HOME

TheInfoList



OR:

Attempts, unofficially dubbed the "Crypto Wars", have been made by the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
(US) and allied governments to limit the public's and foreign nations' access to
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
strong enough to thwart
decryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
by national intelligence agencies, especially the
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
(NSA).


Export of cryptography from the United States


Cold War era

In the early days of the
Cold War The Cold War is a term commonly used to refer to a period of geopolitical tension between the United States and the Soviet Union and their respective allies, the Western Bloc and the Eastern Bloc. The term '' cold war'' is used because the ...
, the U.S. and its allies developed an elaborate series of export control regulations designed to prevent a wide range of Western technology from falling into the hands of others, particularly the
Eastern bloc The Eastern Bloc, also known as the Communist Bloc and the Soviet Bloc, was the group of socialist states of Central and Eastern Europe, East Asia, Southeast Asia, Africa, and Latin America under the influence of the Soviet Union that existed du ...
. All export of technology classed as 'critical' required a license.
CoCom The Cocom or Cocomes were a Maya family or dynasty who controlled the Yucatán Peninsula in the late Postclassic period. Their capital was at Mayapan. The dynasty was founded by Hunac Ceel, and was overthrown sometime between 1440 and 1441 by Ah ...
was organized to coordinate Western export controls. Two types of technology were protected: technology associated only with weapons of war ("munitions") and dual use technology, which also had commercial applications. In the U.S., dual use technology export was controlled by the
Department of Commerce The United States Department of Commerce is an executive department of the U.S. federal government concerned with creating the conditions for economic growth and opportunity. Among its tasks are gathering economic and demographic data for bu ...
, while munitions were controlled by the
State Department The United States Department of State (DOS), or State Department, is an United States federal executive departments, executive department of the Federal government of the United States, U.S. federal government responsible for the country's fore ...
. Since in the immediate post
WWII World War II or the Second World War, often abbreviated as WWII or WW2, was a world war that lasted from 1939 to 1945. It involved the vast majority of the world's countries—including all of the great powers—forming two opposin ...
period the market for cryptography was almost entirely military, the encryption technology (techniques as well as equipment and, after computers became important, crypto software) was included as a Category XIII item into the
United States Munitions List The United States Munitions List (USML) is a list of articles, services, and related technology designated as Military, defense and space-related by the Federal government of the United States, United States federal government. This designation ...
. The multinational control of the export of cryptography on the Western side of the cold war divide was done via the mechanisms of CoCom. By the 1960s, however, financial organizations were beginning to require strong commercial
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
on the rapidly growing field of wired money transfer. The U.S. Government's introduction of the
Data Encryption Standard The Data Encryption Standard (DES ) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cry ...
in 1975 meant that commercial uses of high quality encryption would become common, and serious problems of export control began to arise. Generally these were dealt with through case-by-case export license request proceedings brought by computer manufacturers, such as IBM, and by their large corporate customers.


