read comments from signatories

The Quicksilver Manifesto

People have secrets. Businesses have secrets. People and businesses suffer when their secrets are not kept. Despite the proliferation of means to protect secrets, our digital world today offers, at best, a series of band-aids and minimal protection to provide security.

And yet, our most significant challenge in providing robust security is not technology, but perception.

Over the last twenty years, a series of assumptions about cryptography have been deeply instilled in the security community. Unarticulated and incorrect assumptions hinder our community’s progress in building and fielding secure systems and needlessly limit concepts of what can be done in service of the consumer.

These assumptions are, in fact, quite basic.

First, there is a persistent belief that cryptography is slow. True, at one time it was. But the effects of Moore’s law and the advent of specialized hardware have made cryptography viable for many applications in which it is overlooked or dismissed today.

Second, there is a belief that cryptography is hard to employ. While cryptography was once an obscure art handed down from master to student, it is now a standard element of any self-respecting computer science curriculum and is supported by a wealth of open documentation.

These two false assumptions have had profound impact. To offer just a few examples:

  • The developers of BlueTooth, a protocol for close-range wireless connectivity, and the proponents of the Secure Digital Music Initiative both chose not to use an adequate cryptosystem. Both employ a weak form of security. Both were broken before reaching widespread market penetration.
  • Someone sitting in a hotel lobby with a cell phone scanner recently listened to a million dollar stock transaction.
  • Police departments, emergency services, and air traffic controllers all rely on communications that have no method of authenticating who is sending a message.
  • Consider how many computers are in your car. (The answer is "lots.") Do they or will they communicate with the Internet? Yes, absolutely. Yet as it stands today, you have no control about how the information can be accessed or used.

Every day, the potential exists for privacy to be compromised, business security to be breached and safety to be endangered. New standards are developed, new programs are built, and new services are delivered that continue to expand the impact of poor digital security measures.

It doesn’t need to be this way. A willingness to embrace effective cryptography today could improve our current security implementations. The possibility for pervasive application of cryptography paves the way for dramatic new approaches in the future.

The Quicksilver Manifesto is our call…

… to our peers in the research community: unleash your thinking about the opportunities afforded by abundant and pervasive cryptography.

… to every member of the security community: abandon the prejudices that constrain your ability to deliver strong security today.

… to every member of the digital community: demand that your interests take priority over obsolete beliefs about what can and can not be done to secure your information.

Conceive, Design, Demand and Buy Better Systems.

If you agree with this call to action, we invite you to sign the Quicksilver Manifesto

Learn more about the work of the Secure Document Systems area at the Palo Alto Research Center (includes presentations and publications).

Team bios