294 01:05:41,970 --> 01:05:44,850 hires you to be an advisor and asks you, 1295 01:05:44,850 --> 01:05:49,410 what do you think about the risks of key escrow 1296 01:05:49,410 --> 01:05:50,390 key recovery systems? 1297 01:05:50,390 --> 01:05:54,510 Should we let our keys be escrowed by a third party? 1298 01:05:54,510 --> 01:05:55,620 How would you advise that? 1299 01:05:55,620 --> 01:05:57,720 Do you trust your government, sir? 1300 01:05:57,720 --> 01:05:58,710 No. 1301 01:05:58,710 --> 01:06:02,268 You and I don't have to pursue it then. 1302 01:06:02,268 --> 01:06:04,440 I asked your opinion. 1303 01:06:04,440 --> 01:06:06,690 Well, my opinion is I would first ask, 1304 01:06:06,690 --> 01:06:09,690 do you trust your government? 1305 01:06:09,690 --> 01:06:13,710 And the answer to that would come out 1306 01:06:13,710 --> 01:06:16,530 mostly somewhat negative-- 1307 01:06:16,530 --> 01:06:19,830 no, or not much, or whatever like that. 1308 01:06:19,830 --> 01:06:21,130 Do I trust my government? 1309 01:06:21,130 --> 01:06:24,420 I don't feel much differently from the way you feel. 1310 01:06:24,420 --> 01:06:28,110 I mean, there's good guys there and bad guys. 1311 01:06:28,110 --> 01:06:31,290 I won't characterize myself as being either side of that one. 1312 01:06:31,290 --> 01:06:38,290 1313 01:06:38,290 --> 01:06:41,740 But I can understand the FBI's position 1314 01:06:41,740 --> 01:06:45,160 in pushing for a key escrow scheme. 1315 01:06:45,160 --> 01:06:50,830 What do you do to counter the communications 1316 01:06:50,830 --> 01:06:58,040 abilities of the druggies or potential terrorists? 1317 01:06:58,040 --> 01:06:59,290 Yeah, it's an important issue. 1318 01:06:59,290 --> 01:07:04,810 1319 01:07:04,810 --> 01:07:06,160 Sir? 1320 01:07:06,160 --> 01:07:09,136 You mentioned that there were [INAUDIBLE] 1321 01:07:09,136 --> 01:07:10,930 compromised the financial security 1322 01:07:10,930 --> 01:07:15,010 of financial institutions which dwarf the Citibank episode 1323 01:07:15,010 --> 01:07:17,783 but that were largely unknown. 1324 01:07:17,783 --> 01:07:19,755 Could you give us a couple of examples? 1325 01:07:19,755 --> 01:07:21,730 [LAUGHTER] 1326 01:07:21,730 --> 01:07:25,590 Hey, suppose I want to rob a bank between now 1327 01:07:25,590 --> 01:07:29,560 and the end of the evening. 1328 01:07:29,560 --> 01:07:31,420 I don't walk into a bank with a gun. 1329 01:07:31,420 --> 01:07:33,160 That's dumb. 1330 01:07:33,160 --> 01:07:35,410 Because all I'm going to do, if I successfully 1331 01:07:35,410 --> 01:07:38,320 rob the bank is get enough money for a pleasant weekend in Las 1332 01:07:38,320 --> 01:07:39,760 Vegas. 1333 01:07:39,760 --> 01:07:42,110 If I start walking into the bank with a gun, 1334 01:07:42,110 --> 01:07:45,970 I'll spend an unpleasant weekend in the county jail followed 1335 01:07:45,970 --> 01:07:50,290 by an unpleasant couple of years in the state prison. 1336 01:07:50,290 --> 01:07:53,370 Go for the ATMs. 1337 01:07:53,370 --> 01:07:57,280 Consider, when I was last in Norway, indeed, 1338 01:07:57,280 --> 01:08:01,440 I have a card which I inserted into an ATM in Norway. 