​'I never believed in quantum computing'

He was sceptical about the feasibility of the quantum computer for a long time. But now, TU crypto teacher and data security expert, Phil Zimmermann, believes that cryptographers will have to up their game or a future quantum computer will crack all codes.

Security expert Phil Zimmermann: "We will see many more NSA leaks during the Trump administration." (Photo: Phil Zimmermann)
Security expert Phil Zimmermann: "We will see many more NSA leaks during the Trump administration." (Photo: Phil Zimmermann)

He is seen as one of the fathers of cyber privacy. Phil Zimmermann, who became cryptography teacher for the Master Cyber Security at TU last year, is the creator of Pretty Good Privacy (PGP), an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. PGP became the most widely used email encryption software in the world.

Zimmermann was one of the speakers at a symposium about cyber security organised by the W.I.S.V. 'Christiaan Huygens' students' association at the TU earlier this month. Quantum computing, and its theoretical ability to crack codes, was high on the agenda.

It seems that the playing field in cyber security is about to change. An encryption specialist from the Dutch national security agency, AIVD, expressed her concerns about quantum computing. The first quantum computers are expected to be operational by 2030, she said. Before that, any secret data needs to be extra secure and the encryptions immune to quantum deciphering with new algorithms.

Quantum computing also puts our privacy at stake. Are you also worried about this technology?

"I never used to take quantum computing very seriously. In order to work, a quantum computer needs to be isolated from the rest of the universe. When it interacts with something in the universe, the system collapses. I majored in physics and I thought it would never work. But I changed my mind last year because of advances in applied physics. And because I recently realized how seriously the National Security Agency (NSA) and the National Institute for Standards and Technology (NIST) in the US are taking quantum computers. NIST is asking the crypto community to submit candidate algorithms that can withstand quantum computing."

The TU is at the forefront of the development of a quantum computer. Do you think the development of such a computer is a good thing?

"I only think in terms of good and bad when it comes to policy. Quantum technology is a technology with mixed effects. Just like encryption is. Let them advance the quantum computer. It will bring important advances in biology and chemistry. The cryptographers will just have to keep up. We have a more immediate problem in cybersecurity."

What problem is that?

"There have been crypto battles for decades. During World War II, the cryptanalysts had the upper hand. They were able to decipher the codes of the Germans and the Japanese. Who has the upper hand has changed over time. Today, we, the cryptographers, are ahead of the game. But it is a mistake to be complacent. The front door – the encryption - is no longer the place where attacks are happening. The attackers nowadays simply break the window next to the steel door, in a manner of speaking. They use malware, for instance, to take over your computer, making encryption obsolete. It is a complex problem. I don't know how to catch up."

What are the implications?

"There is a clear and present danger. Clinton's campaign manager was attacked. And just before the French presidential elections, Russian hackers exfiltrated emails from current French President Emmanuel Macron and mixed them with fake messages. The French voters were wise and not fooled. We were not so lucky in the US. Cyber security is not abstract - it is a real threat to the EU and to NATO. All European democracies are under threat from Russia. France dodged the bullet. I wish we had done the same in the US.

"An important problem in this respect is the internet of things. It is going to be a disaster because computer programmers do not think enough about security. They focus on their products' functionality. They should be thinking about security as well. This is an important lesson that I want to teach TU students."

What brought you to Delft?

"I was working for Silent Circle in Geneva, a provider of secure communications services. When it closed its office in Geneva, I lost my working visa. I had to go back to the US. Or I could come here. I applied for a job at the TU. The courses are in English, so that is good. I also had German at high school, so I can understand a bit of Dutch. I like the international orientation of Europe; the world view. Most Americans don't even have a passport. I have visited 46 countries. I made up my mind to stay here before Trump was elected, but his election strengthened my conviction to stay here."

Zimmermann has a tumultuous past. In the early nineties, when PGP went online, he became the target of a three-year criminal investigation. US customs wanted to prosecute him for being an arms dealer. They regarded cryptographic software as a munition and held that Zimmermann violated US export restrictions. As a result, Zimmermann's star as an apostle for online privacy rose. The US government dropped its case in 1996. And it also started using PGP itself.

You have always been an advocate of privacy and civil liberties and you have been active in the peace movement in the eighties. Are you still on the barricades?

"I never thought of what I did as protesting. In the case of PGP, I wanted to build something that everybody could use. You know, navy seals also use my programmes to communicate safely with their family when they are in the field.

"In 2014 at a computer security conference, a guy came up to me. He wanted to shake hands. He worked in human intelligence , and he said that some of his friends were alive thanks to PGP. That made me feel good."

What is your current attitude towards the NSA?

"In 2014 I was inducted into the Cyber security Hall of Fame. The sitting director of NSA, Mike Rogers, presided the ceremony. It was surreal. But I felt that it was okay now for this to happen. Governments use my stuff.

"My difference with the NSA in the nineties had to do with their crypto export policy. I have respect for the people who work there. They are very good at their job. But I don't want them to restrict in any way our ability to use strong crypto. And pervasive surveillance, especially domestic surveillance, can undermine liberal democracy and lead to dystopian outcomes."

What do you think of the Snowden revelations?

"Snowden saw things he thought were morally wrong. Years ago, I visited Bletchley Park, the central site for British code breakers during World War II. During World War II, thousands of people worked to decipher the communications of the Japanese and the Germans. Nobody leaked information then. And they didn't because they knew that what they were doing was morally right. During the cold war, NSA didn't have any leaks either. But after 9/11 NSA started doing things that were morally questionable. I think that we will see many more leaks during the Trump administration."