Waging crypto wars 2.0

I was drawn to security in the early 90s during the crypto battle against the U.S. government, which was trying to force companies to adopt broken encryption with built in backdoors, like the failed Clipper Chip. Fortunately, the crypto wars were won by the side of reason, not least because of activists hoarding crypto technology in offshore locations. Today we all enjoy strong, unbreakable, backdoor-free encryption as a result of the 90s crypto battle. That battle is about to begin again as the U.S. government proposes to introduce backdoors, by design fiat, into commercial communications security systems. They were wrong then and they are wrong now but the stakes are much higher this time.

What's up with encryption?

In the information age, communication security is paramount. It ensures the secure flow of money in electronic commerce, the free exchange of ideas and the flourishing of democracy, even in hostile regimes. Fortunately, the tools to secure communications are widely available and people around the world have access to strong encryption, unbreakable by any government. Encryption can be found in source code, with open peer-reviewed algorithms that can be implemented in any programming language, embedded in software and layered on top of any communications channel. The cat is well out of the bag. Yet, the U.S. government wants to pursue a futile effort to reverse history, putting the entire Internet in peril in pursuit of an illusion.

This effort is dangerous for many reasons. Backdoors can be exploited by groups other than those who built them -- for a perfect example, consider the case of Greek cellular communications where for almost a year an unknown party eavesdropped (using law enforcement backdoors) on the cell phones of the entire government.

Furthermore, backdoors in communications are subject to the whim of the current government in each country. They inevitably end up in the infrastructure of countries with oppressive regimes, subverting democracy on the U.S. taxpayers' dime. Even in the United States, we would be trusting the government to only use these powers with a warrant. Not only is that trust antithetical in principle to the U.S. constitution, but it has been abused repeatedly in the last decade alone. Worse, built-in comprehensive surveillance capability means that once the "wrong" government got into power, they could flip the switch and turn on pervasive, continuous and inescapable surveillance guaranteeing their rule, crushing dissent and bringing to bear power such as has never been wielded over a modern free society.

More importantly however, if strong encryption without backdoors is made a crime, only criminals will use it. The cost of universal insecurity would be paid, with absolutely no benefit in return. Criminals would continue to use today's readily available strong encryption, which will remain unbreakable for centuries. Meanwhile they would gain a whole new set of weak targets: regular citizens who will have been robbed of the self-defense weapon of communications security.

In the information age, the right to bear arms to protect against oppression and to provide for self-defense is the right to bear strong encryption. The right to free speech and expression is the right to write and use software without backdoors. I will not give up those right for the illusion of security, leaving only criminals secure. If you want my encryption algorithms, you'll have to pry the software source code from my cold, dead hands.

Learn more about this topic

Security: Risk and Reward 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in