A retrospective on the fight for public access to cryptography and the world it gave us, ahead of this year’s Global Encryption Day.
Every year, Global Encryption Day falls on 21 October, spotlighting a technology that’s now so embedded in all of our lives it may be easy to take it for granted in spite of its tremendous impact — after all, it’s encryption that sparked the US$6 trillion ecommerce industry. While encryption is today a tool in the hands of the many, this wasn’t always the case. And it didn’t happen without a fight.
Languages: Bahasa Indonesia // 日本 // Française // 中文 // Español // Português // Русский // Türkçe
Whether the ‘ciphers’ of the Spartan scytale or unusual hieroglyphs found in Egyptian tombs, for nearly as long as writing systems have existed, so too has the need to conceal information using scrambled text, secret patterns, and codebooks.
For most of history these encryption techniques were used in military campaigns or by diplomats and governments to hide secrets from their enemies. They were the tools of the ruling class to further their goals in war and conquest. They were the preserve of spies to deploy in palace intrigues and subterfuge, tools of and for the halls of power.
That changed in the second half of the 20th century when a serious problem in cryptography was solved, doing away with the need of a third party to hold keys to decrypt messages. And it wasn’t the military or intelligence agencies that solved this critical problem, but a trio of Stanford mathematicians, Whitfield Diffie, Martin Hellman, and Ralph Merkle, whose work on public-key encryption would ultimately hand these tools to the masses.
The Crypto Wars never ended
Cryptography was once viewed as a weapon. In fact, when Phil Zimmermann wrote and published the Pretty Good Privacy (PGP) encryption system in 1991, the US government soon brought a criminal investigation against him for violating the Arms Export Control Act, because the code was distributed online and therefore outside the borders of the USA.
While the case was dropped without charges by 1996, the PGP debacle kickstarted a decades-long battle around ending export controls for cryptography. These were the ‘Crypto Wars,’ which officially drew to a close in 2000, when western countries eventually acquiesced and relaxed their restrictions.
Since then, encryption has become an essential component of our everyday lives. It is impossible to imagine our personal conversations on WhatsApp, our business communications, or our financial lives without strong encryption safeguards.
But this is only a very recent development. Throughout the 1990s, 2000s, 2010s, and through to the present day, the right to encryption has polarised two distinct camps.
On the one hand are activists and technologists who understand that encryption secures digital rights, safety, and dignity for all — such as the late pioneering cypherpunk Jude Milhon, who coined the phrase in the Cypherpunk Manifesto and who co-created the first ever public online computing system, Community Memory.
On the other are governments, security agencies and police forces that warn of its perils, and claim that encryption threatens the safety of citizens.
One of the original cypherpunks, Timothy C May, prophetically warned in 1988 that legislators would evoke the ‘Four Horsemen of the Infocalypse’ — crimes that no reasonable person would defend, like terrorism and child abuse — in order to curtail citizen access to cryptography.
It wouldn’t be long before he was proved right. Whether that PGP debate, or the NSA attempting to install backdoors into technology with its ‘Clipper Chip,’ it was reliably these threats that were used to undermine citizen access to encryption.
In 1997, the former director of the FBI, Louis J Freeh, told the Permanent Select Committee on Intelligence that encryption would usher in an era of impunity for “drug lords, spies, terrorists and even violent gangs.”
However, rather than the unconstrained crime and terrorism that Freeh warned of, encryption heralded in something very different to the doom of Freeh’s crystal ball. It birthed an era of innovation and the digital economy as we know it.
The huge impact of a little lock
Then as now, the biggest critics of encryption have often failed to publicly recognise its moral, financial, and social benefits.
Freeh’s statement was made just two years after the now-defunct Netscape browser introduced something called Secure Sockets Layers, or SSL. This protocol was designed to provide authentication and encryption between applications, servers, and machines across a network, all in the browser.
While the first iterations of SSL were buggy and insecure, they paved the way for the Transport Layer Security protocol, which would become and remains the default for in-browser encryption.
On everyone’s browser is an easily overlooked lock icon that sits next to your address bar. This symbol tells the web user that their connection to any given website is TLS-secure, with a base layer of security and privacy.
In stark contrast to “drug lords, spies, terrorists, and violent gangs” operating with impunity, in-browser encryption allowed early online retail platforms like eBay, Amazon, and PayPal to lay the groundwork for the $6 trillion ecommerce industry that exists today.
It’s unthinkable now that legislators would petition Amazon to remove the very technology that makes transactions secure for their customers. But in a parallel universe where encryption was criminalised, this would have been exactly the case, and the online economy could have stumbled at the first hurdle.
