Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age: Secrecy and Privacy in the New Cold War (Penguin Press Science S.) [Kindle Edition]

Encryption truly is one of the most critical technologies necessary for a smoothly functioning virtual world, and is very much the case that the U.S. Federal Government successfully delayed the general availability of strong encryption for at least a decade. (Future economists may point back to the last two decades of the 20th century and show how this failed government policy was responsible for the loss of U.S. dominance in the high-tech market.)

It would have been easy to take the politically correct road and portray the Feds as being evil conspirators, bent on maintaining their own power and pride at the expense of the entire world. Levy chooses a more balanced approach, depicting the NSA in nearly heroic terms. He is especially sympathetic towards Clint Brooks (a name I did not know), an NSA lifer who developed the key escrow concept as a compromise that would allow widespread public utilization of strong encryption while still allowing law enforcement (and of course, intelligence agencies), the ability to intercept communications under controlled circumstances. If both the NSA and their philosophical opponents are heroes with noble goals, a tragic ending is inevitable, which adds an element of pathos to this triumph of democracy.

As a former software vendor, I've been totally frustrated by both the crypto export laws and by the NSA attitude of "If you only knew what we knew, you wouldn't even ask that question." That argument turned out to be just as specious now as everyone thought it was at the time, but the marvelous aspect of this book is that Levy is able to make a cynic like me accept that the people within the Puzzle Palace have legitimate motivations. (He is much harsher on the FBI, and creates an especially unflattering portrayal of Louie Freeh). It's a well-balanced approach to a very contentious subject, which adds considerably to the author's credibility.

Personalities loom large in a history like this one, and Levy is a master at drawing them out of their personal shells and detailing aspects of their private lives to explain their motivations and feelings. Whitfield Diffie is the old master who had the vision to conceive of a new model for encryption that would meet the unprecedented needs of a network society. Ron Rivest was the energy behind the development of the most significant public key algorithm, created by an unlikely trio of inventors. Jim Bidzos was a young playboy who found the commercialization of the RSA technology to be the challenge he needed in his hitherto shallow life of world travel, hot cars and fast women. Like Diffie, Phil Zimmerman marches to a drummer that only he can hear, yet this amateur programmer succeeded in popularizing strong encryption long before RSA and its millions in venture cap money did. Given his ten years of personal research and interviews of the people he chronicles, Levy's will probably be the definitive written account on many of these quirky visionaries.

The book is a quick read, but a good one. Technically, it is very accurate, with one unfortunate mistake on page 178 where it reads "Then he uses the hash function to recreate Alice's message from the digest..." Hash functions are 1-way functions, and cannot be reversed. If it read instead, "Then he uses the hash function to recreate Alice's message digest..." it would be more accurate. In order to verify a digital signature, the encrypted hash value provided by the sender is decrypted by their public key, which is then compared to another hash value generated by the verifying party (see p. 38 of "Applied Cryptography, 2nd Edition" by Bruce Schneier). Other than this confusion over how digital signatures are verified, the book does an excellent job of presenting the concepts of public key encryption to a non-technical reader. Besides being an enjoyable tale of business and technology history, this book could also be considered an executive-level introduction to the need for encryption on the Internet and the ways in which modern implementations provide it.

If you want to know what is happening when that little lock icon at the bottom of your web browser closes, you'll find a conceptual answer in this book. You'll not only learn the sequence of events that led to the development of SSL, but you'll also read the history of the first successful attempt to crack SSL security, and its significance to you as a customer of sites like Amazon. "Crypto" should appeal not only to those who are interested in the history of technology, but anyone wanting to understand more about the history and personal and commercial use of encryption on the Internet. Anyone involved in an e-commerce project or with an interest in information security would find this an interesting and accessible book. It is not a technology book per se, but I think most technically-oriented people will enjoy reading about how people like them had the drive and vision to change the world-especially when the odds were so heavily stacked against them.

This is a compelling and important story that needs to be told and understood. Levy is neither the first to undertake this telling, and undoubtedly won't be the last, but I'm convinced that this will become a classic of technology history-even more so than his earlier books. His thoroughness, extensive research, and evenhanded approach will make this book an important source for future researchers.

Overall, it is an interesting (if dry) read, and, at times will add words (a la Neal Stephenson in Cryptonomicon) to your vocabulary. If you are interested in the history of todays debates on cryptography, I recommend it. If you want to know more about cyphers and other code making/breaking, I would recommend something like Simon Singh's "The Code Book."

First, some of the key players "on the outside" are not mentioned; this may well be because most of those who aren't mentioned by now are "insiders." But this results in some of this book being a bit misleading. For example, serious work on cryptanalysis by outsiders, including one piece of work that Admiral Inman, when head of NSA, described as "the most brilliant piece of civilian cryptanalysis since World War II", was already going on by the late 1970s; this had serious national security implications, and helps to explain why NSA was so ambivalent about "outsiders" engaging in *any* crypto research. Overall, although NSA goofed badly several times, I think they managed to keep a more balanced view on the issue than I might have expected. The fact that Levy doesn't mention some of the key "outsider" work suggests to me that he may not have talked with (or at least didn't gain the confidence of) such people as Cipher Deavours and David Kahn, who could have given him perspective on the "outsider" work that he doesn't discuss.

Secondly, I infer that he was unable to get any of the NSA side of the story from NSA itself. This is a pity. It's presumably not Levy's fault; NSA only talks to people it decides to talk to, and then says only what it decides needs to be said. I assume that Levy tried to get information from NSA and failed; I don't know. But if NSA stonewalled Levy, it's because he didn't make the right contacts to get in touch with somebody who would have been willing to talk with him about NSA's viewpoint on various issues Levy discusses that are not sensitive in NSA's view. That extra information would have helped make Levy's book clearer and more complete. In spite of this, Levy is quite fair to NSA, which speaks well of his thoughtfulness and balance.

So, overall I regard this as a good book, well worth reading, provided one keeps in mind that it's not the complete story.