1339 01:08:01,440 --> 01:08:09,480 And 1,000 kroner, about $200, came out of the machine. 1340 01:08:09,480 --> 01:08:12,240 What actually took place in that transaction? 1341 01:08:12,240 --> 01:08:14,060 There are a number of parties to this. 1342 01:08:14,060 --> 01:08:14,910 There's me. 1343 01:08:14,910 --> 01:08:18,790 I don't want my pin spread all across the country, 1344 01:08:18,790 --> 01:08:21,930 particularly when it's combined with bank 1345 01:08:21,930 --> 01:08:28,040 identification and the account number at that bank. 1346 01:08:28,040 --> 01:08:30,920 That combined with a pin let's anybody get my money. 1347 01:08:30,920 --> 01:08:32,300 So I don't want that. 1348 01:08:32,300 --> 01:08:37,010 The bank that owns the ATM in Norway, 1349 01:08:37,010 --> 01:08:39,890 before it gets me the 1,000 kroner, 1350 01:08:39,890 --> 01:08:43,160 wants to make sure that it will get the money back 1351 01:08:43,160 --> 01:08:49,880 from the local bank in northern New Hampshire, out 1352 01:08:49,880 --> 01:08:53,180 in the boondocks of northern New Hampshire. 1353 01:08:53,180 --> 01:08:54,710 And the bank in New Hampshire wants 1354 01:08:54,710 --> 01:09:01,569 to make sure that you're talking about a real customer that 1355 01:09:01,569 --> 01:09:03,609 had some money in the bank and hasn't withdrawn 1356 01:09:03,609 --> 01:09:05,350 at all in the last day. 1357 01:09:05,350 --> 01:09:10,899 Now, there are both high tech and low tech ways of extracting 1358 01:09:10,899 --> 01:09:12,500 the money from an ATM. 1359 01:09:12,500 --> 01:09:16,359 The most common method in the UK and Europe 1360 01:09:16,359 --> 01:09:20,050 is to drive a forklift truck up to the ATM 1361 01:09:20,050 --> 01:09:23,200 and pull it out of the wall and take it home 1362 01:09:23,200 --> 01:09:25,657 where you can work on it in the comfort of your living 1363 01:09:25,657 --> 01:09:26,740 room with a cutting torch. 1364 01:09:26,740 --> 01:09:29,590 1365 01:09:29,590 --> 01:09:33,700 There are more sophisticated approaches. 1366 01:09:33,700 --> 01:09:36,850 The most common in the US, also fairly low tech, 1367 01:09:36,850 --> 01:09:38,859 is to go and buy an ATM-- 1368 01:09:38,859 --> 01:09:41,950 and I assure you that can be bought rather readily and not 1369 01:09:41,950 --> 01:09:43,630 terribly expensive-- 1370 01:09:43,630 --> 01:09:48,430 go and install it in the mall down the street. 1371 01:09:48,430 --> 01:09:51,354 When somebody comes up and puts a pin in into it, 1372 01:09:51,354 --> 01:09:52,854 you pass a message that says, sorry, 1373 01:09:52,854 --> 01:09:54,370 the machine is out of order. 1374 01:09:54,370 --> 01:09:55,150 Try again later. 1375 01:09:55,150 --> 01:09:58,240 But you've done is collected a whole bunch of pins and account 1376 01:09:58,240 --> 01:09:59,950 numbers. 1377 01:09:59,950 --> 01:10:01,960 Not very high tech, but very profitable. 1378 01:10:01,960 --> 01:10:03,460 It turns out that, in the weekend, 1379 01:10:03,460 --> 01:10:05,610 it's fairly easy to come up with, say, 1380 01:10:05,610 --> 01:10:07,760 $100,000 by this technique. 