Cryptography as a hot topic in politics

I’m not an expert on crypto, but I do my homework when I go to use it — because it is important. It is also really easy to mess up.

Lately cryptography seems to be getting a little more attention in the political limelight than usual. Specifically, politicians are trying to drive the development and usage of new technologies with backdoors for the NSA. The conversation tends to lean towards actual crypto systems, so that’s what I’m talking about here…. though the conversation really makes much better sense when talking about other things.

I’m not trying to shed light on anything, but I do want to share my own opinions and point out the implications of one small fact that politicians seem to be ignoring:

Secure crypto-systems are publicly available.

What are the ramifications of this statement?

  • If we create new crypto-systems with backdoors, no one will use them (especially not terrorists) since the existing systems are excellent.
  • Even if we somehow forced every organization on the planet to stop using the currently secure systems and switch to a new system, the blueprints for the old systems are out in the wild. Drug dealers and terrorists can just follow the instructions to continue to use the secure systems.
  • Individuals can, right now, encrypt data manually and send it to each other. No CEOs of tech companies involved, and not even necessarily the internet.

Keep in mind that crypto research is always ongoing, and eventually today’s cryptography will likely be broken. However that will take years and years, there is no one-stop solution to the problem.

That reminds me, what is the problem? I think of this as a matter of “can” vs “should”. There are a lot of things the US government can do, but doesn’t (because it shouldn’t). Our government reserves the right to pull our asses out of the fire in exceptional circumstances, and that sometimes means doing those things that aren’t usually in the “should” category.

So here we are, the US has a thing they can’t do. That’s the problem. If you ask me if the government should be able to crack terrorist crypto the answer is “duh”. It certainly would be nice, in any case.