Though federal and state law enforcement, including the FBI, are pushing for backdoors into consumer encryption products more than ever, a new report this week reveals the first government battles against encryption began in the ’90s, and it asks if law enforcement and encryption providers are doomed to repeat that contentious history.
Since announcements last fall by companies including Apple and Google to use default end-to-end encryption on their mobile platforms, federal and state law enforcement agencies across the U.S., led by the FBI, have called for law enforcement “backdoors” into consumer encryption products, which they argue are essential to surveil and apprehend criminals.
Companies and industry representatives argue there’s no way to implement backdoors without making them accessible to hackers too, and inherently weakening encryption itself. The debate has since spread to Congress, where the FBI is lobbying lawmakers to force companies to comply via legislation.
The Open Technology Institute is one of the groups based in Washington pushing back against the FBI’s efforts to make backdoors a legal requirement, and as part of that effort, released a report Thursday highlighting the history of the federal government’s efforts to undermine encryption.
“Those who do not learn from history are doomed to repeat it,” director of the OTI Kevin Bankston said in a statement announcing the report Thursday. “Since so many law enforcement and intelligence officials today seem ready to start fighting Crypto Wars 2.0, it’s important to reflect on the history of the original Crypto Wars so as not to repeat the mistakes of the past.”
That history includes two primary efforts by the federal government to circumvent encryption in the 1990s at the birth of the modern Internet and encryption technologies to secure data transferred across it. In 1993, the Clinton White House tried to promote “key escrow” solutions to access encryption, including a microchip known as a “Clipper Chip” developed by the National Security Agency for use by telecommunications companies to encrypt voice data in their phone products. The chip essentially acted as a master key for accessing encryption, and was held by the government or a third party.
Companies, civil liberties advocates and experts immediately came out against the device, which was eventually found to be technologically flawed and insecure in 1994, killing its chances for adoption. By 1997, the government push to keep a key to every encrypted device failed from mounting pressure across the industry and civil liberties advocates.
Until 1996, the government designated encryption products for sale overseas as munitions exports subject to stricter overseas sale criteria, and put in place a number of limitations, including the type of encryption allowed for sale and a maximum cryptographic key length.
After the revelations that the restrictions would cost the U.S. economy billions in lost sales and that strong encryption products were being developed and sold by foreign companies overseas, the Clinton administration moved the majority of commercial encryption products from the U.S. Munitions List to the Commerce Control List of U.S. exports, thanks in large part to opposition by the same coalition responsible for battling Clipper Chip adoption. In 1999, the Clinton administration removed virtually all limitations on exported encryption products.
“By the end of the ’90s, after nearly a decade of debate, there was a broad bipartisan consensus that policies intended to weaken or restrict access to strong encryption were bad for privacy, bad for security, bad for business, and a bad strategy for combatting crime. Encryption backdoors are just bad policy, period, and that’s as true now as it was twenty years ago — even more so, when we need strong encryption to protect us from a growing range of cyberthreats.”
Despite the government’s acquiescence by the end of the 20th Century, which ushered in an era of explosive digital technological and economic growth across the globe, the debate appears poised to repeat itself in Washington.
“When a communications company, or an [Internet service provider] or a social media company elects to build in its software end-to-end encryption, and leaves no ability for even the company to access that, we don’t have the means by which to see the content,” assistant director of the FBI’s Counterterrorism Division Michael Steinbach told the House Homeland Security Committee earlier this month.
“That’s the challenge — working with those companies to build technological solutions to prevent encryption above all else,” Steinbach said.
“Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security,” Apple CEO Tim Cook told a conference in Washington via video the same week. “We can, and we must provide both in equal measure. We believe that people have a fundamental right to privacy. The American people demand it, the Constitution demands it, morality demands it.”
“So let me be crystal clear — weakening encryption or taking it away harms good people who are using it for the right reason,” Cook said.
So far Congress has acted on the side of companies. Lawmakers in the House recently passed an appropriations bill containing a number of amendments barring the FBI, NSA and other agencies from incentivizing companies to build backdoors or designating encryption standards. The bill is expected to face tougher scrutiny in the surveillance-hawkish Senate.
“The diverse alliance of privacy activists, tech experts, business leaders, and politicians from both sides of the aisle that banded together to fight the Crypto Wars set an example for Internet advocates that has since been followed in other successful campaigns like the fights for strong net neutrality rules and for post-Snowden surveillance reform,” senior policy analyst for OTI Danielle Kehl said in a statement.
“We have no doubt that if policymakers fail to heed the lessons of the 1990s — that encryption is good for the Internet economy, cybersecurity, and our civil liberties — an equally powerful and broad alliance will stand up to win the fight for our right to encrypt.”