Who Wins? On the Return of The Crypto War

An student issue analysis for MIS41240 at University College Dublin.

Written by Keshav Joglekar, Summer 2019. Dublin.

The 1990s saw the first-ever Crypto War; a war between the government and the people over cryptographic technologies and access to their use. Cryptography has changed over millennia, from using orthodox aids like pen and paper to advanced computing technologies in the 20th century. Until the 1970s, strong cryptography was solely used by the government, but since the creation of the public encryption standard (DES) and the invention of public-key cryptography it has been brought into the public domain.

Computer experts have asserted that there is no way to build an encryption system that allows such “exceptional access”

What really ignited this so-called “Crypto War”? A key technology in the crypto war was the “Clipper Chip”. In 1993, the United States National Security Agency (NSA) developed a chip for use in consumer hardware telephones to “secure” communication lines, it was called the Clipper Chip. It would protect the channel from any interception by encrypting and decrypting the signal. The NSA was responsible for the development of the chip’s cryptographical algorithm – Skipjack, which was purported to be unbreakable. To encrypt and decrypt a signal, the right cryptographic keys were required, which in this case had to be surrendered to the government in “escrow” with “exceptional access”. With a court-approved wiretap, using a system called Law Enforcement Access Field (LEAF), the government agencies were able to listen into any conversation on the tapped channel. Sounds dodgy, doesn’t it? Would you be comfortable knowing that the government is capable of listening to every conversation you have? I wouldn’t, considering it is an invasion of my personal space. Apart from just being an impractical idea (those who wanted to avoid this intrusion could use other systems that used high grade cryptography) and possibly, an attempt by the government to eavesdrop on its people, the so-called “unbreakable” technology itself was broken. Matt Blaze, an AT&T Bell Laboratories researcher found a serious flaw enabling tech-savvy individuals like himself to create a rogue but valid key within 42 minutes. Law enforcement officials were unable to tell the difference between the real and counterfeit key. With this, we saw the demise of the Clipper Chip leading the government to realise that crypto is here to stay. This pre-empted the end of the first Crypto War.

In 2013, the Snowden leaks marked the return of the Crypto War exposing the mass surveillance tactics used by the NSA to spy on users’ data. This time, it was the tech giants who represented the privacy activists. A recent case was known as Apple vs FBI. The FBI demanded that Apple write new software to make it easier for the government to bypass Apple devices’ security, including unlocking them. Government agencies are now asking tech companies to provide them with a “backdoor” that bypasses the system’s traditional security mechanisms to monitor any malicious activity on their platforms. The Canadian phone maker Blackberry, recently lost a dispute against the Indian government over the state’s access to its data. Computer experts have asserted that there is no way to build an encryption system that allows such “exceptional access” without creating a risk that hackers will also be able to decrypt that information. There has been said to be no mathematical or workable way to create a “secure backdoor”. Matthew Green, a cryptologist at Johns Hopkins University has rightly stated, “it turns out that making something secure until you don’t want it to be secure is something of a paradox”. These tech giants have now been working to prevent any intrusion, be it government or any other actors by strengthening their security systems using techniques like end-to-end encryption. Law enforcement is now seeking the same

“exceptional access” as in the first Crypto War, but this time, through regulation and legislation.

Who wins? Will the government be able to utilize its legislative policies to break these tech giants? Or will these tech giants use their technical abilities to undermine the government? Encryption is a boon that has played a major role in bringing us closer to a secure world. A system that allows a backdoor cannot do its job of protecting information. By creating backdoors, the government is only causing harm to the very system it is trying to protect. It can be argued that such practices lead to loss of user privacy, government overreach, misuse of government funds, and regression of social values. You and I may not have anything to hide, but our very principle of privacy will be broken. The government does not want people to be able to exclude them from their lives; the people do not want the government snooping in all of their data. It’s a difficult paradox we’re facing today. Looking at it from an ethical perspective, the people should be wary of complying with the government’s desire to spy on all their communications. It isn’t only a matter of listening in but also concerns storing and analysing vast amounts of innocent citizens’ private data. Should the government have the authority to see who I talk to, email or message? Should they be able to access all of my personal data? Doesn’t seem right, does it? Strong encryption protects us. If the government wants to access encrypted communications and files, they should rely on their own cryptanalysis rather than demand that the systems themselves be weakened as seen in the aforementioned Apple vs FBI case.

With this, the final battle of the Crypto Wars is over and perhaps, the people have won, or rather, “crypto” has taken the lead.