PC era

Encryption export controls became a matter of public concern with the introduction of the
personal computer A personal computer (PC) is a multi-purpose microcomputer whose size, capabilities, and price make it feasible for individual use. Personal computers are intended to be operated directly by an end user, rather than by a computer expert or tec ...
.
Phil Zimmermann Philip R. Zimmermann (born 1954) is an American computer scientist and Cryptography, cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. He is also known for his work in VoI ...
's
PGP PGP or Pgp may refer to: Science and technology * P-glycoprotein, a type of protein * Pelvic girdle pain, a pregnancy discomfort * Personal Genome Project, to sequence genomes and medical records * Pretty Good Privacy, a computer program for the ...
cryptosystem In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one for ...
and its distribution on the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
in 1991 was the first major 'individual level' challenge to controls on export of cryptography. The growth of
electronic commerce E-commerce (electronic commerce) is the activity of electronically buying or selling of products on online services or over the Internet. E-commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain manageme ...
in the 1990s created additional pressure for reduced restrictions. Shortly afterward,
Netscape Netscape Communications Corporation (originally Mosaic Communications Corporation) was an American independent computer services company with headquarters in Mountain View, California and then Dulles, Virginia. Its Netscape web browser was onc ...
's SSL technology was widely adopted as a method for protecting credit card transactions using
public key cryptography Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
. SSL-encrypted messages used the
RC4 In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
cipher, and used 128-bit
keys Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map ...
. U.S. government export regulations would not permit crypto systems using 128-bit keys to be exported. At this stage Western governments had, in practice, a split personality when it came to encryption; policy was made by the military cryptanalysts, who were solely concerned with preventing their 'enemies' acquiring secrets, but that policy was then communicated to commerce by officials whose job was to support industry. The longest
key size In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher). Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastest ...
allowed for export without individual license proceedings was 40 bits, so Netscape developed two versions of its
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
. The "U.S. edition" had the full 128-bit strength. The "International Edition" had its effective key length reduced to 40 bits by revealing 88 bits of the key in the SSL
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...
. Acquiring the 'U.S. domestic' version turned out to be sufficient hassle that most computer users, even in the U.S., ended up with the 'International' version, whose weak 40-bit encryption could be broken in a matter of days using a single personal computer. A similar situation occurred with Lotus Notes for the same reasons. Legal challenges by
Peter Junger Peter D. Junger (1933 – November 2006) was a computer law professor and Internet activist, most famous for having fought against the U.S. government's regulations of and export controls on encryption software. The case, '' Junger v. Daley'' (6 ...
and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U.S., and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in President
Bill Clinton William Jefferson Clinton ( né Blythe III; born August 19, 1946) is an American politician who served as the 42nd president of the United States from 1993 to 2001. He previously served as governor of Arkansas from 1979 to 1981 and agai ...
signing the
Executive order In the United States, an executive order is a directive by the president of the United States that manages operations of the federal government. The legal or constitutional basis for executive orders has multiple sources. Article Two of th ...
13026 transferring the commercial encryption from the Munition List to the Commerce Control List. Furthermore, the order stated that, "the software shall not be considered or treated as 'technology'" in the sense of
Export Administration Regulations The Export Administration Regulations (EAR) are a set of regulations found a15 C.F.R. § 730 ''et seq'' They are administered by the Bureau of Industry and Security, which is part of the US Commerce Department. The EAR regulates export and expor ...
. This order permitted the
United States Department of Commerce The United States Department of Commerce is an executive department of the U.S. federal government concerned with creating the conditions for economic growth and opportunity. Among its tasks are gathering economic and demographic data for bu ...
to implement rules that greatly simplified the export of proprietary and
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
software containing cryptography, which they did in 2000.


2000s

As of 2009, non-military cryptography exports from the U.S. are controlled by the Department of Commerce's
Bureau of Industry and Security The Bureau of Industry and Security (BIS) is an agency of the United States Department of Commerce that deals with issues involving national security and high technology. A principal goal for the bureau is helping stop the proliferation of weapo ...
. Some restrictions still exist, even for mass market products, particularly with regard to export to "
rogue states "Rogue state" (or sometimes "outlaw state") is a term applied by some international theorists to states that they consider threatening to the world's peace. These states meet certain criteria, such as being ruled by Authoritarianism, authorita ...
" and
terrorist Terrorism, in its broadest sense, is the use of criminal violence to provoke a state of terror or fear, mostly with the intention to achieve political or religious aims. The term is used in this regard primarily to refer to intentional violen ...
organizations. Militarized encryption equipment,
TEMPEST Tempest is a synonym for a storm. '' The Tempest'' is a play by William Shakespeare. Tempest or The Tempest may also refer to: Arts and entertainment Films * ''The Tempest'' (1908 film), a British silent film * ''The Tempest'' (1911 film), a ...
-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license (pp. 6–7). Furthermore, encryption registration with the BIS is required for the export of "mass market encryption commodities, software and components with encryption exceeding 64 bits" (). In addition, other items require a one-time review by or notification to BIS prior to export to most countries. For instance, the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required. Export regulations have been relaxed from pre-1996 standards, but are still complex. Other countries, notably those participating in the
Wassenaar Arrangement The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a multilateral export control regime (MECR) with 42 participating states including many former Comecon (Warsaw Pact) countries established ...
, have similar restrictions.


Export of cryptography from the UK

Until 1996, the UK government withheld export licenses from exporters unless they used weak ciphers or short keys, and generally discouraged practical public cryptography. A debate about cryptography for the NHS brought this out in the open.


