Who are the “real” founders of Public Key Cryptography?

                                                                                                                                       Figure 1

In a nut shell, Public-key cryptography uses asymmetric algorithms in communications devices such as computers and mobile equipments to encrypt and decrypt messages. The algorithm on the sender's end uses a code, or key, to encrypt a message, and the recipient uses a different key to decrypt it which relates with the meaning of  “asymmetric."

                                                                                                        

As most people know already, the founders of public key technology are the researchers at Stanford and MIT who discovered it in 1976. More specifically, they are Whitfield Diffie, Martin Hellman, and Ralph Merkle. [1] Later on, their invention was named as “Diffie-Helman Key Exchange”. Although in 2002, Hellman suggested the algorithm should be called as Diffie-Hellman-Merkle key exchange, still it uses without Merkle’s name in most cases. Actually that is not the question. [2]

                                                Figure 2 - Left to Right : Merkle, Hellman and Diffie

In early 1970’s, British researchers named James Ellis, Clifford Cocks, and Malcolm Williamson invented public-key cryptography while working at a British intelligence agency, the Government Communications Headquarters (GCHQ), in Cheltenham, England. But surprisingly they kept it as a secret for nearly 25 years and finally broke the news in 1997. Unfortunately, Ellis died before he could enjoy the public recognition of it.[2]

                                                              Figure 3 - Malcolm Williamson

Even though that story had been revealed for more than 10 years, Diffie, Hellman and Merkle were awarded this year’s (2010) IEEE Richard W. Hamming Medal for invention of public-key cryptography. But in order to respect real owners of that technology, a group of IEEE members from Region 8, nominated the invention by Ellis, Cocks, and Williamson for an IEEE Milestone in Electrical Engineering and Computing, IEEE's 100th. [1]

How to prove first inventors of Public Key Cryptography?

In brief, Ellis came up with that idea but could not proceed because he was not a mathematician. So in 1973, Cocks who was a mathematician was asked to join with him and he had come up with the solution. But his solution was not simple enough to run on computers in that time. So Williamson, who was also a mathematician, had implemented the final solution. [1]

Who are Ron Rivest, Adi Shamir and Leonard Adleman (RSA)?

                                               Figure 4 - Left to Right : Shamir, Rivest and Adleman

They also came up with another ‘independent’ algorithm similar to Ellis, Cocks and Williamson’s scheme when they were at MIT in 1977. It was published in 1978 and became popular as “RSA”. [3]

Summary

1973 - Ellis, Cocks and Williamson came up with initial solution and kept as a secret until 1997. Solution was known as “non-secret encryption”
1976 - Diffie, Hellman and Merkle came up with another similar solution who believed ‘they were the first’ and earned credit for it.
1977 - Rivest, Shamir and Adelman came up with another ‘independent’ solution

Verdict

It is questionable still on who is the real inventor of this technology. Nobody has confirmed ‘officially’ regarding that yet. Most people do not know about this secret too.

References

[1] Bogdanowicz, A. 2010, Cryptography Breakthrough Is 100th Milestone , The Institute, viewed 5 Aug 2010, < http://www.ieee.org/portal/site/tionline/menuitem.130a3558587d56e8fb2275875bac26c8/index.jsp?&pName=institute_level1_article&TheCat=1008&article=tionline/legacy/inst2010/jun10/featurehistory.xml&>

[2] Diffie–Hellman key exchange , Wikipedia, viewed 5 Aug 2010, < http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange > 

[3] Public-key cryptography, Wikipedia, viewed 5 Aug 2010, < http://en.wikipedia.org/wiki/Public-key_cryptography >

[4] ‘Figure 1’ [image] in 2004, ‘Public Key Cryptography & PGP’ , Treachery Unlimited, viewed 5 Aug 2010, http://www.treachery.net/images/public_key_cryptography_and_pgp.jpg 

[5] ‘Figure 2’ [image] in Prevost, E. 2009, ‘Public Key Cryptography’, EdwardPrevost.info, viewed 5 Aug 2010, http://edwardprevost.info/Blog/2009/10/15/public-key-cryptography/

[6] ‘Figure 3’ [image], ‘Public Key Cryptography (PKC) History’, viewed 5 Aug 2010, http://www.livinginternet.com/i/is_crypt_pkc_inv.htm