1381 01:10:07,760 --> 01:10:09,760 That has been done many times over. 1382 01:10:09,760 --> 01:10:12,700 1383 01:10:12,700 --> 01:10:15,370 I know it's only a partial answer to your question. 1384 01:10:15,370 --> 01:10:17,170 But it is, at least in part, an answer. 1385 01:10:17,170 --> 01:10:18,265 That does happen. 1386 01:10:18,265 --> 01:10:19,380 It's fairly common. 1387 01:10:19,380 --> 01:10:21,280 It's almost daily in the US. 1388 01:10:21,280 --> 01:10:22,430 Sir? 1389 01:10:22,430 --> 01:10:25,720 Do you think that a centralized financial system based 1390 01:10:25,720 --> 01:10:28,660 on book entry settlement is more vulnerable-- 1391 01:10:28,660 --> 01:10:29,590 Based on what? 1392 01:10:29,590 --> 01:10:31,330 On book entry settlement. 1393 01:10:31,330 --> 01:10:34,885 That is [INAUDIBLE]. 1394 01:10:34,885 --> 01:10:37,450 No, it takes too long. 1395 01:10:37,450 --> 01:10:39,100 [INAUDIBLE] 1396 01:10:39,100 --> 01:10:41,740 [INAUDIBLE] the Federal Reserve System 1397 01:10:41,740 --> 01:10:45,370 for something on the order of $100,000 a day. 1398 01:10:45,370 --> 01:10:47,380 And they won't notice for about a month. 1399 01:10:47,380 --> 01:10:48,280 Oh, I'm sorry. 1400 01:10:48,280 --> 01:10:49,720 Let me rephrase the question. 1401 01:10:49,720 --> 01:10:51,910 Do you think that a centralized system 1402 01:10:51,910 --> 01:10:55,000 with a central clearinghouse is more 1403 01:10:55,000 --> 01:10:57,700 insecure than a decentralized system 1404 01:10:57,700 --> 01:11:00,790 where people are making peer to peer payments? 1405 01:11:00,790 --> 01:11:02,686 Yes, I do. 1406 01:11:02,686 --> 01:11:07,570 And it has, in practice, not the worked out very well. 1407 01:11:07,570 --> 01:11:08,230 Yeah. 1408 01:11:08,230 --> 01:11:09,320 Sir? 1409 01:11:09,320 --> 01:11:13,105 Do you think that the gap between best military 1410 01:11:13,105 --> 01:11:14,771 intelligence practice and cryptography 1411 01:11:14,771 --> 01:11:19,700 and cryptologists that publish academic commercial 1412 01:11:19,700 --> 01:11:22,532 cryptography and cryptoanalysis is widening or narrowing 1413 01:11:22,532 --> 01:11:25,260 over time? 1414 01:11:25,260 --> 01:11:27,860 I don't notice that it's gotten wider narrower. 1415 01:11:27,860 --> 01:11:30,730 Actually, compared to when I first knew about these things, 1416 01:11:30,730 --> 01:11:33,080 the gap has gotten somewhat narrower. 1417 01:11:33,080 --> 01:11:36,260 We mostly used one-time pads in the '50s, 1418 01:11:36,260 --> 01:11:39,350 went to machines in the late '50s, and on into the '60s 1419 01:11:39,350 --> 01:11:41,190 and beyond. 1420 01:11:41,190 --> 01:11:43,460 So I don't see a gap that's widened there. 1421 01:11:43,460 --> 01:11:45,440 I see a gap that's shrunk a bit. 1422 01:11:45,440 --> 01:11:47,510 Yet, the gap between them is there. 1423 01:11:47,510 --> 01:11:49,940 And it's big. 1424 01:11:49,940 --> 01:11:57,110 My notion is that the encryption systems of the US and allied 1425 01:11:57,110 --> 01:11:59,420 countries is pretty darn-- 1426 01:11:59,420 --> 01:12:02,870 no, pretty good is one thing to say. 1427 01:12:02,870 --> 01:12:09,950 1428 01:12:09,950 --> 01:12:12,454 Adequate for the information they're protecting. 