The Problem with the Crypto Debate


There have been some important public debates about cryptography recently, and, unfortunately, the loudest voices have understood the problem the least. So, I’m very pleased to post a paper on the subject by someone who understands the fundamental issue: my associate at Cryptohippie, Jonathan Logan.

If you have any interest in this subject, please give this paper your time. And if you know others who are interested in the debate, please send them the link.




A battle is underway about the limits of cryptography. On the one side are people who want to break into iPhones, tap into conversations and decrypt our backups. On the other side are those who want to prevent the government from mass intrusions but accept targeted attacks. And then there are those who take a so-called “extremist” position that government shouldn’t be allowed to undertake even targeted attacks on cryptographic systems.

This isn’t the first time this battle has been fought, and it won’t be the last. But it’s our turn to fight it right now. And we had better fight it well.

I will begin by admitting that I am an ‘extremist’ in this debate. If my wishes came true, no government or any other uninvited third party would be able to break cryptographic protections.

This is not the first time I’ve been involved in this battle. My job involves designing, writing and deploying cryptographic services.

I wrote my first PGP-encrypted email in 1991 or 1992, I’ve been using OTR since 2005 and all my Internet access has been routed through VPNs since 2000. (Yes…. that early.) I never access the Internet unencrypted, out of principle. I’ve been using Tor since its earliest days, have been surfing Freenet and run I2P eepsites.

If you have no idea what these terms mean, please don’t worry; I’m just mentioning them to emphasize that I am very much in favor of the daily use of good cryptography. I won’t use most of these terms again.

So, while I am a crypto extremist myself, honesty compels me to point how wrongly the “pro-cryptography” side in the current debate has made their case.

The State of the Debate

If you search the arguments made in favor of strong cryptography and against government “backdoors,” you’ll come up with a collection of statements that are uncharitable and shallow.

Proponents of crypto accuse politicians of not understanding technology or cryptography, of wanting to fatally undermine the security of digital systems, or to implement a global surveillance grid without checks and balances. The picture drawn is that the operation of cryptographic systems is binary – they either work completely or not at all… that anybody suggesting a middle ground is stupid.

Yes, politicians are often stupid and uninformed. That’s why people who know better must actually argue in ways that are truthful, well informed and balanced.

Educating the people who will be on the business end of new government regulations must be more than emotional whitewash. If you don’t trust your fellow humans to make good decisions, based on good information, your arguments will quickly degrade into bullying.

The point I hope to bring home in the remainder of this paper is this:

This debate should not be about cryptography. Rather, it should be about government’s regulatory powers.

Let me state this clearly:

A debate about encrypted smartphones is the same as a debate about police breaking into your home and throwing you in jail for private actions.

We cannot have our cake and eat it too. We cannot have government regulate the private actions of people we don’t like and still retain freedom for our own private actions.

You cannot be anti-crypto and at the same time defend freedom of expression, not without contradicting yourself. A strong position against cryptography requires totalitarianism beyond what existed in the Soviet Union.

Crypto Is Math and Speech

Let’s get to the core of this: Cryptographic software uses cryptographic algorithms, and algorithms are simply math.

  • Math has no concept of working one way in one case and another way in another case.

  • Math does not care if an evil or a good person is using it.

  • Math doesn’t care about legislation.

Math is objective and absolute – it works the same way in every case, no matter what the law books say. There cannot be a cryptographic algorithm that works one way for the FBI and another way for the KGB.

For crypto to work, the only difference between users is the key – a secret that each user generates. The ability to decrypt a message relies on the key being known. If you have it, you can decrypt the message; if you don’t, you can’t.

Poorly executed cryptography aside((I’m presuming here that our algorithms are without error, that our assumptions about certain mathematical principles is true and complete, and that our implementations are correct.)), cryptography that the FBI can break can be broken by anyone else who expends the same resources. Weak cryptography is weak for everybody. Math does not care about citizenship.

Anybody in this debate must take the above to heart. It all centers on the keys, the secrets. The fundamental question of any crypto regulation is this:

Are we allowed to keep our secrets to ourselves? May we have private thoughts and actions?

A fundamental thing to notice is that as long as someone writes cryptographic software, there will be messages that law enforcement can’t decrypt. And that brings us to two more fundamental questions:

Are we free to choose how to implement (in software) our ideas?

Are we free to choose which ideas (again, in software) we will use?

Regulating encryption means regulating our secrets, and that dictates the limits of both free choice and free expression. Let that sit for a second. These aren’t geek questions, these are fundamental human questions:

  • Can someone forbid us from having secrets?

  • Can someone forbid us from creating products as we see fit?

  • Can someone forbid us from buying the products we want?

If you are pro-cryptography, then you must answer all the above with “no.” Otherwise you can’t defend it. If you are anti-crypto, then you must say “yes,” otherwise you’ll never be able to enforce your anti-crypto regulations.

Software is nothing but ideas expressed in a language, making this an issue of speech:

  • Can we be forced to say something that we do not want to say?

  • Can we be forced to keep quiet?

  • Is censorship okay?

To constrain cryptography is to constrain speech and is to answer these questions “yes,” affirming that we should be forced to speak or be quiet.

How Crypto Regulation Is Possible…

There are two naive ways to regulate cryptography. The quickest is to create laws that force people to reveal their passwords or keys when ordered by a judge. These are known as key disclosure laws. Should the person refuse, they are punished. There are three major problems with this approach.

  • First, it undermines the right to remain silent and not to self-incriminate.

  • Second, it only works if you get your hands on a living culprit.

  • Third, the person may simply refuse and accept the sentence.

Note that this is not what anti-cryptography people want. They want access to the encrypted messages and content NO MATTER WHAT. Dead or alive, no torture required.

The second naive approach is to demand that all encryption products use algorithms that are easily broken by law enforcement. This, however, requires that software is written to the order of legislators and regulators.((And thus to the order of people who donate to their campaigns as well.)) And that comes at the cost of security: Weak cryptography is weak for everybody. If you don’t want an evil government to decrypt your secrets, don’t allow your “good” government to enforce weak cryptography.

… Without Breaking the Digital Economy

A much less naive regulation is called “key escrow.” With this approach, the secrets (cryptographic keys) are put into the hands of one or more trusted parties who will reveal those secrets only if legally compelled.

Key escrow is rarely mentioned in these debates. It has a bad history because it was used in the first version of the battle over cryptography (in the ’80s and ’90s). Pro-cryptography people usually treat this approach as “weak cryptography” and lump them together, but that’s a crucial mistake – it distracts us from what we are fighting for and against, and it allows the anti-cryptography crowd to assemble legislation, technology and public support.

It’s necessary to be clear on this: Key escrow is NOT weak crypto, in the sense that it is built with weak algorithms. Instead it’s a sharing of our cryptographic keys – our secrets – with third parties picked by someone else.

That third party can then combine our key with an intercepted message (or stored files) to reveal the contents.

Since the state of the art for encrypted communication is deniable (you cannot prove beyond reasonable doubt who encrypted a message) and with perfect forward security (a key only works in decrypting the messages within a small time range) it is possible to selectively decrypt communication and not be able to undermine the integrity of information systems after the fact.

Correctly implemented, key escrow would only impact past messages, and only those that have been intercepted by other means.

Of course this is less secure than systems without key escrow. Instead of only the actual participants in the communication, there would be one more participant… and one not chosen by the participants.

Instead of one other party to private speech, there would always be two other parties to it. Instead of X people in a group chat, it would always be X+1.

This introduces new problems:

  1. The additional party would hold a lot of keys. That creates a very juicy target for attackers, potentially harming millions of people with a single breach.

  2. There are jurisdictional differences between nations. Access to escrowed keys would involve different legal procedures in different places.

