Anyone remember the Crypto wars of the 1990s? Back in the early 1990s, the U.S. placed strict regulations on the exportation of cryptography and even put encryption technologies it on the munitions list as auxiliary military equipment. This restriction was a real burden to software firms like Lotus, Microsoft, and Novell as they wanted to offer data confidentiality and integrity features for PC users. Eventually the NSA offered a compromise by approving a weak 40-bit encryption algorithm for export purposes.This was far from the end of the battle however. In 1993, the U.S. government (NSA) developed and promoted a technology called the Clipper chip, capable of encrypting telecommunications while providing a “back door” for government surveillance. Meanwhile, civil libertarians and privacy advocates fought to loosen government encryption restrictions in court.Yup, this issue may be a great one for soundbites and political speeches but history should teach us that we are really wasting our time. Organized criminals and terrorists already understand their outlaw status. To maintain anonymity and hid their data, they’ve adopted stealthing tactics, including the use of commercial and open source encryption technology.
Rise of PGP
While the government continued to fight for control of encryption on legal and technical fronts, a grassroots effort really made all other cryptographic battles moot. In 1991, a relatively unknown software engineer named Phil Zimmermann developed encryption software he named “Pretty Good Privacy” (PGP), the first widely-available software program using public-key cryptography. Subsequently, Zimmermann sent PGP around to like-minded friends and it was soon available for download on FTP servers all over the world. Suddenly, strong cryptography was pervasive.So between public outcry, industry pressure, legal challenges, international competition, and open source projects, the U.S. government realized it couldn’t control cryptographic technology after all. Ultimately, it abandoned the Clipper Chip fight in 1996 and loosened export restrictions in the late 1990s, culminating in simplified Dept. of Commerce rules in 2000.What History Teaches Us
This history is worth reviewing when considering the current Apple vs. DOJ battle. My thoughts:- The first issue in play is relatively myopic, the DOJ wants Apple to hack into a specific iPhone that belonged to one of the San Bernardino terrorists. My assumption is that this wouldn’t be too difficult for Apple from a technology standpoint as it could simply go into the iOS source code, find an exposed service or software vulnerability and develop an exploit to break into the phone. Okay, but this process would violate Apple’s stated privacy policy and commitment to customers.
- Aside from its reputation, Apple is really concerned about the possible precedent here. If Apple is willing to break into one phone, why not 10, 100, 1000, or more? The Edward Snowden episode demonstrated that the NSA has an insatiable appetite for private data. Apple is worried that its cooperation with the FBI/DOJ would end up sucking the company into a greater government surveillance vortex with no exit. Apple supporters like Facebook, Google, and Microsoft are also concerned that if Apple gives in, others will be forced to follow.
- And while the DOJ tries to focus the current brouhaha on a single phone, the bigger question is clearly about the dichotomy between privacy vs. national security. Political candidates, law enforcement officials, and intelligence agencies are positioning Apple vs. DOJ as the tip of the spear in a greater push for “back doors” into encryption technology so that the U.S. good guys can catch criminal and terrorist bad guys.