Mobile phone signals


Clipper chip

The Clipper chip was a chipset for mobile phones made by the NSA in the 1990s, which implemented encryption with a
backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so title ...
for the US government. The US government tried to get phone manufacturers to adopt the chipset, but without success, and the program was finally defunct by 1996.


A5/1 (GSM encryption)

A5/1 is a
stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream ...
used to provide over-the-air communication
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
in the
GSM The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation ( 2G) digital cellular networks used by mobile devices such ...
cellular telephone A mobile phone, cellular phone, cell phone, cellphone, handphone, hand phone or pocket phone, sometimes shortened to simply mobile, cell, or just phone, is a portable telephone that can make and receive telephone call, calls over a radio freq ...
standard. Security researcher Ross Anderson reported in 1994 that "there was a terrific row between the
NATO The North Atlantic Treaty Organization (NATO, ; french: Organisation du traité de l'Atlantique nord, ), also called the North Atlantic Alliance, is an intergovernmental military alliance between 30 member states – 28 European and two No ...
signal intelligence agencies in the mid-1980s over whether GSM encryption should be strong or not. The Germans said it should be, as they shared a long border with the
Warsaw Pact The Warsaw Pact (WP) or Treaty of Warsaw, formally the Treaty of Friendship, Cooperation and Mutual Assistance, was a collective defense treaty signed in Warsaw, Poland, between the Soviet Union and seven other Eastern Bloc socialist republic ...
; but the other countries didn't feel this way, and the algorithm as now fielded is a French design." According to professor Jan Arild Audestad, at the standardization process which started in 1982, A5/1 was originally proposed to have a key length of 128 bits. At that time, 128 bits was projected to be secure for at least 15 years. It is now estimated that 128 bits would in fact also still be secure as of 2014. Audestad, Peter van der Arend, and
Thomas Haug Dr. Thomas Haug (born 1927 in Norway) is an electrical engineer known for developing the cellular telephone networks. Haug received a master's degree in Electrical Engineering from the Technical University of Norway in Trondheim in 1951, and a deg ...
say that the British insisted on weaker encryption, with Haug saying he was told by the British delegate that this was to allow the British secret service to eavesdrop more easily. The British proposed a key length of 48 bits, while the West Germans wanted stronger encryption to protect against East German spying, so the compromise became a key length of 56 bits. In general, a key of length 56 is 2^=2^=4.7 \times 10^ times easier to break than a key of length 128.


DES Challenges

The widely-used
DES Des is a masculine given name, mostly a short form (hypocorism) of Desmond. People named Des include: People * Des Buckingham, English football manager * Des Corcoran, (1928–2004), Australian politician * Des Dillon (disambiguation), sever ...
encryption algorithm was originally planned by IBM to have a key size of 128 bits; the NSA lobbied for a key size of 48 bits. The end compromise were a key size of 64 bits, 8 of which were parity bits, to make an effective key security parameter of 56 bits. DES was considered insecure as early as 1977, and documents leaked in the 2013 Snowden leak shows that it was in fact easily crackable by the NSA, but was still recommended by
NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
. The
DES Challenges The DES Challenges were a series of brute force attack contests created by RSA Security to highlight the lack of security provided by the Data Encryption Standard. The Contests The first challenge began in 1997 and was solved in 96 days by the D ...
were a series of
brute force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct ...
contests created by
RSA Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, ...
to highlight the lack of security provided by the
Data Encryption Standard The Data Encryption Standard (DES ) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cry ...
. As part of the successful cracking of the DES-encoded messages, the EFF constructed a specialized DES cracking computer nicknamed
Deep Crack In cryptography, the EFF DES cracker (nicknamed "Deep Crack") is a machine built by the Electronic Frontier Foundation (EFF) in 1998, to perform a brute force search of the Data Encryption Standard (DES) cipher's key space – that is, to dec ...
. The successful cracking of DES likely helped to gather both political and technical support for more advanced encryption in the hands of ordinary citizens. In 1997, NIST began a competition to select a replacement for DES, resulting in the publication in 2000 of the
Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
(AES). AES is still considered secure as of 2019, and the NSA considers AES strong enough to protect information classified at the Top Secret level.


