For most people cryptography is a mysterious art conjured by magicians who speak an odd and unknowable language and who live in some remote and inaccessible deep forest occupied by unnamed and un-cataloged creatures. A land that perhaps Tolkien would know best. We wouldn’t know quite what to do if we met one of these folks.
But the fact is that we owe an enormous debt of gratitude to these mathematicians as the practical results of their work keep us safe every day. Some of them work in academic environments around the world, some work for large companies like IBM and Microsoft, some work for governmental agencies, and some are students. Cryptography (sometimes called Cryptology) is a branch of mathematics and encompasses a number of areas. Like any area of academic specialization some cryptographers are well known, and some are mostly invisible outside of their academic area of specialty. You may have heard of Bruce Schneier as he is quite well known through his writing, speaking engagements and testimony before committees of the US Congress.
You may not have heard of Phillip Rogaway.
Professor Rogaway has made significant contributions to cryptography and works with other cryptographers to advance the field. He holds a professorship at the University of California Davis, and positions in other academic institutions around the world. It would be hard to overestimate the importance of his and his colleague’s work in making our modern world safe and workable.
I would like to call your attention to a talk Professor Rogaway gave at the Asiacrypt 2015 conference in Auckland, New Zealand a little over a year ago. It had nothing to do with cryptography, and yet it had everything to do with cryptography.
Phillip Rogaway made an elegant argument about the moral and ethical considerations about the work that cryptographers do. He directly addresses his colleagues and students entering the field and adds a plea that they take into account the moral and ethical uses of their work. While he is addressing a relatively small audience of cryptographers and security specialists, I believe that his message is relevant to every one of us who work at some level in this field including software engineers, security professionals, security auditors, cyber security specialists, and anyone else active in the security industry in any capacity. The paper that was the basis of his presentation is one of the most powerful that I’ve read in some time.
I encourage you to read it.
It is a wonderful read for anyone, and especially for those of us who work in the security industry. If I could I would certainly make this paper required reading for any student in a computer science course of study. Those of us who love building security solutions should fully understand the impacts of what we do. Others in the academic community have discussed the ethics and uses of cryptography, but Phillip Rogaway shines a bright light on this area better than anyone I know.
I don’t know Professor Rogaway and I’ve not had the pleasure of meeting him. But I recognize important moral work when I encounter it. If you work in the security industry in any capacity I hope you will take the time to give this paper a read.