One big highlight of the RSA conference is always The Cryptographers' Panel. This year the panel was:

• Ronald Rivest, the R of RSA.
• Whitfield Diffie, legendary cryptographer.
• Paul Kocher, who discovered both differential power analysis, and one of the first varieties of the Spectre vulnerability of speculative execution in microprocessors.
• Tal Rabin, manager of the cryptographic research group at IBM, and also (earlier in the morning) the RSA Conference 2019 Recipient of Annual Award for Excellence in the Field of Mathematics.
• Shafi Goldwasser from the Simons Institute for the theory of computing.
• The moderator was Zulfikar Ramzan, CTO of RSA (the company, not the conference)

Adi Shamir

One name that was missing was Adi Shamir, the S of RSA. He did send a video about why he was unable to attend. He'd applied for a routine renewal of his visa a couple of months earlier but heard nothing. He was unable to find out what was going on. Apparently, there are other people in the same position. One theory is that the US is treating them differently because they work in security. But, based on my experience, the USCIS (US Customs and Immigration Service) is overloaded and incompetent.

Last time renewed my green card, I had a similar experience. When you apply to renew your green card you get an appointment to have your biometrics taken. And when I said get an appointment, I mean they send you a time that you are expected to show up, you don't get to suggest some times that might work for you. If, as is often the case, they pick a time you can't go then you send the form back with your reason for non-attendance and they send you another date. As well as taking your biometrics, they put a sticker on the back of your old green card punched with holes to show that it is extended by 12 months. Those 12 months expired, and I had no green card, and I had to go on a trip. In those days, you could get a walk-in appointment at the USCIS office in San Francisco after lunch, so I went there and got in line about an hour before they opened. When I got to the desk, the person there apologized. But even she could find out nothing on the computer system other than the fact that I'd applied and they'd done the biometrics, and it was still in the system. So she put a stamp in my passport, valid for another year. The situation is even worse now. They no longer accept appointments booked on their online appointment booking system, and they no longer accept walk-in appointments. The online status system only ever tells you they received the form you are inquiring about. There is apparently some almost secret phone number you can call in case of severe hardship to get an emergency appointment.

I have seen nothing in my dealings with the USCIS that indicates that they don't just accept the paperwork, that it sits around for months or years, and then they process it in a few minutes. A friend told me that if you are applying for a new green card (as opposed to renewing one), they won't even let you ask them what is going on until the maximum time they might take has expired. I just looked online and currently, it is 11-45 months. So they have a blackout for almost 4 years before you can find out that maybe they lost your application. In the meantime, you are not allowed to leave the country, because you are assumed to have abandoned your green card application unless you already have what they call advance parole. You can fill in a form for that, and you are allowed to ask what is going on after only 6 months. Oh, and in the meantime, you can't renew your driving license in California because you no longer have any paperwork showing how long you are legally in the country.

It is a disgrace. But I think it is a case of Hanlon's Razor: "Never attribute to malice that which is adequately explained by stupidity." Well, stupidity is not the right word, it is some mixture of incompetence, maybe lack of manpower, and general overload from the sheer amount of immigration that is going on. There are about 1.3 million new green cards issued per year. There are about 12M green card holders who have to renew every decade, so that's another 1.2 million per year. So that's about 10,000 green cards issued per working day. Somewhat less since people exiting the green card system for citizenship don't need to renew any more. It's all processed on paper, too. When I said "fill in a form" a few times above, I mean that it is a PDF form that you print out and mail to them, not an online form. They probably take faxes.

Adi Shamir's experience is just normal. He should have applied well over 6 months in advance, which is the fastest the USCIS seems to process anything. He is a founder of RSA, both the company and the conference, and has been every year for 20 years, but now is unable to enter the US since he has no visa. In his video, he said:

I've heard nothing, not a 'no' nor a 'yes'. If someone like me cannot get a tourist visa to enter the US to give a keynote at the biggest conference in the field, perhaps it is time for us to think about how and where we organize our scientific conferences.

Whitfield Diffie echoed my rant above, saying that it was embarrassing to be an American.

Panel Discussion

This is not the entire panel, it is edited highlights. I've written it as if it is verbatim, but this is from my notes and also cleaned up a little from the exact words. Anything in [brackets] is my addition.

