Peter Gutmann is a renowned computer scientist and author of the pioneering 1996 paper Secure Deletion of Data from Magnetic and Solid-State Memory. He devised an algorithm for the secure deletion of data on hard drives, named “The Gutmann Method,” which proved to be far more effective than several military-grade standards. His name has become legend in the world of information security and its lexicon, with hackers often referring to the permanent erasure of files as “running a Gutmann.”
What is it that you do and how did you get into it?
I got into computer security when I realised that continuing my previous work on data compression probably wasn’t a good long-term prospect. I could spend 5–10 years working on a PhD that advanced the state of the art by 5%. That ended up as a lucky break, because computer security work has turned out to be a lot more interesting. Then, about 15 years ago, after years of watching ordinary users struggle with security technology, I realised that you can’t just throw technology at something and declare victory (see for example Evgeny Morozov’s thoughts on the subject of technological solutionism). You have to look at the human-factors side of things as well. Why do people do the things they do, what mental processes are involved, and why do many security features function so poorly. Answer: they’re designed by geeks for geeks, and normal humans don’t process information anything like geeks do, so the measures fail when used by non-geeks. Sometimes people think I’m a cryptographer, which I’m not, I’m more a cross between a psychologist and an engineer. And probably several other things as well.
Why do you love doing it?
It's challenging and fun. Having said that, I also don’t do it all the time. There’s a certain amount of it that’s interesting and then I’ll go and do something else for a while. There’s a lot more to life than computer security.
Best or most interesting work experience of the last year?
Working for the International Atomic Energy Agency. Definitely the most interesting stuff I do because you get to look at security issues that never come up in other situations. For example how do you safely perform crypto in the presence of radiation that can randomly corrupt your computations or data, particularly when some of that corruption could end up leaking encryption keys?
Any advice for young people looking to do what you do?
An inquisitive mind is a lot more important than a formal education. Obviously having both helps, but there are a lot of really talented people in the security field who are entirely self-taught, and conversely university-educated people who couldn’t engineer their way out of a wet paper bag. So don’t be put off if you don’t have x years of university education behind you, you just need the right sort of mind-set. If you go into an art gallery and think “that’s a nice sculpture” then you may not be right for the computer security field; if you think “I wonder what it would take to airlift that out of here” then you may be. Either that or a budding criminal.
Any advice for the public about security or the internet in general?
Switch it off and unplug it, then you’ll be fine.
How do you like to spend your spare time?
Oh, all sorts, travel, photography, hanging out with friends, renovating the house, flossing the cat, the usual mix of spare-time stuff.
"For example how do you safely perform crypto in the presence of radiation that can randomly corrupt your computations or data, particularly when some of that corruption could end up leaking encryption keys?"