Last September, Apple announced that their new iOS 8 operating system for iPhones and iPads would bring data encryption activated by default. Although probably most users will not notice this particular change in their operating system, the decision surely has stirred the “cryptosphere” and raised opposing voices from law enforcement, proving to be yet another notable battle in the long-standing Crypto Wars.
The origin of Crypto wars
The term Crypto Wars was coined many decades ago, during the Cold War, when cryptography was subject to heavy export laws in the United States. But it was most notable in the 90s, when hardware and software manufacturers were forced to diminish the security of their products sold overseas, since strong cryptography was regarded as munition. One of the most remarkable events of those heated Crypto War years was «Pretty Good Privacy», an easy-to-use encryption program written by Phil Zimmermann, who challenged US export regulations by printing the source code on a book and shipping it worldwide under the umbrella of the First Amendment. The federal decision to drop all charges against Zimmerman set the victory on the cypherpunk side, at least for a time.
Data leakage from former NSA contractor revealed US efforts to weaken public´s encryption capabilities
But then Snowden happened. Among all classified data leaked by the former NSA contractor were those detailing the BULLRUN program, an effort by the US agency to weaken the public’s cryptographic capacities, either by lobbying for the standardization and widespread adoption of back doored algorithms, actively penetrating secure networks and systems, exploiting weaknesses only known to them, or even inserting hidden vulnerabilities in relevant components to the internet security.
While many investigators agree on the consensus that the NSA is responsible for a number of vulnerabilities recently found (such as the one in NIST approved Dual_EC_DRBG random number generator), others go as far as to see the agency’s shadow behind some of the most renowned bugs of the last months, such as «go to fail» or even «Heartbleed», whose severity Bruce Schneier ranked at an 11 on a scale from 1 to 10.
The response to the revelation of BULLRUN and all other NSA programs was swift and loud (or Fast and Furious, I would say). The public’s interest in privacy has spiked and it’s, now more than ever, a frequent topic on forums, news sites and new product advertisements. Many existing companies joined the trend, too: transparency reports, data security guidelines, and cryptography whitepapers are now common among the internet giants.
Apple´s iOS8 will bring encryption by default
Encryption: the best weapon
But more proactive measures have been taken, too. Apple wasn’t alone on the approach to widespread default encryption last September. Google joined the announcement that same month, stating that new Android devices would also be encrypted by default. (Google ended backing up, but they stirred the waters nonetheless.)
Authorities weren’t pleased by the news, though. FBI director James Comey asked the Congress to «fix» default encryption, warning that «justice may be denied because of a locked phone or an encrypted hard drive» and that mistrust in government has gone «too far». Attorney General Loretta Lynch sided with Comey, alerting that encrypted communications provoked her «grave concerns». «We are seeing many more people involved in terrorism investigations using […] encrypted communications». On top of it all, UK Prime Minister David Cameron went as far as to warn that all messaging apps that didn’t provide a backdoor to the UK government would be banned. Meanwhile, some were calling for Google and Apple to build some kind of magic «golden key» that would unlock certain encryption programs when asked.
Security experts, on the other side, warn of the dangers of said . «You can’t build a “back door” that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You’re either vulnerable to eavesdropping by any of them, or you’re secure from eavesdropping from all of them», stated cryptography eminence Bruce Schneier. «There is no such thing as a vulnerability in technology that can only be used by nice people doing the right thing in accord with the rule of law. The existing “back doors” […] have become the go-to weak-spot for cyberwar and industrial espionage», added author and activist Cory Doctorow.
All in all, it looks like the war is still going to last for a while. And whether citizens keep their right to privacy, or a dark age comes to online security – only time will tell.
Arian Sameni
Security Engineer at SMiD Cloud
[1]https://en.wikipedia.org/wiki/Crypto_Wars
[2]https://en.wikipedia.org/wiki/Pretty_Good_Privacy
[3]https://en.wikipedia.org/wiki/Phil_Zimmermann
[4]https://en.wikipedia.org/?title=Cypherpunk
[5]http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption
[6]https://en.wikipedia.org/wiki/Dual_EC_DRBG
[7]https://www.imperialviolet.org/2014/02/22/applebug.html
[9]https://www.schneier.com/blog/archives/2014/04/heartbleed.html
[10]http://www.huffingtonpost.com/2014/10/16/james-comey-phone-encryption_n_5996808.html
[11]https://nakedsecurity.sophos.com/2014/10/21/fbi-director-james-comey-says-apple-and-google-go-too-far-with-default-encryption/
[12]https://firstlook.org/theintercept/2015/05/27/loretta-lynch-joins-obama-administration-fearmongering-encryption/
[13]http://arstechnica.com/tech-policy/2015/01/uk-prime-minister-wants-backdoors-into-messaging-apps-or-hell-ban-them/
[14]http://www.washingtonpost.com/opinions/compromise-needed-on-smartphone-encryption/2014/10/03/96680bf8-4a77-11e4-891d-713f052086a0_story.html
[15]http://edition.cnn.com/2014/10/03/opinion/schneier-apple-encryption-hysteria/
Images:
Empire II by Mick Royer
Snowden by AK Rockefeller