The Dire State of the Second Crypto War
By Erhan on January 20, 2017
Encryption is finally mainstream, but legislation like the UK's "Snooper Charter" will have privacy implications worldwide.
Since the 90's, legislators have tried to limit encryption to give law-enforcement and spooks an upper hand.
Before 2016, it was a mostly esoteric battle where technologists, computer scientists and cryptographers championed digital privacy against mandated backdoors proposed by Capitol Hill.
It seems; however, that not all was quiet on the western front. In fact, a new war on cryptography has emerged. The UK's "Snooper Charter" is indicative of a global strategy designed to bypass cryptography by legislating backdoors and forcing companies to retain and share access to data.
It's very similar to techniques used by copyright lobbies. The idea is to pass a law locally, then leverage treaties to undermine cryptography globally. This is an evolution in legislative strategy after the first round of the Crypto Wars.
Below is an overview of some of the different battles that have recently taken place.
- 2003: Patriot Act II is Drafted
- 2007: Security Researchers discover NSA-backed encryption protocol has backdoors
- 2008: FBI briefs lawmakers on encryption as a national security threat
- 2011: The FBI's tells public that “going dark” is hampering operations
- 2012: FBI proposes legislation for a wiretap-friendly Web
- 2013: Snowden exposes NSA's global Internet surveillance program and NSA campaigns that break encryption
- 2015: U.K. PM proposes banning end-to-end encrypted apps
- 2015: Senate leaders announce plans for backdoor bill
- 2016: Judge secretly orders Apple to help police hack iPhone and the San Bernardino iPhone court battle erupts
- 2016: Senators unveil a bill mandating weakened encryption
- 2016: U.K. law-enforcement officially confirms that new spy bill would let cops force companies to decrypt data
From above, it's clear that a new phase began when the FBI launched an unprecedented legal battle attempting to compel Apple to hack the iPhone carried by the San Bernardino shooter.
If the government can simply ask for something to be re-engineered then the very notion of owning and controlling your device is no longer a possibility. It's effectively a post-facto backdoor.
To add insult to injury, the UKUSA Agreement notoriously abuses treaty powers to exchange surveillance favors between countries in order to supersede domestic jurisdictions.
For this reason, it's particularly important for US citizens to pay attention to the UK's new Investigatory Powers Act, better known as the 'Snooper Charter', even if you don't live in the UK.
It requires internet providers and app companies like Whatsapp to retain and share a year of data with the government. Additionally, the government is indemnified from hacking citizens and may force companies to re-engineer products to hack others. All without a warrant, or even being a suspected of a crime.
That means phone conversations, computers, emails, messages, images, contacts and browsing habits – whole lives in one place, instantly accessible by police and other authorities.
Let's just hope this doesn't become the new normal in an increasingly dystopian world. At least signing parties will be cool again.
About Apozy
Founded in April of 2014 in San Francisco, we are a venture-backed motley crew of passionate hackers building cybersecurity technologies to make the world's information faster, cleaner and safer to access.