-Caveat Lector- from: http://www.montrealgazette.com/technology/pages/990526/2642885.html <A HREF="http://www.montrealgazette.com/technology/pages/990526/2642885.html">Mon treal Gazette - Wednesday 26 May 1999 - Cyph </A> ----- Wednesday 26 May 1999 Cypherpunk on a roll $10,000-a-week consultant is brains behind leading-edge privacy software ANDY RIGA The Gazette RANDI LYNN BEACH, AP / Montreal-born Ian Goldberg at his desk at the University of California's Berkeley campus. Cyber-celebrity and high-priced consultant Ian Goldberg vividly remembers the day in 1995 when he realized he was on to something big. After discovering a bug in the supposedly bulletproof security of Netscape's Web browser, he and fellow student Dave Wagner posted their findings on an online discussion area about cryptography and security. "We thought, 'OK, it'll be interesting for academics and people interested in the security field,' " recalled Montreal-born Goldberg, sitting in a lounge in the University of California at Berkeley's famed computer-science department. The next day, the security hole made the New York Times, attracting a swarm of radio, TV and newspaper reporters to his cramped, book-strewn office. "We totally didn't expect it," said Goldberg, 26, now the brains behind Zero-Knowledge Systems, a hot Montreal start-up set to launch a test version Monday of revolutionary software that promises to finally make it possible to protect online privacy. "Dave didn't even come in the next morning because he was having his apartment fumigated. It was a big surprise that anyone would be interested in such an obscure detail of an implementation flaw. We've since learned our lesson: anything that has the words Internet and security in it will interest lots of people." Since then, Goldberg has gone on to discover embarrassing security lapses in digital phones, as well as in Intel's new Pentium III chip. "Every time we do something really big, I can't get any work done for a week or two because of all the media attention," Goldberg said. Sporting a scraggly goatee and a long ponytail, and wearing black jeans with white socks and sneakers, he doesn't look like a consultant who commands $10,000 U.S. a week, plus first-class travel and accommodations. But Goldberg, who in this perma-tan state has the pallor of a guy who lives in front of computers, isn't your average geek. He has been called one of the world's top cryptographers - and last fall was named by Wired magazine as one of the 25 most influential players in cyberspace. Goldberg, who moved to Toronto as a toddler, got into computers at 7 after getting a Commodore Pet. Soon after, he started programming. He studied pure math and computer science at the University of Waterloo, then headed to Berkeley in 1995, where he'll finish his PhD next year. The fame he earned with his wily ways has made him a rising star in Silicon Valley and helped spark the creation of a new Internet-security group at Berkeley. On the downside, dozens of start-ups hound him, hoping to get the Goldberg seal of approval. He charges exorbitant consulting fees to weed out the offers. Tiny, family-run Zero-Knowledge Systems was the first to get him to join its staff. His title at ZKS - one only a dot-com could come up with - is "chief scientist and head cypherpunk." He was recruited by ZKS president Austin Hill just over a year ago. Hill, who started ZKS after making a bundle by selling local Internet provider Totalnet to a Bell Canada division, had an Internet-privacy idea and wanted Goldberg to help design the system and to give credibility to the new firm. Hill cold-called Goldberg, suggesting ZKS could commercialize Goldberg's research in the area of protecting surfers' identities online using cryptography. It took some convincing. "It's a big project, very ambitious, a lot of work; it's hard to get right and you'd have to have a really awesome team to do it correctly, so I was skeptical," said Goldberg, who flew to Montreal to meet the company's developers after talking to Hill. "With cryptography, the details are everything - you get one tiny detail wrong and the whole thing is broken. But then I met the team and I was impressed. I thought, 'If anyone can do it, this team can.' " He signed on, but isn't charging ZKS "anything like $10,000 a week," Goldberg said. He got "some stock options, as well as some cash," though he says he doesn't "own a huge chunk" of ZKS, which has been valued by venture-capital firms at more than $70 million, though the 35-employee, Plateau Mont Royal-based firm has zero revenue. When he got on board, Goldberg scrapped some of the work ZKS had in progress and re-designed the software. During the school year, he visited ZKS every six weeks or so for intensive, one- or two-week sessions to review the work of in-house developers. The result of that year-long exercise is a software product called Freedom, which is already wowing privacy advocates and grabbing the attention of the powerful venture-capital firms that keep Silicon Valley humming. Freedom promises to allow Internet users to have complete privacy while sending E-mail or surfing the Web. ZKS expects to cash in on the fact that people are realizing their E-mail is easily snooped through and their Web surfing leaves traces that can be followed by authorities and marketers. Freedom subscribers use protected "pseudonyms." The system routes subscribers' encrypted information through an untraceable path over servers at Internet providers around the world. ZKS will launch a preliminary version of the software next week. More than 35,000 users have already signed up to