  3. Technical issues and unreliable communication links can prevent keys from making it into escrow.

  4. The system must know exactly whom to give the keys to: it must authenticate the key escrow parties.

Each of these problems can be solved to some extent, resulting in a secure system that wouldn’t allow mass surveillance. The question with key escrow is not whether it will be as secure as non-escrowed encryption (it cannot), but whether it will be secure enough.

In other words, this is not a technical debate; these are decisions that a society must make. And for that, people must be informed and aware of the tradeoffs.

To reduce the issue of having huge caches of keys amassed in some government cellar – which could undermine the whole society with a single leak – there are other things that could be done:

  1. Instead of one facility holding everyone’s data, have many facilities that hold the data of a few people only. This could, for example, be a service offered by lawyers, notaries, banks or consumer protection organizations. They would then be obliged to challenge court orders against the keys of their clients, increasing the likelihood that access to the keys actually adheres to the law.

  2. Instead of directly escrowing the keys with one party, the key could instead be shared with several parties so that a minimum number of those parties has to come together and cooperate to actually reveal the key. These schemes are known as “secret sharing” and would render the subversion of just a few key escrow caches ineffective.

  3. If key escrow caches are designed only for infrequent access to escrowed keys, it would be mandatory to set them up behind data diodes. This means that a message could be sent into the facility, but there would be no way to get data out of it except for a physical visit.

  4. Escrowed keys sent to the facilities must follow the same cryptographic standards as the data they are meant to protect. In other words, all communication to data facilities must be authenticated and be perfectly forward secure, so that intrusions would have limited impacts

  5. Jurisdictional differences could be solved by setting up independent key escrow systems in each country. Keys could also be escrowed with different agencies. For example, the key escrow for a phone’s internal storage would depend on where the phone was located. For messages, the location of both sender and recipient would determine who gets the escrow keys.

An additional variation could be that keys are shared not only between external data caches, but that part of the key would be stored on the device itself. In this case, three conditions would have to be met for law enforcement to be able to access messages or storage:

  1. Access to the device that did the encryption.

  2. Interception of the message in question or access to the encrypted storage.

  3. N out of M key escrows must cooperate.

Implementing and operating such a key escrow system, however, would be a major task, and government IT projects are known to have a prodigious failure rate.

So, key escrow is complex, expensive and far from perfect. But depending on a society’s decision on tradeoffs, it would be possible to set up a key escrow system that would be secure enough and reliable enough for most scenarios.

Here, then, lies the danger:

Bypassing the fundamental issues of freedom of speech, choice and the right to have secrets, people who defend cryptography are easily painted into corners as unrealistic radicals.

We must engage with these possibilities and put the debate into down-to-earth, understandable terms. People must see the tradeoffs regarding personal privacy and not be distracted by confusing, technical arguments.

Software Censorship

Regulating cryptography comes with a fundamental obstacle: How can people be forced to follow the regulations?

Regulations are never created with the assumption that they will be perfectly adhered to. Rather, they always authorize punishments for those who do not obey.

Sadly, an enforcement method for cryptographic regulation already exists. Smartphones and tablets are already the most commonly used devices to access the Internet, not general purpose computers. Apple, Google and Microsoft (and a few minor players) control the software pipeline from which users select their Apps. Smartphones and tablets allow for nothing else. You can’t run just any program on such devices – it must come through the aforementioned Apple, Google or Microsoft.

Thus it would be relatively easy for the US government to create laws that:

  1. Make it illegal to develop and distribute software that does not follow government rules on cryptography.

  2. Criminalize cryptography software that does not adhere to government rules.

  3. Mandate platform providers (Google, Apple, Microsoft) to remove software that violates government rules.

Since most people don’t know how to install software on their phones, except from the manufacturer’s appstore, they would be prevented from using “illegal” cryptography.

Cryptography outside of government limits would become a black market and a target of intelligence agencies, who would poison that black market by introducing compromised crypto products.