Here in our reality, this in-browser encryption led to an explosion in digital businesses, and more recently it even allowed the wheels to keep turning in the online realm while the Covid crisis forced populations into lockdown in the physical world.
Economy aside, encryption keeps personal communications between citizens private, so humans can interact with each other authentically. It has allowed activists living under the cosh of repressive governments to organise more freely. It has allowed citizens and human rights groups to document war crimes that would have otherwise passed without international attention. But just like in the Crypto Wars, encryption is under attack again, with the Four Horsemen of the Infocalypse rearing their heads once more.
Poisoning the well
Former FBI director Freeh was far from alone in his dim view on encryption back in 1997 and he’d be in even better company today. A renewed assault against encryption is taking place as governments everywhere busily craft overreaching policy to break its principles. The arguments are the very same that Timothy C May warned about.
In Britain, the sweeping Online Safety Bill threatens to install client-side scanning on devices, and similar encryption-busting proposals are underway across Europe. As president of the Signal Foundation Meredith Whittaker has warned, encryption either exists or it doesn’t, and the sweeping legislation led to Signal and others threatening to pull their services in Britain should client-side scanning become a reality.
And as quantum computing threatens to break all currently existing encryption, cryptographer Daniel Bernstein — who is currently working with Nym on speeding up Sphinx encryption — has alleged that the NSA is actively undermining post-quantum cryptography that could withstand codebreaking in the next computing era.
To be sure, criminals do use encrypted devices. In the Netherlands, encrypted phones are so commonly used by criminals that they are colloquially known as ‘boeventelefoons’ or ‘crook phones’.
But criminals also drive cars and drink water and ride bicycles, none of which, presumably, should be banned lest a criminal quench their thirst on a long ride. Breaking encryption for everyone is akin to poisoning the village well, to target the one criminal who may or may not be passing through.
Client-side scanning may not even be technically feasible to enforce, and will open Pandora’s box for undermining safety and security, possibly worldwide.
This in spite of the fact governments and police departments already have many tools in their arsenal to pursue criminals who are abusing encryption, as a recent sting targeting the EncroChat encrypted chat server leading to thousands of criminal cases against drug dealers across Europe showed.
It is difficult not to reach the conclusion that, rather than for the purposes of fighting crime, these renewed attacks are actually about normalising bulk surveillance — and not only that, but outsourcing the task to corporations like social media companies, while criminalising the pushback.
The next privacy paradigm
“Mass surveillance by governments and corporations will become normal and expected this decade and people will increasingly turn to new products and services to protect themselves from surveillance. The biggest consumer technology successes of this decade will be in the area of privacy.”
This quote is not by an activist or a community organiser or a cypherpunk coder. It was from the prominent venture capitalist Fred Wilson on 1 January 2020.
Figures like Wilson, Nym investors a16z, and multibillion Silicon Valley corporations like Apple all understand that people want their private communications to remain private just as they would in the physical world.
The goal of Nym is privacy for everyone. Nym addresses the network-layer privacy problem of the internet — that all communications online, even via privacy-enhanced applications, bleed metadata which is all extremely revealing when collected en masse, just as the NSA did.
Already, the Web 2.0 data privacy market is thriving. The global VPN market alone is projected to be worth US$358 billion by 2032. Fortune Business Insights expects the value of the worldwide data privacy market to reach US$30 billion by 2030.
But as the internet evolves into a more decentralised model that shakes off monopolies and the surveillance economy of Web 2.0, there is an enormous opportunity to swing the doors open to a new era of innovation — when the legacy problems of the public internet, such as that leaky network layer, are solved.
Now’s the time. Even with the current regulatory attacks on E2E, encryption is in a golden age.
This is largely due to Web3 and the spark of interest it has created in complex cryptographic innovation, from Sphinx to zero-knowledge proofs, as pioneered by Shafi Goldwasser. These are mostly based on cryptographic inventions from 30 to 40 years ago that have only now become operational or usable and are at last in the hands of ordinary people.
Just as the creators of that little TLS lock icon may not have foreseen the explosion in ecommerce, there is a world of invention waiting to flourish off the back of these cryptographic advances, with uses that none of us could have imagined. Who knows what’s coming next — provided the hard-won right to encryption is not ceded, not now, when it’s more important than ever.
Nym is a proud signatory of this year’s Global Encryption Day open letter to governments and the private sector, to reject efforts to undermine encryption and instead pursue policies that enhance, strengthen, and promote use of strong encryption to protect people everywhere.
Join the Nym Community
Discord // Telegram // Element // Twitter
Privacy loves company
English // 中文 // Русский // Türkçe // Tiếng Việt // 日本 // Française // Español // Português // 한국인