1429 01:12:12,454 --> 01:12:21,460 1430 01:12:21,460 --> 01:12:24,431 What are the factors that affect the size of that gap? 1431 01:12:24,431 --> 01:12:27,868 Do you foresee a change in them? 1432 01:12:27,868 --> 01:12:41,622 1433 01:12:41,622 --> 01:12:44,600 Nah. 1434 01:12:44,600 --> 01:12:45,820 Yeah, go ahead. 1435 01:12:45,820 --> 01:12:49,260 1436 01:12:49,260 --> 01:12:53,830 Suppose the key escrow system does get into place. 1437 01:12:53,830 --> 01:12:56,800 A key escrow database with a few billion keys in it 1438 01:12:56,800 --> 01:13:00,520 is a few cubic inches on proper storage media. 1439 01:13:00,520 --> 01:13:05,740 Could you estimate the dollar value of that information? 1440 01:13:05,740 --> 01:13:07,090 Probably very large. 1441 01:13:07,090 --> 01:13:10,330 1442 01:13:10,330 --> 01:13:13,340 Well, it depends-- dollar value to who. 1443 01:13:13,340 --> 01:13:15,820 I mean, how much would it cost me to find out 1444 01:13:15,820 --> 01:13:18,820 your social security number, credit card number for all 1445 01:13:18,820 --> 01:13:22,150 your cards, bank account number, and how well your payment 1446 01:13:22,150 --> 01:13:22,990 record is? 1447 01:13:22,990 --> 01:13:26,200 How much do you think that would cost me to find out? 1448 01:13:26,200 --> 01:13:27,520 Pardon? 1449 01:13:27,520 --> 01:13:28,450 $20. 1450 01:13:28,450 --> 01:13:31,210 Yeah, they got it. 1451 01:13:31,210 --> 01:13:33,010 It doesn't matter, so long as they were 1452 01:13:33,010 --> 01:13:35,440 able to say the number in it. 1453 01:13:35,440 --> 01:13:37,640 I mean, if they said $20, that's fine. 1454 01:13:37,640 --> 01:13:40,000 If they said $200, that's fine, too. 1455 01:13:40,000 --> 01:13:42,160 It actually is somewhere in that range. 1456 01:13:42,160 --> 01:13:46,480 To get what I asked for probably costs something like $200. 1457 01:13:46,480 --> 01:13:48,105 But the person that got it for them, 1458 01:13:48,105 --> 01:13:49,480 it doesn't cost that much at all. 1459 01:13:49,480 --> 01:13:50,550 It only costs $5. 1460 01:13:50,550 --> 01:13:53,200 1461 01:13:53,200 --> 01:13:55,330 So value to who, right? 1462 01:13:55,330 --> 01:13:59,170 1463 01:13:59,170 --> 01:14:00,904 [INAUDIBLE] 1464 01:14:00,904 --> 01:14:05,190 1465 01:14:05,190 --> 01:14:07,070 Well, I have two answers. 1466 01:14:07,070 --> 01:14:08,000 One is not much. 1467 01:14:08,000 --> 01:14:12,080 The other is I've delegated all responsibility for that issue 1468 01:14:12,080 --> 01:14:15,500 to the vice president. 1469 01:14:15,500 --> 01:14:24,180 [APPLAUSE] 1470 01:14:24,180 --> 01:14:31,135 [INAUDIBLE] 1471 01:14:31,135 --> 01:14:31,760 Yeah, OK, what? 1472 01:14:31,760 --> 01:14:35,510 1473 01:14:35,510 --> 01:14:37,490 OK. 1474 01:14:37,490 --> 01:14:40,670 Given the NSA's alleged budget and the fact 1475 01:14:40,670 --> 01:14:41,720 that you seem to say-- 1476 01:14:41,720 --> 01:14:42,970 Does anybody obey this budget? 1477 01:14:42,970 --> 01:14:46,030 1478 01:14:46,030 --> 01:14:47,736 [INAUDIBLE] 1479 01:14:47,736 --> 01:14:49,410 And they even could be wrong. 