Q: Zufikar kicked off the panel proper asking for reactions to a law passed at the end of last year that in Australia all systems need to allow access by law enforcement into encrypted communications [here's a link to a Wired piece with more details].

Diffie: It's given us a great line that the laws of mathematics are all well and good, but the laws of Australia operate in Australia. This is a step that is not going to be productive, but in my own view, which a lot of people consider radical, I want issues of personal autonomy and privacy taken out of the realm of legislators. But progress is likely to be in the other direction. Electronic brain interfaces may reach the point that they can read your mind and all that protects you is a subpoena.  A hundred years ago anyone could have a private conversation. Walk a hundred yards away and you had greater privacy than anyone has today.

Kocher: The Australians can put people in prison if they don’t insert secret backdoors. It should be the other way around, people should be put in prison for putting in backdoors and not telling. It cost us $10B to deal with something that was leaked from the NSA, and I don’t think Australia is likely to be better than the NSA at keeping backdoors secret.

Q: Legislation is going in all different directions. We have a new four-letter-word GDPR. This is higher in the search rankings than Beyoncé.

Kocher. We desperately need some regulation here. The key question is how it plays out. We don't yet know how companies are going to view privacy regulations like the California ones. If they will take them seriously. Or whether it’s like parking tickets and UPS, where the fines are just a cost of doing business.

Goldwasser: There is an issue of how do we detect if people are following the rules or not? How do you verify? We’re not going to take them on their word that they are, we need a way to catch them in the act.

Q: What about surveillance?

Goldwasser: There is surveillance going on but people don’t know the magnitude. Judges grant 30,000 motions to listen to what you say each year. There is no reporting. The companies say how many requests they got, and firstly you have to believe them. A lot of surveillance has gag orders, that are meant to expire, but the expirations don’t get enforced.

Q: Ron, you've been thinking about electronic voting. Have we made progress?

Rivest: It is such an important area. We need to make sure we’re doing voting right. Big picture: we have an election and we want trustworthy results. Trust by reputation is important, but cryptographers have focused on trust through results. In 2000, we learned voting is fragile. In 2016, we learned we have adversaries, foreign actors out to mess with our system. The secrecy of the secret ballot is a key technical challenge, it would be much easier if all the votes were public. KISS is the best way and low-tech paper ballots are the way to go. In the last election, it was 80% paper, and it’s going up. I'm optimistic we’re going in the right direction: things are fragile, have to be able to audit the results, to do statistical checks on them. Loser needs to be convinced that the election went the way announced. Various states are having some pilot audits. The kinds of thinking we do, thinking adversarially, detection and recovery are all part of the picture.

Q: Blockchain will not solve these problems? [laughter]

Rivest: Blockchain is irrelevant for most of these problems.

Q: Blockchain has become a household word. If you look at the systems, Bitcoin and the other ones, there are a whole lot of attacks.

Rabin: I'm just going to talk about the technical attacks, not money. A 51% attack is where people can get control for a period of time and do double spending or stop transactions being added to the blockchain. It’s not very expensive. There's even a website that will tell you how much to take control, about $250,000 for an hour. So not much if you have a lot of money invested in the blockchain. Maybe proof of work is not really the way to go. There's lots of interest in our [IBM I assume] technology so a good thing. Current blockchains are very controlled without a lot of room for change and movement forward. They are fixed and this is the way they are. We need currencies that are more adaptive with some governance in place. Changes are needed. Anyone who develops software knows you move from one version to another. Mosaic, Altavista…these things came, did a huge thing, and then died out. Maybe the current cryptocurrencies will be the same.

Kocher: There is a big gap between a great research paper and people who work in the real world. If you add the froth of blockchain, these things get amplified. Bitcoin, where you can lose your money. Facebook, where you can lose your privacy. Now Facecoin is coming. Cryptography is the one piece that works, but it sits on other stuff like microcode. All that has to work too. It is really hard to make hardware that supports cryptography the way cryptographers want. Just look at Spectre and Meltdown.

Diffie: Over our working lifetimes we've seen a millionfold decrease in the cost of computation, but instead of using some of that to have isolated components, everything has been pushed together. Shared resources are the bane of security.

