The politics of wiretapping and encryption

Book Excerpt: Privacy on the Line

1 2 3 4 5 6 Page 3
Page 3 of 6

Privacy is the best-known benefit of cryptography; however, it is not the only one, and it may not be the most valuable one. Cryptography also provides authenticity, which enables communicators to be sure of the identities of the people with whom they are communicating. In a business transaction, authentication verifies that the person acting in one instance is the same person who acted in another -- that the person who is writing a check, for example, is the same person who opened the account and put the money in it.

The U.S. military responded to the rise of private cryptography by attempting to reestablish control over the technology through Atomic Energy Act-like prior restraint of research and publication. When this effort appeared to have failed (largely as a result of its obvious unconstitutionality), the government attempted to control cryptographic products directly, first through standardization and later through regulation of exports. In 1993, it unveiled the concept of key escrow -- cryptography that would provide protection against everyone except the U.S. government. Although the notion was not well received, its proponents (most of them in the government) kept pushing, constantly giving ground to business objections but holding firmly to the view that it is the government's right to take measures to guarantee that citizens cannot encode things so that the government cannot read them.

Despite the government's intransigence, business pressures carried the day. Slightly less than seven years after the announcement of the key escrow program, the export regulations -- the only actual law with much effect on the use of cryptography -- were changed.

In relaxing export controls on cryptography in early 2000 and abandoning its attempts to make escrowed encryption the norm, the U.S. government effectively acknowledged defeat in its battle to control cryptography at a direct regulatory level. Cryptography, however, is not a technology that is easy to use on a large scale, and those who predicted that ubiquitous cryptography would make wiretapping and signals intelligence things of the past were flatly wrong.

Ever since the explosion in cryptography brought on by the advent of radio in the early 20th century, the technique has been at its best in protecting the communications of closely knit groups like national military organizations. Cryptography has been less successful when applied to serve the needs of looser groups like coalitions. Before the development of public-key cryptography, the use of cryptography in diverse communities was a nonstarter. Cryptography is now a central technique, but many problems of scale are far from solved. It should not be surprising that the decline of regulation was not sufficient to deliver the overnight growth spurt that cryptography required to fulfill its promise.

The government's retreat from the attempt to stifle widespread use of cryptography has not been derailed by anti-terrorist fervor post-9/11; in fact, government promotion of cryptography has grown. The formal adoption of a high-grade cryptographic system as the Advanced Encryption Standard took place on November 26, 2001. A little over a year later, the system was approved for protection of classified information, and in 2005, the NSA bestowed that status on a full suite of public cryptographic algorithms. The NSA's actions are seen as serving two ends. The algorithms are expected to lead to widespread commercial incorporation of the approved algorithms and thereby lower government procurement costs. They will also facilitate improved secure communication among the parties to the overnight coalitions that are so active in promoting modern wars.

1 2 3 4 5 6 Page 3
Page 3 of 6
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon