When I contemplate the return of the crypto wars—attempts to block citizens’ use of encryption by officials who want unfettered spying powers—I look back with dread on the late Middle Ages. I wasn’t alive back then, but one feature of those times lingers in my consciousness. Starting around 1337 and all the way until 1453, England and France fought a series of bloody battles. The conflict went on so long it was immortalized by its centenarian length: We know it as the Hundred Years’ War.
The crypto wars haven’t yet reached that mark. (In this column I will be reclaiming the term “crypto” from its more recent and debased usage by blockchain enthusiasts, too many of whom haven’t read my 2001 book called, um, Crypto.) Dating from the publication of the groundbreaking 1976 paper that introduced public key cryptography—a means of widening access to encryption that was developed just in time for the internet—the skirmish between encryption advocates and their foes in officialdom is only just approaching 50 years.
From the start, government efforts to constrain or outlaw secure encrypted communications were vigorous and persistent. But by the turn of the millennium it appeared the fight was over. Encryption was so obviously critical to the internet that it was built into every browser and increasingly included in messaging systems. Government snooping didn’t end—check out Edward Snowden’s revelations—but certain government elements around the world never got comfortable with the idea that citizens, including the most rotten among us, could share secrets safe from the eyes of surveillants. Every few years, there’s a flareup with proposed new regulations, accompanied by scary scenarios from the likes of FBI directors about “going dark.”
The arguments of the anti-crypto faction are always the same. If we allow encryption to flourish, they plead, we’re protecting terrorists, child pornographers, and drug dealers. But the more compelling counterarguments haven’t changed, either. If we don’t have encryption, no one can communicate securely. Everyone becomes vulnerable to blackmail, theft, and corporate espionage. And the last vestiges of privacy are gone. Building a “back door” to allow authorities to peek into our secrets will only make those secrets more accessible to dark-side hackers, thieves, and government agencies operating off the books. And even if you try to outlaw encryption, nefarious people will use it anyway, since the technology is well known. Crypto is toothpaste that can’t go back in the tube.
The good news is that so far encryption is winning. After a long period where crypto was too hard for most of us to use, some extremely popular services and tools have end-to-end encryption built in as a default. Apple is the most notable adopter, but there’s also Meta’s WhatsApp and the well-respected standalone system Signal.
Still, the foes of encryption keep fighting. In 2023, new battlefronts have emerged. The UK is proposing to amend its Investigatory Powers Act with a provision demanding that companies provide government with plaintext versions of communications on demand. That’s impossible without disabling end-to-end encryption. Apple has already threatened to pull iMessage and FaceTime out of the UK if the regulation passes, and other end-to-end providers may well follow, or find an alternative means to keep going. “I’m never going to willingly abandon the people in the UK who deserve privacy,” says Signal president Meredith Whittaker. “If the government blocks Signal, then we will set up proxy servers, like we did in Iran.”