Snowden and NSA's Bullrun program

Fearing widespread adoption of encryption, the NSA set out to stealthily influence and weaken encryption standards and obtain master keys—either by agreement, by force of law, or by computer network exploitation ( hacking). According to the ''New York Times'': "But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government's nuclear department and another's Internet service by cracking the virtual private networks that protected them. By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300." As part of Bullrun, NSA has also been actively working to "insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets". ''The New York Times'' has reported that the random number generator
Dual_EC_DRBG Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criti ...
contains a back door from the NSA, which would allow the NSA to break encryption relying on that random number generator. Even though Dual_EC_DRBG was known to be an insecure and slow random number generator soon after the standard was published, and the potential NSA backdoor was found in 2007, and alternative random number generators without these flaws were certified and widely available,
RSA Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, ...
continued using Dual_EC_DRBG in the company's
BSAFE toolkit Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C_(programming_language), C and Java_(programming_language), Java. BSAFE was initially created by RSA Security, which was purchased by Dell ...
and Data Protection Manager until September 2013. While RSA Security has denied knowingly inserting a backdoor into BSAFE, it has not yet given an explanation for the continued usage of Dual_EC_DRBG after its flaws became apparent in 2006 and 2007, however it was reported on December 20, 2013 that RSA had accepted a payment of $10 million from the NSA to set the random number generator as the default. Leaked NSA documents state that their effort was "a challenge in finesse" and that "Eventually, N.S.A. became the sole editor" of the standard. By 2010, the NSA had developed "groundbreaking capabilities" against encrypted Internet traffic. A GCHQ document warned however "These capabilities are among the Sigint community's most fragile, and the inadvertent disclosure of the simple 'fact of' could alert the adversary and result in immediate loss of the capability." Another internal document stated that "there will be NO '
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
.'" Several experts, including
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...
and
Christopher Soghoian Christopher Soghoian (born 1981) is a privacy researcher and activist. He is currently working for Senator Ron Wyden as the senator’s Senior Advisor for Privacy & Cybersecurity. From 2012 to 2016, he was the principal technologist at the Amer ...
, have speculated that a successful attack against
RC4 In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
, a 1987 encryption algorithm still used in at least 50 per cent of all SSL/TLS traffic is a plausible avenue, given several publicly known weaknesses of RC4. Others have speculated that NSA has gained ability to crack 1024-bit RSA and Diffie–Hellman public keys. A team of researchers have pointed out that there is wide reuse of a few non-ephemeral 1024 bit primes in Diffie–Hellman implementations, and that NSA having done precomputation against those primes in order to break encryption using them in real time is very plausibly what NSA's "groundbreaking capabilities" refer to. The Bullrun program is controversial, in that it is believed that NSA deliberately inserts or keeps secret vulnerabilities which affect both law-abiding US citizens as well as NSA's targets, under its
NOBUS NOBUS ("Nobody But Us") is a term used by the United States National Security Agency (NSA) to describe a known security vulnerability that it believes the United States (US) alone can exploit. As technology and encryption advance, entities around th ...
policy. In theory, NSA has two jobs: prevent vulnerabilities that affect the US, and find vulnerabilities that can be used against US targets; but as argued by Bruce Schneier, NSA seems to prioritize finding (or even creating) and keeping vulnerabilities secret. Bruce Schneier has called for the NSA to be broken up so that the group charged with strengthening cryptography is not subservient to the groups that want to break the cryptography of its targets.