1480 01:14:49,410 --> 01:14:53,510 And given the fact that you say that military and government is 1481 01:14:53,510 --> 01:14:56,020 so far ahead, why make such a big deal 1482 01:14:56,020 --> 01:14:58,460 about key escrow and all that? 1483 01:14:58,460 --> 01:15:01,160 Is it possible that current cryptography is actually 1484 01:15:01,160 --> 01:15:03,510 of some value and is actually difficult to break 1485 01:15:03,510 --> 01:15:04,260 by the government? 1486 01:15:04,260 --> 01:15:06,540 It could be linked, so yes. 1487 01:15:06,540 --> 01:15:09,185 It would not be difficult to construct 1488 01:15:09,185 --> 01:15:13,100 from things that are widely known 1489 01:15:13,100 --> 01:15:19,730 to commercial people in the US to produce an encryption 1490 01:15:19,730 --> 01:15:22,853 system that is quite expensive to break. 1491 01:15:22,853 --> 01:15:24,270 Now, I'm not saying hard to break. 1492 01:15:24,270 --> 01:15:26,180 I'm saying expensive to break. 1493 01:15:26,180 --> 01:15:34,670 And overseas-- well, there might be one or two Israeli citizens 1494 01:15:34,670 --> 01:15:37,130 in the audience. 1495 01:15:37,130 --> 01:15:40,040 They are better than us. 1496 01:15:40,040 --> 01:15:44,720 So our expectation is if we see an encryption system coming out 1497 01:15:44,720 --> 01:15:48,350 of Israel, we say things-- well, I don't want 1498 01:15:48,350 --> 01:15:50,360 to say it in Aramaic or Hebrew. 1499 01:15:50,360 --> 01:15:55,310 But that is quite worrisome because without-- 1500 01:15:55,310 --> 01:15:58,950 well, using the expertise that they have in hand, 1501 01:15:58,950 --> 01:16:01,040 they could come up with a system that would be 1502 01:16:01,040 --> 01:16:03,230 very expensive for us to break. 1503 01:16:03,230 --> 01:16:08,150 1504 01:16:08,150 --> 01:16:11,102 That it? 1505 01:16:11,102 --> 01:16:12,086 Over there. 1506 01:16:12,086 --> 01:16:16,770 1507 01:16:16,770 --> 01:16:25,440 [INAUDIBLE] All right, do you think that that enough of these 1508 01:16:25,440 --> 01:16:29,580 authentication issues, like the bank machine and the internet 1509 01:16:29,580 --> 01:16:33,492 purchases, have happened that people are becoming aware-- 1510 01:16:33,492 --> 01:16:34,950 people running these businesses are 1511 01:16:34,950 --> 01:16:36,540 becoming aware of these issues? 1512 01:16:36,540 --> 01:16:42,270 Or are they continuing to just blindly stumble along and not 1513 01:16:42,270 --> 01:16:44,160 pay much attention to-- 1514 01:16:44,160 --> 01:16:47,660 I have not detected any awareness of ambition. 1515 01:16:47,660 --> 01:16:48,883 No, I'm serious. 1516 01:16:48,883 --> 01:16:51,050 And people come up with encryption methods which are 1517 01:16:51,050 --> 01:16:53,438 plainly inadequate to the job. 1518 01:16:53,438 --> 01:16:54,980 But you've got to remember that there 1519 01:16:54,980 --> 01:17:00,790 are other kinds of cultural issues 1520 01:17:00,790 --> 01:17:03,880 that are not unimportant. 1521 01:17:03,880 --> 01:17:09,070 I have a card, which is issued by the South African Power 1522 01:17:09,070 --> 01:17:10,330 Company. 1523 01:17:10,330 --> 01:17:14,080 It's a card that you take to the power company's office. 