BY WHITFIELD DIFFIE
INFORMATION SECURITY:
50 YEARS BEHIND,
50 YEARS AHEAD
Trust among people and organizations will be even more critical in securing
communications and commerce in the future networked environment.
What was the state of information security—the combination of computer and communica-
tion security—as Communications first went to press? Cryptography was both secret and primi-
tive, able to protect the confidentiality of communications but unable to perform most of the
functions we ask of it today. Computer security was nonexistent.
Information security today is a vast field, with
more money, publications, and practitioners than
all of computer science had a half-century ago.
Cryptography is largely public and becoming a
standardized part of the infrastructure. Computer
security is not so settled but has made great strides
since its birth in the 1960s and is an important aspect
of day-to-day computer operations.
Where is information security going? Away. Today
it would be possible to say that you did a computation
securely if you did it entirely on your own computers
and if you protected them appropriately.
But we live at the end of the era of isolated computation. Within the next decade Web services will
have created a vast infrastructure of companies and
other organizations that can perform your most
important computations faster and cheaper than you
could ever do them for yourself, just as Google can
search better than you can. You’ll be unable to stay in
business without using them but also unable to conceal your secrets from them. All the cryptography,
bounds checking, and packet filtering will still be
there, but the main mechanism of information security will be contractual.
How did we get to this situation? In 1958 computer security would have been very difficult to distinguish from the security of the computer itself.
Computer rooms were guarded, operators and users
