One of the big draws on the first day of the RSA Conference is always "The Cryptographers' Panel". The people on the panel vary. This year the panelists were:

• Whitfield Diffie of Cryptomathic, one of the inventors (with Martin Helman) of public-key cryptography
• Arvind Narayanan of Princeton
• Tal Rabin of Algorand Foundation
• Ron Rivest of MIT (the R of RSA)
• Adi Shamir of The Weizmann Institute, Israel (the S of RSA)

The panel was moderated by Zulfikar Ramzan, the CTO of RSA (the company).

This post doesn't cover everything that was said. I will include a video of the panel at the end of this post, in case you want to see the whole session unexpurgated. I will use people's last names except for the moderator, Zulfikar, where I'll just put "Q" for question, since most of the time (but not always) he was questioning the panel and starting a new discussion. Stuff in [brackets] is my explanation of a few things that people at RSAC were expected to know about already, but you might not.

Q: What is your perspective on AI and machine learning (ML).

Shamir: As most of you know, it took the administration six months to give me a visa. Whoever is in charge of visa processing should be replaced by a neural network. Seriously though, there are two major problems in AI. One is that we don't understand why neural networks work so well. And we don't understand why they are working so terrible. The issue of adversarial examples such as taking an image and changing a few pixesl, for example. We are now starting to understand what is going on. But until then it will be inadvisable to use in autonomous vehicles, or life and death decisions in medicine. There is lots of progress but we are not there yet.

Q: What about facial recognition? Any comments?

Rivest: This is one place where the rubber meets the road. There are five properties. One is asymmetry—it used to be that you were looking at someone and they were looking at you. Prominence: what you see is being recorded. One is identification, the Chinese are masters at this. Correlation. And finally, discriminations, what ads you see and so on. So it needs to be regulated.

Rabin: Facial recognition is being used to shame people. There are privacy implications. We are just learning.

Diffie: Talking of putting faces to shame, the founder of this conference said that deadbeat dads should be on beer bottles.

Q: What about privacy?

Narayanan: Privacy is overrrated, and usually what people mean is confidentiality. But it can mean a number of things, including fairness. There are inevitable mistakes, the wrong person being arrested, for example. There is genetic privacy. What are people worried about? That a company or insurance company might use it in a discriminatory way. So when people say privacy, they often mean fairness.

Q: Can fairness be achieved?

Rabin: Let's say we want to know if people will default on a loan. Say New Yorkers and Californians. Do we equalize person-to-person or New Yorkers versus Californians? Judges are using this technology to determine if people will default on their bail or not.

Q: That sounds like security, which will never be perfect. There has been a lot of policy work such as GDPR, CPA, and others. Do they pose interesting technical challenges?

[GDPR = the European General Data Protection Regulation. CPA = California Consumer Privacy Act.]

Rabin: These are complicated. For example, consider the right to be forgotten. Say I download Diffie's stuff to my computer, and then I want to be forgotten. Then Diffie wants to be forgotten but they have lost the fact that I downloaded it since I asked to be forgotten.

Shamir: Besides the technical issues, it won't work. It mostly attracts attention to the fact that someone wants to be forgotten, so better not to have started it in the first place. What about the Internet Archive? What are we going to do with it? I personally don't believe in the right to be forgotten.

Narayanan: I agree, it's kind of a silly name. What is the law trying to do? Until recently, we didn't know how many "right to be forgotten" cases there are. It turns out Google gets 50,000 requests per month in the whole of Europe.

Diffie: I'd like to understand how the right to be forgotten only affects the "little people" like small researchers, busybodies, employees. But it's not going to affect the secret police or even your personnel records.

Shamir: The fact is that I said some nasty things about the US visa process. I want that to be forgotten!

Q: What about blockchain?

Shamir: There is no way to touch the past with blockchain so it can't support the right to be forgotten. But I think blockchain is overhyped and, in most cases, there are other ways of doing whatever it is better. It is just sexy marketing.

Q: Application to voting?