Encryption of smartphone storage

As part of the Snowden leaks, it became widely known that intelligence agencies could bypass encryption of data stored on Android and iOS smartphones by legally ordering Google and Apple to bypass the encryption on specific phones. Around 2014, as a reaction to this, Google and Apple redesigned their encryption so that they did not have the technical ability to bypass it, and it could only be unlocked by knowing the user's password. Various law enforcements officials, including the
Obama administration Barack Obama's tenure as the 44th president of the United States began with his first inauguration on January 20, 2009, and ended on January 20, 2017. A Democrat from Illinois, Obama took office following a decisive victory over Republican ...
's Attorney General
Eric Holder Eric Himpton Holder Jr. (born January 21, 1951) is an American lawyer who served as the 82nd Attorney General of the United States from 2009 to 2015. Holder, serving in the administration of President Barack Obama, was the first African America ...
responded with strong condemnation, calling it unacceptable that the state could not access alleged criminals' data even with a warrant. In one of the more iconic responses, the chief of detectives for Chicago's police department stated that "Apple will become the phone of choice for the pedophile". Washington Post posted an editorial insisting that "smartphone users must accept that they cannot be above the law if there is a valid search warrant", and after agreeing that backdoors would be undesirable, suggested implementing a "golden key" backdoor which would unlock the data with a warrant. FBI Director James Comey cited a number of cases to support the need to decrypt smartphones. Interestingly, in none of the presumably carefully handpicked cases did the smartphone have anything to do with the identification or capture of the culprits, and the FBI seems to have been unable to find any strong cases supporting the need for smartphone decryption.
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...
has labelled the right to smartphone encryption debate ''Crypto Wars II'', while
Cory Doctorow Cory Efram Doctorow (; born July 17, 1971) is a Canadian-British blogger, journalist, and science fiction author who served as co-editor of the blog ''Boing Boing''. He is an activist in favour of liberalising copyright laws and a proponent of ...
called it ''Crypto Wars redux''. Legislators in the US states of California and New York have proposed bills to outlaw the sale of smartphones with unbreakable encryption. As of February 2016, no bills have been passed. In February 2016 the FBI obtained a court order demanding that Apple create and electronically sign new software which would enable the FBI to unlock an
iPhone 5c The iPhone 5C (marketed as iPhone 5c) is a smartphone that was designed and marketed by Apple Inc. It is part of the sixth generation of the iPhone. The device was unveiled on September 10, 2013, and released on September 20, 2013, alon ...
it recovered from one of the shooters in the 2015 terrorist attack in San Bernardino, California. Apple challenged the order. In the end the FBI hired a third party to crack the phone. ''See''
FBI–Apple encryption dispute The FBI–Apple encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected. There is much debate over public access ...
. In April 2016,
Dianne Feinstein Dianne Goldman Berman Feinstein ( ; born Dianne Emiel Goldman; June 22, 1933) is an American politician who serves as the senior United States senator from California, a seat she has held since 1992. A member of the Democratic Party, she was ...
and
Richard Burr Richard Mauze Burr (born November 30, 1955) is an American businessman and politician who is the senior United States senator from North Carolina, serving since 2005. A member of the Republican Party, Burr was previously a member of the United ...
sponsored a bill, described as "overly vague" by some, that would be likely to criminalise all forms of strong encryption. In December 2019, the
United States Senate Committee on the Judiciary The United States Senate Committee on the Judiciary, informally the Senate Judiciary Committee, is a standing committee of 22 U.S. senators whose role is to oversee the Department of Justice (DOJ), consider executive and judicial nominations, a ...
convened a hearing on Encryption and Lawful Access, focusing on encrypted smartphone storage. District Attorney
Cyrus Vance Jr. Cyrus Roberts Vance Jr. (born June 14, 1954) is an American attorney and politician who served as the New York County District Attorney, District Attorney of Manhattan, New York County, New York (state), New York, also known as the Manhattan Dis ...
, Professor Matt Tait, Erik Neuenschwander from Apple, and Jay Sullivan from Facebook testified. Chairman
Lindsey Graham Lindsey Olin Graham (born July 9, 1955) is an American lawyer and politician serving as the senior United States senator from South Carolina, a seat he has held since 2003. A member of the Republican Party, Graham chaired the Senate Committee ...
stated in his opening remarks "all of us want devices that protect our privacy." He also said law enforcement should be able to read encrypted data on devices, threatening to pass legislation if necessary: "You're going to find a way to do this or we're going to do this for you."