test it. At one point, the online buzz about Freedom was so intense the sign-up rate was one person a minute. This week, Goldberg arrives in Montreal for the summer. He'll spend the next few months reviewing feedback and pondering possible security breaches. A final version is expected in early fall. "There's a lot of research to be done. It's not just taking something known and building it. There's a lot of actual thinking involved." Among the questions he's thinking about: how does ZKS secure the system against a co-ordinated attack? What happens if power is lost or if some malicious attacker takes out one site or one city? Will that bring down the whole network? "There are a lot of very interesting and research-worthy issues and this is the topic of my PhD, basically," Goldberg said. ZKS is essentially challenging hackers to find flaws over the summer. In fact, Goldberg has asked some of the world's other top security experts to try to break Freedom. The shoe will be on the other foot for Goldberg, who is used to cracking other people's code. "That's what I've done in the past. But, of course, that gives me experience in doing it right on the other side." He's putting a lot of work into the project because his reputation is on the line. One of the counter-intuitive things about cryptography, Goldberg said, is that "if you tell people exactly how it works, it makes the system stronger, not weaker. If everyone knows exactly how your system works and they still can't break it, then you've got a really strong system." If hackers are successful, "they can circumvent the security of the system. The worst case would be that they could figure out what user is behind what pseudonym. Now, we've intentionally made that difficult. Not even we know that, so it's not like you could hack into our server and find that database somewhere. Even if someone serves us with a subpoena, we can't tell you - we just don't have that info, hence the name of the company." And hence the controversy over the Freedom concept. Authorities are uneasy about Freedom, believing there is such a thing as too much freedom. They want some kind of opening through which police forces could monitor Internet use in certain situations. That's anathema to Goldberg, who is as much a privacy activist as a computer scientist. "Some people will use Freedom for not-so-nice ends. It's unfortunate. A lot more people will be using it for better social ends." A dissident in China could use Freedom to use the Web out of view of authorities, he noted. An alcoholic could use it to take part in an online discussion group without fear his boss will find out. What happens is someone hides behind Freedom software to anonymously intimidate or threaten someone? Goldberg said the victim can ask ZKS to have E-mail blocked from the aggressor. ZKS would also have the power to shut down a pseudonym, though there would be nothing to stop the cut-off user from signing up for a new one. That's the price to pay for privacy, Goldberg argues. "Without freedom, there's no way to, for example, be in a support chat group anonymously. This is really useful for groups" such as victims of abuse. "You cannot kidnap someone online. In fact, using Freedom, it's way easier to protect your children. By having them use Freedom no one knows what country they're in. How do you kidnap someone if you don't know what country they live in? "So all these people saying, 'Oh, drug deals will go on online now.' What? How do you deliver drugs online? A lot of people are throwing out totally ridiculous statements that ignore the fact that the thing that you can protect using Freedom and cryptography in general is speech." Why are authorities afraid of cryptography? Because they want to be able to monitor our every move, according to Goldberg. "They want to have the power to listen to everyone's thoughts. They would absolutely love that. If they could get some telepaths on board that could actually listen to a person's thoughts at random, they would be ecstatic, but that's exactly what I want to protect against." Ideas for other privacy technologies are now bouncing around in Goldberg's head - electronic cash, for example. It would let consumers buy online with the knowledge that online marketers can't track their every move. "Electronic cash will make the Internet safer and less Big Brother-ish place to do things," he said. "Right now, the only way basically to buy something is with credit cards. That's ridiculous. "Every time you use a credit card, it gets logged in this huge database. It gets data-mined. Every time you buy the littlest thing, just because you happen to buy it online, it's logged somewhere, so the vendors can figure out what you might want to buy next. We definitely need a way to do anonymous payments. And ZKS will be well-placed to do that." Site Seeing - Zero Knowledge: www.zks.net - Ian Goldberg: www.cs.berkeley.edu/~iang - Cypherpunks: www.csua.berkeley.edu/cypherpunks ------------------------------------------------------------------------ ©1999 The contents of this website are protected by copyright. All rights are reserved and commercial use is prohibited. To make use of this material you must first obtain the permission of the owner of the copyright. For further information on reuse of Gazette material in a non-electronic form, please contact P. Beaulieu in writing at The Gazette, 250 St. Antoine W., Montreal, Quebec, H2Y 3R7. ----- Aloha, He'Ping, Om, Shalom, Salaam. Em Hotep, Peace Be, Omnia Bona Bonis, All My Relations. Adieu, Adios, Aloha. Amen. Roads End Kris DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om