By Robert McMillan
March 12, 2007
Whitfield Diffie has been credited with making privacy possible in the
Digital Age. As a co-inventor of public- key cryptography, he is among
the most respected contributors to the field of computer security. In an
interview with the IDG News Service, Diffie, chief security officer at
Sun Microsystems Inc., talked about the state of computer security,
Microsoft Corp.s role in it and privacy issues.
When the PC went on the network, there were security implications that
nobody thought about. How do you think Microsoft has responded over the
past five years or so?
I think there are two issues. I think youll find that lots of [potential
security problems] were foreseen. I think the critical thing [is] that
Microsoft showed that its judgment was correct. If it had paid less
attention to security, maybe it would have had less market share. The
interesting thing to me is why its been so hard for them. I think it has
to do with the problems of legacy code and the legacy interface
expectations of their customers.
Do you believe that theres a sense among users that the Internet is not
I think thats a well-placed misconfidence.
How do you see the state of security on the Internet today?
Phishing is the security problem, at that level, that I hear the most
about right now. But I certainly dont worry about the security
arrangements of going to AmericanExpress.com. Im not the least bit
worried about that, partly because of the law and partly because the
essential point of SSL is that the certificate costs enough money that
the thieves arent putting up a front.
I conjecture that the expansion of networked communications and societys
dependence on network communications is outrunning the security of that
network and will continue to do so for quite some time.
What are your thoughts on Internet privacy?
I believe in privacy, but privacy is just one of a number of
considerations. What bothers me is that information about people is so
readily available in a way not auditable to them, to organizations like
ChoicePoint, who broker it around and enable other people, who are not
legally constrained in what they do with it, to make decisions based on
McMillan is a reporter for the IDG News Service.
Visit the InfoSec News Security Bookstore