Crypto Wars – Can a Government Ban Mathematics?

Posted on Updated on by MilanCategories:Blog, historie

Prelude

In 1977, the American NBS, today’s NIST, standardized DES as a federal standard for protecting data in non-military federal computer systems. DES later spread into the private sector as well. The standard used a 56-bit variable part of the key, which was already shorter, and therefore weaker, than many people considered ideal even at the time.

And because the NSA was involved in the selection and shaping of the standard, it was not exactly paranoid to suspect that the short key length had been chosen deliberately, so that government agencies would still have a realistic chance of breaking the cipher and getting to the data of citizens and companies.

Diffie and Hellman argued as early as 1977 that a special-purpose machine costing around 20 million dollars could find a DES key in roughly a day – something that would have been realistic for an agency like the NSA. For comparison, today a DES key search using an RTX 3070-class graphics card would take roughly around 100 days on average.

This is where the question first appeared very clearly:

Should civilian encryption be strong even against the state, or only against ordinary attackers?

In October 1977, IEEE held the International Symposium on Information Theory at Cornell University, where Martin Hellman, Stephen Pohlig, Ralph Merkle and others were expected to present work on modern cryptography. Lawyer Joseph Meyer sent IEEE a letter suggesting that publishing cryptographic research could run into export-control laws, specifically ITAR – rules controlling the export of military and defense technologies, services and technical data. In plain language: export rules for weapons and defense technology. It later turned out that Meyer worked for the NSA.

IEEE did not cancel the conference. Academic cryptography refused to return to a quiet regime of pre-publication approval by the state.

It was an early attempt to scare the academic community. It was not yet a court case, but it was a signal: the state might treat cryptographic research as a controlled technology.

Space Presidential Directive NSDD-145

In the mid-1980s, the Reagan administration apparently thought it would be a good idea to centralize the security of sensitive federal information systems under a regime where the NSA had the leading role. This was Directive NSDD-145.

In practice, that meant the area of civilian computer security would come under much stronger influence from the intelligence community. Fittingly enough, this happened in 1984.

That triggered resistance from Congress, civilian institutions and parts of the private sector, because the NSA is a military and intelligence agency, not a civilian standards body.

In 1987, the Computer Security Act was passed, slowing the whole thing down. The law gave the main responsibility for the security of unclassified federal computer systems to the civilian NBS/NIST. The NSA was supposed to provide technical assistance, not become the main civilian authority.

Encryption Does Not Belong in the Hands of Ordinary People?

 

What If We Just Added a “Backdoor”?

On April 16, 1993, the White House announced the Clipper Chip. It was a government-backed encryption chip for secure communication, but with a key escrow mechanism – meaning that the government would have a way to access the keys after obtaining legal authorization.

This became one of the iconic symbols of the Crypto Wars. The government already understood that banning encryption outright would be difficult. But still: if people were going to encrypt, then the state wanted built-in access.

Clipper was supposed to encrypt communication, but at the same time attach a special packet for law enforcement to every encrypted conversation. That packet was called LEAF. LEAF was supposed to contain information that would allow the government, after obtaining proper authorization, to recover the encryption key and read the communication.

The very next year, Matt Blaze showed that the Clipper system could be made to send an invalid LEAF. The result? Two users could communicate normally with encryption, their devices would accept the communication, but law enforcement would not be able to recover the correct key from the LEAF.

That made Clipper much less useful as a tool for controlled wiretapping.

And it showed something important: a “safe government backdoor” is not only a legal question. It is also a fragile technical mechanism.

Putting “backdoors” into encryption is simply a bad idea, even though the idea keeps coming back with iron regularity. Either the backdoor can fail, or eventually it can be found and used by someone it was never meant for.

The First Shots

In 1991, Phil Zimmermann released PGPencryption software that an ordinary user could use to protect their messages and files. It was encryption that was not realistic to break with ordinary means. Zimmermann gave the public free access to something that had previously belonged mostly to government agencies, the military, academics and specialized companies.

But remember: ITAR still existed. The export rules for weapons and defense technology still applied. And according to the authorities, cryptography was a weapon.

So in 1993, Phil Zimmermann became the target of a federal investigation over suspicion that PGP had been exported illegally – in other words, that he had exported “weapons”. The investigation dragged on until 1996, when it was closed without charges.

And in 1997, the PGP source code was printed as books – more precisely, twelve books – and sent to Europe, where it was converted back into electronic form. That was legal.

How?

Because in the meantime, things had been happening.

This T-Shirt Is a Weapon!

If cypherpunks and crypto-anarchists are good at anything, apart from encryption, security, privacy and other minor details, it is trolling the authorities.

Encryption is a weapon? Hold my beer.

In 1995, Adam Back created a minimalist implementation of RSA in Perl. It was so short that it could be printed on something.

For example, on a T-shirt.

And that is exactly what Adam Back and the community around the cypherpunk mailing list did. They printed a warning on the shirt:

This shirt is classified as a munition and may not be exported from the United States, or shown to a foreign national

And of course, they printed the Perl code as well, including a barcode that could be scanned.

A Floppy Disk? Better Make It a Book

In 1994, Phil Karn asked the authorities whether he could export the book Applied Cryptography and whether he could put the source code from the book onto a floppy disk. The book was not considered controlled under ITAR, because it was a publicly available publication. Printing and exporting it was legal.