1524 01:17:14,080 --> 01:17:17,020 And they change the magnetic bits on it 1525 01:17:17,020 --> 01:17:19,660 that, in effect, add to the amount of money on it. 1526 01:17:19,660 --> 01:17:23,200 The one I have is good for 1,000 kilowatt hours. 1527 01:17:23,200 --> 01:17:27,730 But it is an organization where everyone 1528 01:17:27,730 --> 01:17:32,312 associated with the power company is dishonest. 1529 01:17:32,312 --> 01:17:35,800 1530 01:17:35,800 --> 01:17:38,800 In South Africa, normally a customer 1531 01:17:38,800 --> 01:17:42,110 does not pay the electric bill. 1532 01:17:42,110 --> 01:17:42,740 Why not? 1533 01:17:42,740 --> 01:17:45,200 Well, why pay it? 1534 01:17:45,200 --> 01:17:46,790 Do you think that the power company 1535 01:17:46,790 --> 01:17:48,920 is going to send someone out to disconnect 1536 01:17:48,920 --> 01:17:51,410 somebody's power in one of the townships in South Africa? 1537 01:17:51,410 --> 01:17:52,010 Not likely. 1538 01:17:52,010 --> 01:17:53,135 You'd never see them again. 1539 01:17:53,135 --> 01:17:58,110 1540 01:17:58,110 --> 01:18:00,920 In the South African yellow pages, 1541 01:18:00,920 --> 01:18:03,440 you will find a kind of business, 1542 01:18:03,440 --> 01:18:05,840 people who are in business, people 1543 01:18:05,840 --> 01:18:09,630 wire around electrical meters. 1544 01:18:09,630 --> 01:18:14,790 And I mean, there are cultural differences here 1545 01:18:14,790 --> 01:18:18,140 which take the whole subject matter away 1546 01:18:18,140 --> 01:18:19,760 from what you and I have been thinking 1547 01:18:19,760 --> 01:18:22,160 about in a very important way. 1548 01:18:22,160 --> 01:18:26,480 And that kind of thing has to be tracked. 1549 01:18:26,480 --> 01:18:29,930 If you intercept a message in Arabic 1550 01:18:29,930 --> 01:18:33,485 and it does not begin by saying God is great, 1551 01:18:33,485 --> 01:18:35,360 then you missed the beginning of the message. 1552 01:18:35,360 --> 01:18:39,090 1553 01:18:39,090 --> 01:18:43,300 And so we have to track the whole thing. 1554 01:18:43,300 --> 01:18:46,040 And what you're asking about is, to some degree, 1555 01:18:46,040 --> 01:18:50,060 a cultural question, much along the lines of do 1556 01:18:50,060 --> 01:18:52,740 you trust your government. 1557 01:18:52,740 --> 01:18:56,510 The majority answer here would be not very much. 1558 01:18:56,510 --> 01:19:00,605 Or the South African example-- 1559 01:19:00,605 --> 01:19:04,820 1560 01:19:04,820 --> 01:19:06,920 well, I've talked around your question. 1561 01:19:06,920 --> 01:19:09,530 I guess I didn't answer it. 1562 01:19:09,530 --> 01:19:12,200 No, I don't perceive any awareness 1563 01:19:12,200 --> 01:19:14,120 on the part of the US. 1564 01:19:14,120 --> 01:19:18,140 That's the direct answer to the direct question. 1565 01:19:18,140 --> 01:19:19,740 One last question? 1566 01:19:19,740 --> 01:19:22,030 This is a bit more broad. 1567 01:19:22,030 --> 01:19:23,930 Recently, the Cold War is over. 1568 01:19:23,930 --> 01:19:25,580 There seem to be less enemies. 