The Math Behind Pellicano's Code
SCOTT SIMON, host:
For almost four years now federal investigators have been stymied by one man, Anthony Pellicano. Mr. Pellicano's a Hollywood private eye who's accused of illegally wiretapping phone calls on behalf of some of his clients. Now, so far the government has one recording that appears to have been made illegally. Prosecutors believe that other phone calls may be on Mr. Pellicano's computer hard drive, but code breakers haven't yet figured out how the detective may have encrypted those calls.
Encryption is the sport of mathematicians. We're joined by our math guy, Keith Devlin, from Palo Alto, California. Keith, thanks for being with us.
Mr. KEITH DEVLIN (Center for the Study of Language and Information, Stanford): Hello, Scott. Good to be here.
SIMON: And, look, if the government is right, how can one man, no matter how talented, but one man who's a private eye - we're not talking about a software developer - able to flummox some of the nation's best code breakers?
Mr. DEVLIN: Based on the reports I've read about this case, Pellicano is using a system called PGP, which stands for Pretty Good Privacy. Incidentally, the name is a rip-off from Prairie Home Companion, with Ralph's Pretty Good Grocery.
PGP was developed by a computer scientist called Phil Zimmerman in the early 1990s. And Zimmerman was a political activist. And he believed that if the government could have methods of secure email - they could send email with encryption - then ordinary citizens should be able to do the same.
So Zimmerman designed this system called PGP and made it widely available. Anyone could download from the Internet and it's actually an incredibly powerful way of encrypting files. In fact, it's so powerful that the U.S. government immediately declared PGP a military weapon and actually started to target Zimmerman for a criminal investigation for exporting military weapons overseas. And that carried on for several years. No charges were actually brought. But it does...
SIMON: I actually covered that story for a while. A PBS special that I did. And as I recall, talking to government prosecutors, they said if this can be downloaded by anybody, drug dealers can use it, mobsters can use it, and...
Mr. DEVLIN: Absolutely right. They're absolutely right. This can be used by anyone. And so indeed, it's very likely that the reports that Pellicano is using that system are correct. And anyone investigating his computer would be able to tell what system he's using. And so it's almost certain that he's using PGP.
But it is an incredibly secure system. Like most encryption systems, it comes in two parts. There's the actual encryption algorithm, which is a pretty complicated thing, and then there's a key or a password. So a user simply has to chose a password and then the PGP system does all of the encryption and makes the file or the message secure.
It's believed that the National Security Agency does actually know how to crack PGP; however they have never said that, and why should they? And they're surely not going to blow any knowledge they have by allowing testimony in open court. There's so much at stake in terms of encryption for natural security that even if the government can crack this - and my guess is they might well be able to - those guys are pretty damn smart - they're not going to actually use it in this kind of a cause, because it would just make it clear to everybody that they knew what to do.
SIMON: What kind of math do you have to know to decrypt a code?
Mr. DEVLIN: Oh, gosh. It's a mixture of all kinds of mathematics. These days most of these codes involve numbers, prime numbers in particular. So you need to know number theory. And that's actually one of the most difficult and most advanced parts of pure mathematics. It goes back two or three hundred years. It involves questions like Fermat's Last Theorem and the Riemann Hypothesis.
It's very, very sophisticated mathematics. That's actually not the case for PGP. But for most encryption systems, especially the Public Key systems that are widely used by the banks, you need to know very sophisticated number theory, analytic number theory, elliptical theory. I could start listing things you know and everyone's ears would glaze over. That's a strange metaphor - their eyes would glaze over and their ears would close up.
SIMON: And another possibility that we should mention, of course, is that Anthony Pellicano's an innocent man, is that he didn't do any of this.
Mr. DEVLIN: Right. I mean in this case - first of all, his entire PC was indeed encrypted using PGP. That was reported in the press two or three years ago. And after a year and a half or so, the FBI were able to crack it and open up his hard drive. The issue was there were some files on there that appeared to be encrypted, according to the testimony. And by all accounts I've read those are separately encrypted.
On the other hand, until you have actually decrypted any of those files, you don't know what they are. So you know, as an outside reader, this guy, if there really are secure files there, he's pretty shrewd. Because not only did he lock and encrypt his entire hard drive, but once you'd unlock that, there was another layer of security inside.
That's, for most people, that is incredibly deep foresight. So indeed, you know, it may be that there were no files of the kind that are alleged on his hard drive.
SIMON: Keith, thanks very much.
Mr. DEVLIN: Okay. My pleasure, Scott.
SIMON: Keith Devlin is our math guy. He's executive director for the Center for the Study of Language and Information at Stanford. And his most recent book is The Math Instinct: Why You're a Mathematical Genius Along With Lobsters, Birds, Cats and Dogs.