The floppy disk? That was different. It was subject to export control, because it was machine-readable cryptographic software. Without a license, it could not legally be exported or sent outside the United States.

It is one of the best examples of the absurdity of the export rules: the same code on paper was speech, or publication. On a floppy disk, it was already a defense article. Even though the book actually contained much more.

Karn was not exactly fine with that, so he sued the government. But in 1996, he lost in district court. The absurd distinction between a book and a floppy disk did not disappear because Karn won in court. It disappeared later, as the export rules were loosened.

Others also fought the government in court. Daniel J. Bernstein wanted to publish the Snuffle algorithm, its source code and related academic text. He argued that the export rules prevented him from teaching, publishing and discussing cryptography. He won in 1996, and the decision survived appeal in 1999.

And these cases helped make the legal export of PGP outside the United States possible:

In electronic form, PGP was a weapon. But printed on paper, it was free speech protected by the First Amendment of the United States Constitution.

By the way, Zimmermann’s company, PGP Inc., published a paper newsletter in 1997 called “The Zimmermann Telegram” to distribute cryptographic information by mail, because paper had stronger legal protection than electronic software. The name also referenced the original Zimmermann Telegram from the First World War – a secret German diplomatic message from 1917.

In that message, Germany offered Mexico an alliance against the United States if the US entered the war. The British intercepted and decrypted the telegram.

The End?

The situation became impossible for the authorities to maintain. The internet entered people’s homes, and the “export” of software became essentially impossible to regulate.

On September 16, 1999, the Clinton administration announced a major liberalization of encryption export rules. After a technical review, products with any key length could be exported to most individuals, companies and non-government users outside sanctioned or high-risk countries. This was the practical beginning of the end of the first phase of the Crypto Wars in their “export control” form.

On January 14, 2000, new Commerce Department rules took effect. The Federal Register published changes that significantly loosened the export and re-export of encryption software. For publicly available source code, notification was enough, and the rules explicitly addressed publication on the internet.

That was the practical turning point: strong cryptography could finally become a normal part of the internet, browsers, e-mail and commercial software.

Consequences

It might seem that the whole Crypto Wars story was just an episode involving a few lawsuits and a few clever stunts. But the consequences were much more serious.

For example, Netscape Navigator, the first widely used web browser, had a stronger American version, while the international version had to use weaker encryption, typically 40-bit.

The export version of Lotus Notes had 64-bit encryption, but 24 bits of the key were encrypted for the NSA. The result was that an ordinary attacker had to deal with 64 bits, while the NSA effectively had to deal with only 40 bits. IBM/Lotus received permission to export a stronger product in exchange for a mechanism that created a privileged attacker.

Debian historically had to keep cryptographic packages on servers outside the United States, because exporting cryptographic code from the US was a problem.

SSL support for Apache was for a long time handled outside the main Apache project and outside the United States, because exporting mod_ssl/OpenSSL from the US was legally problematic.

Java had restricted cryptographic policy for years, and “unlimited strength” crypto had to be installed separately. Oracle enabled unlimited crypto by default only in JDK 8u161, in 2018.

Because of export limits, special “step-up” SSL certificates were created, allowing some websites to upgrade weak 40/56-bit encryption to 128-bit encryption.

And the consequences lasted for a long time. Weak export-grade modes in TLS/SSL survived in implementations, and many years later they led to real attacks. FREAK abused export RSA. Logjam abused export Diffie-Hellman. DROWN abused weaknesses in SSLv2 and export-grade crypto.

The technical debt outlived the politics by 15 to 20 years.

The Four Horsemen of the Infocalypse

Timothy C. May called them the “Four Horsemen of the Infocalypse”: terrorists, pedophiles, drug dealers and financial criminals. His point was not that these threats do not exist. His point was that they are used again and again as universal arguments for restricting encryption, anonymity and privacy.

Today, US rules mostly no longer block the export of strong cryptography the way they did in the 1990s. But the footprint of the Crypto Wars has not disappeared completely: some public cryptographic source code still involves a notification regime, and commercial products with cryptography may still fall under export classification.

But this is not just an American story.

Politicians are especially good at repeating the mistakes of their predecessors while insisting that:

“This Time It Will Be Different, I Promise”

The first Crypto Wars did not end because states made peace with strong encryption. Only the language changed.

After 2000, politicians mostly stopped talking about banning cryptography or exporting “munitions”. Instead, they started talking about “lawful access”, “technical capability”, “traceability” or “client-side scanning”.

In practice, this often meant the same thing: creating a path for the state to get to the content of communication, even when users believe that communication is private and protected by end-to-end encryption.

We saw it in the American fight between the FBI and Apple after the San Bernardino attack, in the United Kingdom’s secret technical orders under the Investigatory Powers Act, in Australia’s Assistance and Access Act, in India’s demand to identify the originator of messages, in Russia’s pressure on Telegram and in the European debate around Chat Control.

The arguments?

Terrorism, organized crime, child protection, national security.

Visual Portfolio, Posts & Image Gallery for WordPress

Corporate Training

Employee training can greatly reduce the risk of a hacker's attack on your company

Infra audit

Infrastructure audit focused on security and privacy.