Peter Gutmann (computer scientist)

{{about|the New Zealand computer scientist|the journalist|Peter Gutmann (journalist)}}

File:Kawaiicon 2019 Peter Gutmann (2) (cropped).jpg 2019]]

Peter Claus Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland, Auckland, New Zealand. He has a Ph.D. in computer science from the University of Auckland.{{cite thesis |last=Gutmann |first=Peter |year=2000 |type=Doctoral thesis |title=The Design and Verification of a Cryptographic Security Architecture |publisher=ResearchSpace@Auckland, University of Auckland |hdl=2292/2310 |url=https://researchspace.auckland.ac.nz/handle/2292/2310}} His Ph.D. thesis and a book based on the thesis were about a cryptographic security architecture.{{CiteQ|Q111963905}} He is interested in computer security issues, including security architecture, security usability (or more usually the lack thereof), and hardware security; he has discovered several flaws in publicly released cryptosystems and protocols. He is the developer of the cryptlib open source software security library and contributed to PGP version 2. In 1994 he developed the Secure FileSystem (SFS).{{cite web |work=Ralf Brown's Interrupt List |title=INTERRUP.1ST |edition=61 |editor-first=Ralf D. |editor-last=Brown |editor-link=Ralf D. Brown |date=2000-07-17 |url=https://www.cs.cmu.edu/~ralf/files.html |access-date=2017-08-23 |url-status=live |archive-url=https://web.archive.org/web/20170823163331/https://www.cs.cmu.edu/~ralf/files.html |archive-date=2017-08-23}} (NB. See file INTERRUP.1ST.) He is also known for his analysis of data deletion on electronic memory media, magnetic and otherwise, and devised the Gutmann method for erasing data from a hard drive more or less securely. These analyses have gained great popularity, although they are based on numerous inaccuracies and incorrect assumptions.{{cite web | url=https://kaleron.edu.pl/throwing-Gutmanns-algorithm-into-the-trash.php | title=Throwing Gutmann's algorithm into the trash - about effectiveness of data overwriting }} Having lived in New Zealand for some time, he has written on such subjects as weta (a group of insects endemic to New Zealand), and the Auckland power crisis of 1998, during which the electrical power system failed completely in the central city for five weeks, which he has blogged about. He has also written on his career as an "arms courier" for New Zealand, detailing the difficulties faced in complying with customs control regulations with respect to cryptographic products, which were once classed as "munitions" by various jurisdictions including the United States.

Criticism of Windows Vista

His white paper "Cost Analysis of Windows Vista Content Protection", in which he described the content protection specification as "the longest suicide note in history",{{cite web |first=Peter |last=Gutmann |date=2006-12-26 |df=mdy |title=A Cost Analysis of Windows Vista Content Protection |url=https://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html |department=School of Computer Science |website=Faculty of Science |publisher=University of Auckland |access-date=2019-08-12}} generated considerable public interest since it was first posted in 2006. He discussed this with Steve Gibson in episode #74 of the Security Now! podcast on 2007-01-11.{{cite episode |last=Gibson |first=Steve |author-link=Steve Gibson (computer programmer) |date=2007-01-11 |df=mdy |title=Peter Gutmann on Vista Content Protection |url=https://twit.tv/shows/security-now/episodes/74 |series=Security Now |number=74 |network=TWiT.tv |transcript=GRC Security Now! Transcript |transcript-url=https://www.grc.com/sn/SN-074.htm |accessdate=2019-08-12}}

= Response to Criticism =

In an article{{cite web | url=https://www.zdnet.com/article/gutmann-vista-drm-paper-uses-shoddy-web-forums-as-source/ | title=Gutmann Vista DRM paper uses shoddy Web Forums as source | website=ZDNet }} written on September 1, 2007, George Ou offers a rebuttal to Gutmann's statements on Windows Vista. Peter Gutmann is quoted in reference to Windows Vista as saying, "Can others confirm this? I don't run Vista yet, but if this is true then it would seem to disconfirm Microsoft's Claims that the content protection doesn't interfere with playback and is only active when premium content is present.". This garnered criticism from audiences who didn't trust the primary use of secondhand information for detailed data, which was often found on forums. When the quality of Gutmann's research came into question, George Ou himself tested certain assertions from the white paper. He found significant differences between what was reported to be true and what was revealed to occur when performed firsthand, and failed to reproduce multiple alleged results in his own tests.

Bibliography

{{cite book |last=Gutmann |first=Peter |date=2014 |title=Engineering Security (Book Draft April 2014)|url=https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf | publisher=Peter Gutmann, Book Draft published online }}
{{cite book |last=Gutmann |first=Peter |date=2003 |title=Cryptographic Security Architecture: Design and Verification |url=https://archive.org/details/springer_10.1007-b97264 |publisher=Springer-Verlag |doi=10.1007/b97264 |isbn=0-387-95387-6|s2cid=27659379 }}
{{cite thesis |type=PhD |last=Gutmann |first=Peter |date=2000 |title=The Design and Verification of a Cryptographic Security Architecture |publisher=University of Auckland |hdl=2292/2310}}