There is a great deal about the online world that we take for granted; not least is how everyday communications are protected through strong cryptographic protocols.
Unfortunately, the security of Internet cryptography is now under attack by government officials, decrying the “encryption-by-default” policies promulgated by tech companies like Apple. This, however, is nothing new. It is merely a rehashing of an old battle the government waged and lost in the 1990s.
A mere quarter-century ago encryption was officially classified as a munition and tightly regulated by the U.S. government. It wasn’t until 1996 that the Clinton administration began relaxing these controls, allowing for the broad dissemination of encryption code across national borders, effectively ending what would later be termed the Crypto Wars.
The New America Foundation’s Open Technology Institute recently penned a brief paper discussing the encryption battles of the 1990s – a salient topic for anyone following the ongoing privacy and surveillance debates on the Hill. Of particular note in these disputations was the motley crew of early Internet denizens, self-identified as Cypherpunks.
The Cypherpunks were a loose affiliation of libertarian and left-leaning individuals who were concerned about the early Internet’s susceptibility to state control. Their solution was strong cryptography to reduce the power disparity between ordinary Internet users and the government. Julian Assange, of WikiLeaks fame and an early Cypherpunk, spoke to the philosophical justification for ubiquitous online encryption in his classic, A Call to Cryptographic Arms, stating:
Cryptography is the ultimate form of non-violent direct action. While nuclear weapons states can exert unlimited violence over even millions of individuals, strong cryptography means that a state, even by exercising unlimited violence, cannot violate the intent of individuals to keep secrets from them.
Strong cryptography can resist an unlimited application of violence. No amount of coercive force will ever solve a math problem.
This political perspective was the driving force behind the Cypherpunks’ commitment to strong encryption, and, ultimately, the dissemination of commercial encryption technologies that have helped create a safe and secure platform for Internet users.
Anyone under the impression that support for strong encryption lies in the purview of only anarchists and libertarians like the Cypherpunks, consider this: strong encryption is the basis for fundamental online security. It is used for everything from online banking to secure communications between dissidents in autocratic regimes. Indeed, secure online communication has become so expected that Microsoft recently announced it will encrypt Bing’s searches by default, and WikiLeaks is following suit. Even the United Nations has come out in support of encryption as necessary for preserving and expanding human rights in countries subject to authoritarian control.
As Lavabit founder Ladar Levison recently quipped during an interview with Reason TV, the need for encryption is more than merely protecting data at rest and in transit – it is fundamentally about protecting online speech. “If we are going to continue to preserve our right to free speech in the electronic age,” said Levison, “then we need to use tools like encryption.”
Some government officials, however, disagree.
James Comey, the director of the FBI, testified before Congress this past July on the concerns he and his fellow law enforcement comrades had regarding the possibility of certain devices and communications “going dark”; that is, becoming inaccessible black holes for which no warrant would decrypt.
To that end, Comey and others have called for “extraordinary access measures” that would permit law enforcement the ability to access encrypted channels using “backdoors.” However, these backdoors, which are ostensibly holes in the encryption, will only undermine the security of online communications.
Clearly Washington seems willing to reignite the Crypto Wars, casting doubt on the future of Americans’ online security.
Writing at Reason, Andrea Castillo makes an excellent comparison regarding the problem of mandating the creation of backdoors in software, pointing out that “[t]he prospect of intentionally weakening [encryption] techniques in an effort to crack down on shadowy cybercriminals should be as unthinkable today as a proposal to cripple real-world keys, locks, and walls to root out property thieves.”
John Perry Barlow, a founding member of the Electronic Frontier Foundation, excoriated the manner in which governments treated the budding Internet of the early 1990s in his seminal classic, A Declaration of the Independence of Cyberspace. In it he laid out the basic tenets that made the Internet so much different from the world of atoms and why it was worth fighting to protect it from the ravages of excessive state control:
Cyberspace consists of transactions, relationships, and thought itself, arrayed like a standing wave in the web of our communications. Ours is a world that is both everywhere and nowhere, but it is not where bodies live.
We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.
That world could, once more, be imperiled as a result of overzealous government officials who value expediency in prosecuting criminals over the fundamental right to online free speech and association—the very principles that have made the Internet such a wondrous and momentous invention.
Government opposition to cryptography today is based on the same foolish arguments seen during the first Crypto Wars in the 1990s. As G. K. Chesterton once quipped, “Nine out of ten new ideas are just old mistakes.” Government control over encryption definitely qualifies as one of these mistakes.