Why Are We Fighting the Crypto Wars Again?
The iPhone Crisis reignited a conflict that should have been settled in the 90s. The loser is our national security.
Last week I arrived in San Francisco to hear good news: Whitfield Diffie and Martin Hellman had won the ACM A.M. Turing Award. This is the Nobel Prize of computer science, with a million-dollar check and priceless prestige. The choice of these 2016 honorees is both long overdue and appropriately timely. Overdue because their contribution to the field (and to the world) was public key cryptography, which they created in 1976. And timely because the consequences of their invention — which would lead to the development of online privacy tools, whether the government liked it or not — are once again a flash point of Constitutional proportions.
The announcement of the award came at the massive annual RSA Conference. The gathering itself is a symbol of the growth of encryption in the public sector. The conference began in 1991, as a small gathering of a few dozen scientists and businesspeople. At the time, cryptography was only beginning to come out of a long period in the shadows. For decades, crypto had been considered a taboo topic of discussion, so deep into classified territory that when academics wrote papers with cryptographic implications, the government would quickly classify those documents, banning access even to their authors. Open statements almost never came from the National Security Agency (its name was seldom uttered, even in Congress), and its directors avoided public appearances with a zeal that made Howard Hughes look like Donald Trump.
Then came Diffie and Hellman, whose breakthrough enabled people to send encrypted messages to others without prior arrangements. Previously, encryption had involved the exchange of a key to unlock a message — so you had to agree beforehand on the key, and then protect it, because anyone who had the key could read the private message. Their insight did away with that, by using pairs of private and public digital keys. (You scramble a message with your recipient’s widely available public key, and now only the recipient can read it, by unscrambling the message with the matching private key.) This enabled e-commerce, digital signatures, and many other things.
But the authorities balked at the spread of this technology. The first commercial products using cryptography were essentially stifled by government export regulations. (If a company could not sell its product overseas, why bother to produce it?) The coming explosion of online commerce demanded that we protect our information, but law enforcement and intelligence agencies were dead-set against anything that would thwart their access to private information. Thus began the Crypto Wars. The government warned that unrestrained crypto would empower “bad guys” (terrorists, drug lords, kiddie porn purveyors). Business interests and privacy advocates argued that the only ones hurt would be citizens seeking to protect their information. (Disclosure boast: I wrote the book on this, and it’s still in print!)
Eventually the Clinton administration came to realize that electronic commerce and other digital pursuits simply could not happen without a free flow of crypto, and relaxed the standards. In short, a war for secure communications and storage was fought, and won, because we could not live without crypto. Also, there was that Constitution thing, since cryptography was a form of speech.
Today public key is baked into every browser and private transaction, used many times a day by all of us. And the RSA Conference, the gathering of the commercial crypto community that once fit comfortably into a suburban hotel ballroom, now hosts 40,000 people, with speakers that this year included the secretary of the defense, Sean Penn, and a former head of the NSA. (Last year the sitting director was there.)
To exhume a term used endlessly by policy wonks and cypherpunks back in the day, “the crypto genie is out of the bottle.” You could say that from the moment Diffie and Hellman made their discovery, this was inevitable, since math cannot be censored, and the physics of security dictates that a system that allows a government backdoor simply can’t do its job of protecting information.
But this was a hard-won lesson. For most of the ’90s, the government’s “compromise” on this issue — or its (pipe) dream — was that you could concoct a system where everything was locked down tight, but some carefully designed kink in the process would let the Feds get the information if they really wanted it. The NSA came up with an elaborate scheme to do just that, called “key escrow.” Its embodiment was the “Clipper Chip.” This was a piece of silicon designed to put the all-important keys (which unscramble encrypted messages, and are supposed to be held only by those for whom the messages are directed) in that aforementioned escrow, so that when the government needed to decode a message, it could ask for and receive the key that changed ciphertext to plaintext.
It was an unwieldy and impractical idea — especially since people who wanted security had options to buy stuff without Clipper Chips — and its demise helped lead the government to the conclusion that people highly motivated to protect their information were going to use crypto anyway. In theory at least, intelligence and law enforcement agreed to accept the fact that crypto was here to stay, and if they wanted to gain access to encrypted communications and files, they would do so by warrants and their own cryptanalysis, and not by demanding that the systems themselves should be weakened.
But now it seems the United States is welching on that deal. That is the essence of the current controversy over an Apple iPhone once used by one of the murderous and despicable terrorists who killed 14 people in San Bernardino. Apple has set up the onboard encryption systems on its phone so that the company does not hold the keys, and therefore can’t decode the text even if ordered to. Through a 227-year-old statute called the All Writs Act, the US essentially is demanding that Apple write new software that will make it easier for the government to break the code. (Hard to believe this is what those wig-hats had in mind in 1789.)
