When I think the return of the crypto wars – attempts to block civilian use of encryption by officials who want unfettered espionage powers – I look back on the late Middle Ages with dread. I was not alive then, but a mark of that time lingers in my consciousness. Beginning around 1337 and all the way to 1453, England and France fought a series of bloody battles. The conflict lasted so long that it was immortalized by its hundred-year length: we know it as the Hundred Years’ War.
The crypto wars have not yet reached that point. (In this column, I’ll reclaim the term “crypto” from its more recent and demeaned use by blockchain enthusiasts, too many of whom my 2001 book called, um, cryptocurrency.) Dating back to the publication of the seminal 1976 paper that introduced public key cryptography—a way of broadening access to encryption developed just in time for the Internet—the skirmish between encryption proponents and their enemies in the civil service only just 50 years old .
From the beginning, government efforts to limit or ban secure encrypted communications have been vigorous and persistent. But by the turn of the millennium the battle seemed over. Encryption was so clearly critical to the internet that it was built into every browser and increasingly incorporated into messaging systems. Government snooping didn’t stop — check out Edward Snowden’s revelations — but certain elements of government around the world never felt comfortable with the idea that citizens, including the most rotten among us, could share secrets that were safe from the eyes of surveillance officers. Every few years there is a burst of proposals for new regulations, accompanied by scary scenarios from the likes of FBI directors about ‘going dark’.
The arguments of the anti-crypto faction are always the same. If we allow encryption to flourish, they argue, we will protect terrorists, child pornography and drug dealers. But the more compelling counterarguments haven’t changed either. If we don’t have encryption, no one can communicate securely. Everyone becomes vulnerable to blackmail, theft and industrial espionage. And the last vestiges of privacy are gone. Building a “back door” to allow authorities to peek into our secrets will only make those secrets more accessible to shady hackers, thieves, and government agencies operating off the books. And even if you try to ban encryption, nefarious people will still use it since the technology is widely known. Crypto is toothpaste that cannot go back in the tube.
The good news is that encryption is winning so far. After a long period when crypto was too difficult for most of us to use, some extremely popular services and tools have built in end-to-end encryption as standard. Apple is the most notable adopter, but there’s also Meta’s WhatsApp and the respected standalone system Signal.
Still, the enemies of encryption continue to fight. In 2023, new fronts have emerged. The UK is proposing to amend its Investigatory Powers Act with a provision requiring companies to provide plain text versions of communications to the government upon request. That is impossible without disabling end-to-encryption. Apple has already threatened to pull iMessage and FaceTime out of the UK if the regulation passes, and other end-to-end providers may very well follow suit or find an alternative to proceed. “I will never voluntarily abandon the people of the UK who deserve privacy,” said Signal president Meredith Whittaker. “When the government blocks Signal, we set up proxy servers, like we did in Iran.”