1569 01:19:25,580 --> 01:19:28,340 But also, there's a lot more enemies 1570 01:19:28,340 --> 01:19:31,860 that have more powerful ways of encrypting information 1571 01:19:31,860 --> 01:19:33,620 and more powerful ways of protecting it. 1572 01:19:33,620 --> 01:19:37,100 And information has just been put into a lot more use. 1573 01:19:37,100 --> 01:19:38,900 There used to be Pravda. 1574 01:19:38,900 --> 01:19:40,730 And now, there's 400 newspapers that we 1575 01:19:40,730 --> 01:19:42,590 have to get out of Russia. 1576 01:19:42,590 --> 01:19:45,200 Is the NSA able to keep up? 1577 01:19:45,200 --> 01:19:46,095 It costs. 1578 01:19:46,095 --> 01:19:48,200 But that's not a high expense. 1579 01:19:48,200 --> 01:19:51,500 We certainly track all unclassified publications, 1580 01:19:51,500 --> 01:19:52,700 for sure. 1581 01:19:52,700 --> 01:19:55,340 We read all newspapers. 1582 01:19:55,340 --> 01:20:01,410 And the number has increased because-- 1583 01:20:01,410 --> 01:20:06,920 I mean, the Kazakhstan Times or the Uzbekistan Journal, 1584 01:20:06,920 --> 01:20:08,520 yeah we have to track that stuff. 1585 01:20:08,520 --> 01:20:09,870 And it does cost. 1586 01:20:09,870 --> 01:20:11,950 It is not a particularly high cost. 1587 01:20:11,950 --> 01:20:12,630 But it is done. 1588 01:20:12,630 --> 01:20:14,070 And it does cost money. 1589 01:20:14,070 --> 01:20:17,350 And it's done in the other way, too, done in both directions. 1590 01:20:17,350 --> 01:20:21,210 But your statement, the Cold War is over-- 1591 01:20:21,210 --> 01:20:26,700 I'd want to-- yeah, I'd want to modulate that just a bit, 1592 01:20:26,700 --> 01:20:28,668 not much. 1593 01:20:28,668 --> 01:20:29,580 [INAUDIBLE] 1594 01:20:29,580 --> 01:20:31,080 Yeah. 1595 01:20:31,080 --> 01:20:37,440 Well, among all those little countries 1596 01:20:37,440 --> 01:20:40,560 that you see along the southern boundary of the former Soviet 1597 01:20:40,560 --> 01:20:45,600 Union, 8 or 10 little countries nobody's ever heard of, 1598 01:20:45,600 --> 01:20:49,980 One of them, Kazakhstan, is larger 1599 01:20:49,980 --> 01:20:51,530 than all of Western Europe. 1600 01:20:51,530 --> 01:20:54,420 1601 01:20:54,420 --> 01:20:58,620 So one has to keep some kind of balance in this kind of thing. 1602 01:20:58,620 --> 01:21:00,762 I don't even know what the capital it is anymore 1603 01:21:00,762 --> 01:21:02,220 because what used to be the capital 1604 01:21:02,220 --> 01:21:09,240 five years ago is politically incorrect now. 1605 01:21:09,240 --> 01:21:11,970 It's been changed to a Kazak word. 1606 01:21:11,970 --> 01:21:13,440 But then as soon as they did that, 1607 01:21:13,440 --> 01:21:16,130 they moved the capital about 50 miles to the north. 1608 01:21:16,130 --> 01:21:18,015 So it's hard to keep track. 1609 01:21:18,015 --> 01:21:21,330 But again, this is something that does happen. 1610 01:21:21,330 --> 01:21:22,492 And it does cost. 1611 01:21:22,492 --> 01:21:23,700 But it's not a major expense. 1612 01:21:23,700 --> 01:21:25,560 It's something we have to do. 1613 01:21:25,560 --> 01:21:30,030 Well, I'd like to thank you for a very interesting talk. 1614 01:21:30,030 --> 01:21:33,680 [APPLAUSE] 1615 01:21:33,680 --> 01:21:40,000