[7] ‘Figure 4’ [image] in 2008, ‘Leonard Adleman’, Adleman Portraits, viewed 5 Aug 2010, http://www-history.mcs.st-and.ac.uk/PictDisplay/Adleman.html

My literature review on "Data Privacy"

Usage of information communications technologies (ICT) are beneficial in a way that individuals are able to solve their regular problems which are hard and cumbersome. Although ICT provides people with advantages, there can be social and ethical issues revolving around it. Issues may vary depending on purposes of ICT use. It is visible that most of those issues are related with online personal information privacy, accuracy of the information used, intellectual property rights and equal access rights. These mostly ignored issues grow along the time and it has created an opportunity for researchers to dig more deeper and find solutions in order to make the web more safer for online private information by stopping or minimizing the distribution of them. (Kuzu, 2009). In this review, personal information generated by various transactions and privacy problems resulting from the regular usage or sharing of them are addressed in deep in conjunction with legal support and solutions.

If privacy problems divide into two main categories, information reuse and unauthorised access can be taken. Information reuse means company making new uses of collected personal information legally. Unauthorised access violates either laws or corporate policies. Both issues can be harmful for a company in its customer relationships, share holders and regulators. As examples for information reuse, aggregation of data, data mining, new uses and sharing can be taken. It harms company due to incorrect inferences, decisions based on errors, exclusions and intrusions. Apart from reuse, unauthorized access is the most common way of breaching privacy. As examples unauthorised access to personal information and breaking into a system by a hacker can be taken. As well as accessing data from a stolen or unattended computer and failing to dispose sensitive data which leads to chaos can be taken too. (Cuinan & Williams, 2009)

If consider why people need privacy, information privacy can be divided in to three. First category is individuals or professionals who don’t want them selves to reveal their private secrets to public. As an example, a person may not allow anybody to access his medical files. The second category expects some sort of behaviour from co-workers to be protected. As an example, employees should not leave personal information on their desks and photocopier machines by mistake. The control is at their own hands. Finally the third category concerns data that looks non-sensitive but sensitive in reality. As an example, a whole story can be made out of small chunks of information which does not seem harmful picked from different places. In overall, individuals should be extra careful about their privacy at their work places. (Palm, 2009)

So if consider about legal support for this issue, fair information practices are global data protection principles which address privacy issues by defining guidelines. In most countries, fair information practices are implemented through common laws. In USA it is bit different. Laws are tailor made to a specific industry’s needs. As additional legal support for this in USA, Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act Regulations (HIPAA), Section 5 of the Federal Trade Commission Act, Massachusetts Security Rule (201 CFM 17.00) and Payment Card Security Standard (PCI–DSS) can be taken. (Cuinan & Williams, 2009)


As solutions for privacy leakage, some preventive actions can be taken as follows. When designing office layouts, extra effort should be taken in to account in order to design it in a way which protects employee’s privacy. As examples, not placing seats next to each other and separate work cubicles can be taken. (Palm, 2009) .Findings have revealed that even ICT professionals are not aware of ethics regarding data privacy. So formal education on ethical practices might help professionals to develop their knowledge in computer ethics. And also it is important to update company’s privacy policy regularly as necessary and make sure everybody know and follow it. Some employees are not aware of it since they read it for first time when they were recruited. (Kuzu, 2009). Apart from company’s perspective, everyone should take this issue serious and take actions against it in order to secure their privacy more. This review addressed personal information generated by various transactions and privacy problems resulting from the regular usage or sharing of them, reasons for protecting privacy, legal support and solutions for overcoming privacy related issues in depth.



References:

Cuinan, MJ & Williams, CC 2009, 'HOW ETHICS CAN ENHANCE ORGANIZATIONAL PRIVACY: LESSONS FROM THE CHOICEPOINT AND TJX DATA BREACHES', Mis Quarterly, vol. 33, no. 4, Dec, pp. 673-687

Kuzu, A 2009, 'PROBLEMS RELATED TO COMPUTER ETHICS: ORIGINS OF THE PROBLEMS AND SUGGESTED SOLUTIONS', Turkish Online Journal of Educational Technology, vol. 8, no. 2, Apr, pp. 91-110

Palm, E 2009, 'Privacy Expectations at Work-What is Reasonable and Why?', Ethical Theory and Moral Practice, vol. 12, no. 2, Apr, pp. 201-215