Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Complete Guide To The New 'Crypto Wars' (dailydot.com)

Posted by BeauHD on from the series-of-unfortunate-events dept.

blottsie writes: The latest debate over encryption did not begin with a court order demanding Apple help the FBI unlock a dead terrorist's iPhone. The new "Crypto Wars," chronicled in a comprehensive timeline by Eric Geller of the Daily Dot, dates back to at least 2003, with the introduction of "Patriot Act II." The battle over privacy and personal security versus crime-fighting and national security has, however, become a mainstream debate in recent months. The timeline covers a wide-range of incidents where the U.S. and other allied governments have tried to restrict citizens' access to strong encryption. The timeline ends with the director of national intelligence blaming NSA whistleblower Edward Snowden for advancing the spread of user-friendly, widely available strong encryption.

7 of 68 comments (clear)

  1. skipjack by ole_timer · · Score: 4, Informative

    The war over civilian use of crypto goes back to at least 1994 with skipjack...how quickly they forget

    --
    nothing to see here - move along
  2. What's old is new again by AntronArgaiv · · Score: 3, Informative

    Or something. Crypto, by Stephen Levy, chronicles the first crypto war. Worth reading, for background, because this time, it's not "national security", it's kiddie porn and terrorists that are going to win if we don't give the Security Services the keys to everything. And, we should TOTALLY trust them to keep us safe.
    Yeah, right.
    http://www.stevenlevy.com/inde...

  3. Re:Tech Companies Making It Public by Xest · · Score: 3, Informative

    I don't think it has, and the summary's 2003 date is rather fucking arbitrary. What about DVD Jon's case in 2002? What about the clipper chip fiasco in the mid 1990s?

    This is a battle that's been going on very publicly since the dawn of digital cryptography.

  4. Re:Tech Companies Making It Public by The+New+Guy+2.0 · · Score: 1, Informative

    The Clipper Chip was never developed, it was just discussed by Sen. Al Gore in Washington... and it caused law enforcement types to go crazy. Everybody wants encryption for commerce and themselves, but government wants to intercept everything so they can review and then create charges. SSL went SOL years ago... time for something new on all sides.

  5. Re:Tech Companies Making It Public by Anonymous Coward · · Score: 1, Informative

    The Clipper Chip was developed, and it was used by a number of places back in the 1990s for a brief time, as the US government was going to require anyone who does business with them use it.

    It even goes before that, to 1990-1991, with two politicians making a bill to ban _all_ cryptography. PGP 1.0 was released at a stopgap.

    Now, before the pogrom on encryption, one's security choices were lousy. Want FDE on the PC? Best you could get would be Stacker, with password protection set on the drive, which provided "encryption" on the device level. Macs actually had better FDE choices. There were programs like FileGuard which worked on a file by file basis, FWB Hard Disk Toolkit, which did two rounds of DES, Stuffit 1.5.1, which used NewDE... basically DES with fewer rounds, and Casady & Greene's Access Managed Environment, which did encryption on the entire disk, and file level. On the UNIX side, you had crypt(), which used a one rotor ENIGMA-like algorithm.

    Well, what happened with the push to outlaw cryptography, was that the Cypherpunks list was born. PGP 2.x was made with an actual tested bulk encryption algorithm (IDEA), and a PKI/WoT structure which arguably is the best commonly used out there, more than 26 years later. Hacks and secret algorithms gave way to using DES, 3DES, then AES.

    The ironic thing is that because the crypto wars were "won" in the 1990s, it made crypto development stagnate, because without any real perceived need for it, people went to write other things.

    In a way, I do hope people get scared. It would mean that people would actually start writing code, perhaps making a new OpenPGP standard with the innovations from SaltPack, better trust, forward secrecy, ability to cascade algorithms, block level functionality (like PGPDisk), a better ASCII encoding standard, and so on. The only real advances in applied cryptography recently have been crypto-currencies, and the idea of a blockchain. Day to day crypto is still stagnant, with SSL/TLS having the same fundamental weaknesses as it had on inception.

  6. Pedantry by StayFrosty · · Score: 4, Informative

    I'm sick and tired of hearing about "The debate between privacy and security." It's total bullshit. It's pretty hard to have security online without privacy. It's not a balance of one versus the other, one depends on the other. The US Government argues my case all the time when bitching about how when Snowden breached the government's privacy, he adversely affected national security.

    This brings me to my next piece of pedantry: I'm tired of hearing about "National Security Issues." Terrorism, ISIS/ISIL/Daesh/IS/Whatever, Al Qaeda, Home Grown Terrorists, Lone Wolves, the Boston Marathon Bombers, etc... do not threaten the territorial integrity of the United States. There is no invasion and there never will be. The government isn't in danger of collapse. Terrorism is a PUBLIC SAFETY concern. Stop pretending otherwise. If we do that though, who is going to keep the money flowing in to the military/industrial complex?

    --
    "Frequently wrong, never in doubt."
  7. Re:Crypto War by shawn2772 · · Score: 3, Informative

    So how many of you so-called geniuses ( Wiley Coyote ) have even begun to look at cryptology and math, and started to try to develop a few methods not of the usual sort?

    Wrong approach. If you want to improve the state of crypto, you need to start by learning to break crypto. Anyone can invent an encryption method, but unless you have invested a serious amount of time and skull-sweat into breaking ciphers, whatever you create will suck, terribly.

    Maybe if a few hundred new encrypton algorithms were to suddenly pop-up, the governments would be a bit behind the curve of breaking them.

    Your plan would make the government's job much, much easier, because the methods that people tend to come up with are mostly very closely related, and tend to all be based on independent reinvention of old ideas for which well-known cracking methods exist. In addition, you're solving a non-problem. We already have very good encryption algorithms, with zero evidence that the government can break them. Snowden's data actually confirms that if you use modern encryption algorithms correctly and manage the keys well, the NSA can't read your data.

    What we need is more research into ways to make encryption easier to use correctly, not another gazillion crappy ciphers.