July 25, 2012, 11:11 AM — Tatu Ylonen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security -- whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers -- recently spoke with Network World on a variety of security topics. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)
In the past we've discussed your growing up in Finland during the Cold War. And we've talked about how you invented SSH encryption as an open protocol in the 1990s when the U.S. was trying to force vendors to install a key-escrow system in every product using encryption so the government could gain access to encrypted data. So do you think the world's security is better now or worse?
I think it's getting worse. Consumer privacy is disappearing totally. And SSL [Secure Sockets Layer] is being questioned and the problem isn't the protocol itself but the key infrastructure. There have been several incidents where someone has stolen from the certificate authorities.
IN THE NEWS: Victim of half-million dollar cybercrime tells tale of fighting back
This stolen SSL certificate issue is certainly well known. Do you think SSL is useless?
Probably not useless but less useful than ever. It's much too easy for someone to break the encryption itself by creating fake certificates. Any major government can do it, as well as criminal organizations. And they are doing it. Definitely, we see the example for this in the Flame virus, forging certificates.
But what if anything could replace the SSL certificate infrastructure?
For consumers in the short term, no. But SSH is an option, especially for automation. It would require an extension to SSH. I actively proposed it to replace SSL 15 years ago but I was basically railroaded at the IETF by Microsoft and Sun!
As you mentioned, consumer privacy is disappearing online, especially with the kind of hyperactive marketing we do full-tilt in the U.S. Does the European viewpoint on data privacy for consumers seem to differ?
Laws are tighter in Europe but people use the same services. The real problem in my view is that you can target information to modify how they think. ... When you can control information for people -- it's an extremely powerful political tool.
