Almost 50 years after the crypto-war, the opponents of encryption are still wrong
When I reflect the return of crypto-wines—attempts to block citizens from using encryption by officials who want loose spy powers—I look back with dread to the late Middle Ages. I was not alive then, but one feature of those times has remained in my mind. From about 1337 until 1453, England and France fought a series of bloody battles. The conflict lasted so long that it was immortalized by its hundred-year duration: we know it as the Hundred Years’ War.
Crypto wars have yet to reach that mark. (In this column, I’ll be reclaiming the term “crypto” from its recent and denigrated use by blockchain enthusiasts, too many of whom haven’t read my 2001 book, um, Crypto.) Beginning with the publication of a groundbreaking paper in 1976 that introduced public-key cryptography—a means of expanding access to encryption that was developed just as the Internet was emerging—the battle between encryption advocates and their official opponents is approaching 50 years old.
From the beginning, government efforts to restrict or ban secure encrypted communications have been vigorous and persistent. But at the turn of the millennium, the struggle ended. Encryption was so obviously important to the Internet that it was built into every browser and increasingly incorporated into messaging systems. Government surveillance hasn’t ended – look at Edward Snowden’s revelations – but some government elements around the world have never been comfortable with the idea that citizens, including the most rotten among us, can share secrets safe from prying eyes. Every few years, a flurry of proposed new regulations is accompanied by scary “blackout” scenarios from FBI directors.
The arguments of the anti-crypto faction are always the same. If we allow encryption to flourish, they plead, we are protecting terrorists, child pornographers and drug traffickers. But the more compelling counterarguments have not changed either. If we don’t have encryption, no one can communicate safely. All become vulnerable to blackmail, theft and corporate espionage. And the last vestiges of private life disappeared. Creating a backdoor to allow authorities to peek into our secrets will only make those secrets more accessible to dark side hackers, thieves, and government agencies with unfinished business. And even if you try to ban encryption, nefarious people will still use it because the technology is well known. Crypto is a toothpaste that cannot go back into the tube.
The good news is that, for now, encryption is winning. After a long period where encryption was too difficult for most of us, some very popular services and tools have end-to-end encryption built in by default. Apple is the most notable adopter, but there’s also Meta’s WhatsApp and the respected standalone system Signal.
However, opponents of encryption continue to fight. In 2023, new battlefronts have emerged. The UK is proposing to amend its Investigatory Powers Act to include a provision requiring companies to provide plain text versions of communications to the government upon request. This is not possible without disabling end-to-end encryption. Apple has already threatened to pull iMessage and FaceTime out of the UK if the regulation is passed, and other integrated service providers may well follow suit or find an alternative way to continue. “I’m never going to willingly abandon people in the UK who deserve privacy,” says Signal president Meredith Whittaker. “If the government blocks Signal, we will install proxy servers like they did in Iran.”