Rivest: That is the wrong thing. Blockchain doesn't really fit for a couple of reasons. One, we need software to be independent, we don't need high tech to make it work. You must have it so you don't need to ultimately trust the software, so we need paper. Blockchain is garbage in, garbage out, and stored forever. I think it is a mismatch to voting. Use paper ballots. Check a random sample of the ballots to make sure they are consistent with the recorded outcome. For this upcoming election, about 80% of people will be on paper ballots, including all the swing states.

Q: How are the mainstream media doing covering security issues? For example, the story about Crypto AG.

[Crypto AG was a Swiss company that supplied hardware for encryption to many countries. It turns out that it was secretly owned by the CIA for over 50 years, who as a result could read the traffic of those countries.]

Diffy: Yes, it came out last week that this company was jointly owned for decades by the CIA and they were selling crypto hardware that they knew how to break. But I basically celebrate intelligence—it is a contribution to stability. We've always preached that you should make cryptographic systems public. But the other thing is that designing cryptographic systems is difficult and these small countries couldn't design their own crypto. This story is old, but the recent documentation that has come to light is new.

Q: Another news item is the policy on end-to-end encryption. What is your take on this?

Diffie: We pseudo-won the argument in about 2000, and I said this isn't going to go away. I haven't changed sides. People who put themselves forward as being concerned with law enforcement have a very narrow view. But the critical thing I believe in is a cyber Pearl Harbor. If you build a backdoor into a crypto system, it makes it immensely more complex. We only know how to do security for small simple things. We need to do everything we can to make systems secure, and I don't believe building side doors in helps.

Rivest: I think we have a right to be private and to communicate privately. When you consider a device captured by law enforcement and they want to know what is on the device. We don't have any acceptable technical solutions.

Q: How about quantum computing? It will break RSA.

[RSA is the public key cryptosystem used to exchange keys between browsers and websites—basically when you see a padlock in your browser's URL bar, which these days is almost always.]

Shamir: My position hasn't changed. I hope the people building quantum computers fail. We'll lose a lovely algorithm. But we need to prepare for possible prevalence. I'm still skeptical of whether these quantum computers will be built. Fusion power seems more likely.

Rivest: But we've achieved quantum supremacy!

Shamir: A lot of scaling needs to be done before you can use these computers for breaking security. It may never happen.

Q: A wise person, Adi Shamir, said "people don't break crypto, they find ways to go around it."

Narayanan: Yes, people are losing the cryptocurrencies in very low-tech old-fashioned ways. Online wallets, two-factor authentication. If there is one thing that is easier to compromise than passwords, it is taking control of your mobile account. Sim-swaps are when someone calls your mobile provider and asks to get it transferred to a phone they control so they get the second factor. We tried this with five carriers, and we succeeded with all five. Some carriers, if you can tell them some of the recent numbers you received calls from, then they assume it is you. So you can just make those calls. One thing you can do is make sure two-factor is enabled, but use an authenticator app rather than SMS, which is very vulnerable.

Q: Last question. What are the most surprising trends in the last 20 years, and for the next 20?

Rivest: Things keep changing so be prepared for change. New math, holomorphic encryption. Smartphones have changed the game. It takes 20 years to get a technology from a whiteboard to a product.

Shamir: One of the most successful things has been the introduction of AES. I still have a bit of an uneasy feeling about the number of rounds. We usually go to where we can't break it and then add a margin of error such as doubling it. We need a reasonable margin of safety against developments in the future. I advised in 2000 that the number of rounds should increase to at least 16.

Diffie: An Irish wolfhound killed the last wolf in Ireland and so now they are more decorative. Similarly, I though cryptography would die away. But blockchain and crypto...I’m amazed.

Rabin: Blockchain took things we’ve known since the 80s (byzantine algorithms, proof of work…) Blockchain is still lacking a killer app. But at least now every person in the world knows the word “crypto” (although not meaning what it used to). I don’t see this dying in the near future.

Narayanan: I want to give a shout out to differential privacy. It's about 15 years old and now facing public tests since being used by the 2020 US census. There are mathematical proofs.

Watch the Panel

The panel was recorded. You can watch the whole thing (about 50 minutes):

Sign up for Sunday Brunch, the weekly Breakfast Bytes email.