Kocher: We have really good metrics for performance, but not for security. So you can't see that the 5% increase in performance came from a decrease in security by x%.

Q: How does the public gain trust in all these algorithms?

Rabin: Bitcoin is the first example where people just jumped on it, whereas other things took a long time to be adopted. Even more technologies coming, such as multiparty computations, threshold crypto, and so on. They were thought of in the late 80s and 90s, very ripe theoretically but now it seems to be the time to get these things out there. Even government NIST standardize threshold and proactive security, that enables distributed parties to create signatures in a way that a single party cannot, that needs a quorum to generate the signature. Things take time to move from theory to practice.

Rivest: I was astonished at how fast MP5 [a cryptographic hash algorithm] was taken up. The NIST process is much better. Look at what they are doing with post-quantum cryptography. We need an extended process lasting years for hard problems like that.

Rabin: A lot of things that are well-accepted are to do with communication. But now with all the data out there, and there are AI, speech, vision, bail, policing, credit scores. The data should be kept private. We need to do computation in a way that the data remains private. Protecting the privacy and robustness of data while you are working on it, built on the same ideas as public key with some stuff that is difficult. Remember, standards for public key took a long time to get in place.

Kocher: Part of the challenge is that the security machines are getting too complicated to understand. I'm dating myself, but my first secure system had 2 floppy drives and you could be pretty sure after ejecting the disk that it wasn’t affecting anything anymore. Trust and organization have conflicting motives, so it is hard to have complete trust. We need not just trust, but easily verifiable evidence.

Diffie: What Paul said is very important. 35 years ago we had computers and we knew where the memory was. Now we have terabytes in our pockets, and it's really cheap to stick memory in every design, and who knows what a given computer really does?

Kocher: I have no idea how security really scales. If I take 1M companies' computations and put them in one datacenter, how much more secure do we need it to be? If I build more and more layers, it is hard to know if the foundational layers meet the objective of the highest level. We know what it means to have 1% of cars crashing every year, but we don’t know about what if all the cars crash together once every 100 years. We don't even know if keeping cloud datacenters running requires the data centers to be running. Or what happens if the GPS system goes down.

Rabin: I'd like to introduce an optimistic note. Where is the memory and who has access? We can imagine a utopia where everything is encrypted all the time. This requires multiple centers working together and no one center alone has all your data. But how do you make this theory into practice? Having computer scientists know about cryptography from the get-go is a start. If you look at machine learning it is all just about accuracy, nobody thinks yet about how to do machine learning on encrypted data. It’s something you need to learn early on and not add on.

Q: Socially are people ready to adopt?

Rivest: With voting, it is important for people to believe it is doing the right thing. Many other applications just one company needs to believe. I’m always surprised how ready people are to accept something like a voting machine that involves more lines of code than there are voters. The process we as a society go through to accept technology goes through many different layers. Journalists play a key part and the public has experts they rely on.

Rabin: We as a community need to make things more understandable, maybe as a first step to the journalists. Then maybe the public will make better decisions.

Kocher: Some technologies should be wider known. Password-authenticated key exchange. Computation like signing an SSL where it is split among multiple parties. Cold storage of data: encrypt as you go, but don’t keep the private key on the system so the data can’t be compromised even if the system is.

Q: Final comments?

Rivest: I miss having Adi on the panel. Voting is going to be important in 2020, pay attention to the technology. And there are Things on the horizon like quantum crypto we need to pay attention to.

Goldwasser: One thing that didn’t come up is that the ability to give connectivity to the world is giving us a lot of power and responsibility. It’s like physicists and biologists did with warfare, requiring proofs that the rules are being followed. It is important to realize our responsibility.

Diffie: As you will probably remember, I normally give obituaries. This year, as far as I know, in both the public and secret community, everyone has lived through the year [applause].

Rabin: I think these are really exciting times. I encourage you all to look at these more advanced techniques to help push the effort forward

Kocher: I’ll echo that too. Bad things happen quickly, and good things take years. But things are plodding along. There are safer languages like Rust, the switch from passwords to authenticators. A lot of us are used to working on Internet company time, but many of these initiatives are measured in decades.

Zulfikar had the last word: There are challenges ahead, but we are making amazing progress.

Sign up for Sunday Brunch, the weekly Breakfast Bytes email.