The Feds originally argued that their Apple motion is a one-time demand for this one phone, by this one really, really bad person. But it turns out that other prosecutors have their own encrypted phones with potential evidence in a variety of other cases. So think of this demand as a bespoke Clipper Chip, created by private-sector engineers who must produce it against their will. By demanding that Apple change its operating system to get access to a single iPhone — and then another, and another, and another — we are in the thick of Crypto Wars Redux.
Or as Diffie told me last week, at a small lunch celebrating the honor he shared with his collaborator, “This is the future we’re fighting about.”
Three big things have happened since the first round of the Crypto Wars. First, of course, was 9/11. The second was the Snowden revelations, which exposed how the government had stepped up its surveillance of communications, greatly increasing its cache of private information despite the existence of crypto. And the third, definitely related to factor two, was the explosion of new technologies — notably the iPhone and its progeny — that put even more of our personal information in the cloud. (In 2001, Google was just getting started.) All of these things make the stakes much higher this time around.
But here’s something that didn’t happen: a strong crypto infrastructure that protected our information and privacy. The fact is that while the security industry has boomed, our information really isn’t much safer than it was when we were fighting the first crypto war. This is because the tech world has been slow to build strong encryption into our systems as a default. It’s been too hard to use, and all too often businesses and institutions don’t even take obvious steps to secure data. Chronic lapses in our communications software and disasters happen on almost a daily basis. (Two horrifying examples from a long list: Anthem Blue Cross’s breach that exposed records of up to 80 million Americans; and the theft of over 21 million super-sensitive government background checks from the Office of Personnel Management). We simply haven’t used our capabilities to make our electrical grids, our credit card systems, and our ISPs bulletproof. As a result, the public has not fully reaped the spoils from winning that first crypto war.
But that’s changing. Because of the endless chain of spectacular security failures and the Snowden news that the NSA is grabbing everything it can, the tech industry is finally ramping up its security. American companies are worried that foreign customers might regard their products as direct conduits to American authorities. So they have changed their practices for moving information between their data centers. Now, confirming government’s biggest nightmare, Apple has planted a flag in the ground for privacy — endeavoring to scramble data on its iPhones so only customers can access them.
Is it any wonder that the government is rebooting the crypto wars? For the first time, it’s really struggling with the results of the first war, as more information is now encrypted, increasingly in a manner the government finds really hard (or impossible) to decode.
Apple has been impressively aggressive in its refusal to comply with that order, even though this test case involves possible information from a murderous terrorist. The company’s court filings outline with withering precision how complying with the government order — to essentially rewrite part of its operating system, an action it regards as an act of “compelled speech” — violates its rights and compromises the rights of its customers. With John Oliver-strength sarcasm, it refers to the software the FBI has ordered it to produce as “GovtOS.” Normally measured in everything but public displays of affection for his products, Apple CEO Tim Cook has shed his technocratic reserve and channeled his inner Clint Eastwood, invoking a moral basis for Apple’s stance. (While generally siding with him, Cook’s peers among the tech elite have been less confrontational. And I should say that my employer, Medium, was a party to one of the many amicus briefs filed in support of Apple in this case.)
As with the first round of the crypto wars, the stakes could not be higher. Once again, the government is seeking to control that genie first released by Diffie and Hellman. But the physics of computer security have not changed. Last July, a panel of fifteen eminent security specialists and cryptographers — many of whom are veterans of the first crypto war — released a report confirming there was no way for the government to demand a means of bypassing encryption without a dire compromise of security. It just doesn’t work.
One final anecdote. In the fall of 2001, I attended a book party for James Carville, the former Clinton advisor. Whether intentional or not, the party was held at a bar only a couple of streets north of Ground Zero. The site was still crawling with cranes and other machinery, untangling and carting off the wreckage. The pulverized residue of that fateful Tuesday — an unforgettable effluvium of dust and death — still lingered in that sector. But the party was very well attended, because it was broadly rumored that Bill himself would be dropping in. When the time window for the party ended, no one left, as the word was out that the former president was still intending to appear.
Sure enough, at around 9 — a half hour after the event was supposed to end — the man appeared. He immediately began working the room. At one point, my friend Jonathan Alter introduced us, explaining that I had written a book about the encryption controversy that had taken place during his administration. Clinton vigorously pumped my hand and fixed his eyes to mine, sucking me into a scary and exhilarating tunnel of total attention. How’d we do? he asked me, and waited for my answer as it it were the most important question he asked that day.
“Well,” I told the former president. “It took a while, but you finally got it right.”
Yes we did, but not enough. The government kept encryption legal, but benignly neglected it, while our infrastructure, our business plans, and our personal secrets lay exposed to thieves, vandals and foreign powers. Security flaws were a pain to users, but a useful tool for law enforcement and intelligence agencies. Now, post-Snowden, our tech companies are finally taking steps to implement strong-encryption-by-default, the best way to insure security and privacy. The FBI’s response? Clipper Chip redux.
And we’re back at square one.
Gif by Backchannel.