End-to-end-encrypted messaging services

In October 2017, Deputy Attorney General
Rod Rosenstein Rod Jay Rosenstein (; born January 13, 1965) is an American attorney who served as the 37th United States deputy attorney general from April 2017 until May 2019. Prior to his appointment, he served as a United States attorney for the District ...
called for key escrow under the euphemism "responsible encryption" as a solution to the ongoing problem of "going dark". This refers to wiretapping court orders and police measures becoming ineffective as strong
end-to-end encryption End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, and even ...
is increasingly added to widespread messenger products. Rosenstein suggested
key escrow Key escrow (also known as a "fair" cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third pa ...
would provide their customers with a way to recover their encrypted data if they forget their password, so that it is not lost forever. From a law enforcement perspective, this would allow a judge to issue a search warrant instructing the company to decrypt the data; without escrow or other undermining of encryption it is impossible for a service provider to comply with this request. In contrast to previous proposals, the decentralized storage of keys by companies instead of government agencies is claimed to be an additional safeguard.


Front doors

In 2015 the head of the NSA, Admiral Michael S. Rogers, suggested further decentralizing the key escrow by introducing "front doors" instead of back doors into encryption. This way, the key would be split into two halves: one kept by government authorities and the other by the company responsible for the encryption product. The government would thus still need a search warrant to obtain the company's half-key, while the company would be unable to abuse the key escrow to access users' data without the government's half-key. Experts were not impressed.


Lightweight encryption

In 2018, the NSA promoted the use of "lightweight encryption", in particular its ciphers
Simon Simon may refer to: People * Simon (given name), including a list of people and fictional characters with the given name Simon * Simon (surname), including a list of people with the surname Simon * Eugène Simon, French naturalist and the genus ...
and
Speck Speck can refer to a number of European cured pork products, typically salted and air-cured and often lightly smoked but not cooked. In Germany, speck is pickled pork fat with or without some meat in it. Throughout much of the rest of Europe a ...
, for
Internet of Things The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other comm ...
devices. However, the attempt to have those ciphers standardized by ISO failed because of severe criticism raised by the board of cryptography experts which provoked fears that the NSA had non-public knowledge of how to break them.


2015 UK call for outlawing non-backdoored cryptography

Following the 2015 ''Charlie Hebdo'' shooting, a terrorism attack, former
UK Prime Minister The prime minister of the United Kingdom is the head of government of the United Kingdom. The prime minister advises the sovereign on the exercise of much of the royal prerogative, chairs the Cabinet and selects its ministers. As modern pr ...
David Cameron David William Donald Cameron (born 9 October 1966) is a British former politician who served as Prime Minister of the United Kingdom from 2010 to 2016 and Leader of the Conservative Party from 2005 to 2016. He previously served as Leader o ...
called for outlawing non-backdoored cryptography, saying that there should be no "means of communication" which "we cannot read". US president Barack Obama sided with Cameron on this. This call for action does not seem to have resulted in any legislation or changes in the status quo of non-backdoored cryptography being legal and available.


2020 EARN IT

The ''Eliminating Abusive and Rampant Neglect of Interactive Technologies'' ( EARN IT) Act of 2020 provides for a 19-member National Commission which will develop a set of "best practice" guidelines to which technology providers will have to conform in order to "earn" immunity (traditionally provided 'automatically' by
Section 230 of the Communications Decency Act Section 230 is a section of Title 47 of the United States Code that was enacted as part of the United States Communications Decency Act and generally provides immunity for website platforms with respect to third-party content. At its core, Secti ...
) to liability for child sexual abuse material on their platforms. Proponents present it as a way to tackle child sexual abuse material on internet platforms, but it has been criticized by advocates of encryption because it is likely that the "best practices" devised by the commission will include refraining from using end-to-end encryption, as such encryption would make it impossible to screen for illegal content.


See also

*
Restrictions on the import of cryptography A number of countries have attempted to restrict the import of cryptography tools. Rationale Countries may wish to restrict import of cryptography technologies for a number of reasons: * Imported cryptography may have backdoors or security hol ...
*
Communications Assistance for Law Enforcement Act The Communications Assistance for Law Enforcement Act (CALEA), also known as the "Digital Telephony Act," is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton (Pub. L. No. 103-414, 108 Stat. 4279, codified at 47 ...
*
Human rights and encryption Human rights applied to encryption is a concept of freedom of expression where encryption is a technical resource in the implementation of basic human rights. With the evolution of the digital age, the application of freedom of speech becomes mo ...
* 40-bit encryption


References

{{Reflist, 30em History of cryptography Military communications History of telecommunications Encryption debate