At that point governments would have re-conquered cryptography… all except for a new class of “criminals. ”

Is this possible, or even likely? Yes, it is. Similar things have been done with drugs, guns and gold, all of which have been subjected to effective schemes of suppression and confiscation.

Surely some activists will protest and will continue to use “illegal cryptography,” but how many will be willing to go for jail for it?

While it’s fairly easy for a software manufacturer to move to a jurisdiction that does not regulate cryptography… and while it is certain that illegal cryptography will still be developed and distributed… there remain two serious problems with that hope:

  1. Control over ‘platforms’ will be the key to controlling software distribution. The decrease of general purpose computing will limit the market substantially, probably enough to achieve regulators’ goals.

  2. Proposals for secure key escrow will keep many producers from having to take a stand. Cowardice and convenience will win if people don’t care enough.

So, please, don’t say that the regulation of cryptography is impossible or stupid. It is possible, and it demands a serious response from us.


Calling our opponents technologically inept detours us from clarity on the issues. Rather, we must understand that there are politically feasible ways to regulate cryptography.

If we hope to win this new crypto war, we must make it about the true, fundamental question:

Is it okay that we are forced to act in certain ways, even in private?

Either we have the right to act as we wish in private, or we don’t.

We need to take a principled stand on liberty in all its facets – even towards people and behaviors with which we disagree… either that or slide back to tyranny.

Obama was right when he said that we should not be “fetishizing [the privacy of] our phones above every other value,” making them a special case in the debate over civil liberties.

Indeed, our phones shouldn’t be special. The questions raised here apply to the whole of our lives: to our phones and tablets as much as to our private papers, opinions and actions – digital or not.

Our private lives are off-limits to law enforcement. Period.


* * * * *

If you’ve enjoyed Free-Man’s Perspective or A Lodging of Wayfaring Men, you’re going to love Paul Rosenberg’s new novel, The Breaking Dawn.

It begins with an attack that crashes the investment markets, brings down economic systems, and divides the world. One part is dominated by mass surveillance and massive data systems: clean cities and empty minds… where everything is assured and everything is ordered. The other part is abandoned, without services, with limited communications, and shoved 50 years behind the times… but where human minds are left to find their own bearings.

You may never look at life the same way again.

Get it now at Amazon ($18.95) or on Kindle: ($5.99)

* * * * *


Prostrate Yourselves! The Crypto Wars Are Back, and This Time Big Brother Aims to Win


In 284 AD the Roman empire was in deep trouble. But then a soldier named Diocletian rode into town as the new emperor. This was the man who rearranged Rome and set it up to endure (even as it declined) for another 180 years.

How he did this was simple: autocratic control, AKA tyranny. Diocletian gave up the illusion that the emperor was merely the leading citizen. He was the boss, and if you didn’t play along, you died. And not only that, but he instituted a policy that I want to focus on today:

Anyone who wanted to see Diocletian had to prostrate themselves on the ground. Then, if they were to be shown favor, they were allowed to crawl over and kiss the hem of his robe.

People actually did this, you understand—famous people, powerful people, important people. Leading “thinkers” convinced everyone else that this was reasonable and appropriate. And most people went right along with it.

I bring all this up because prostration is being demanded of us, right now. And, as in the late 3rd century, leading voices are telling us that it’s good and necessary.

Don’t you fall for it.

Physical prostration is not the primary emphasis of this article, but please understand that it is part of the mix. (See this and this and this.) And yes, people are defending it.

The Snowden Fallout

After all the revelations, what has changed? On the government side, the answer is “nothing.” The NSA is still thieving on a massive scale and violating the Fourth Amendment 24/7. Politicians are still defending this theft and violation. Of course, the televised suits and uniforms assure us that it’s all necessary and righteous, because otherwise, bad, scary people would surely kill us all.

In other words, a surveillance state far beyond the dreams of Stalin, Hitler, or Mao continues apace, accompanied by a chorus of supporters.

One thing, however, has changed: a few private companies have been shamed into going against the NSA.

A few weeks ago, Apple and Android (Google) announced that they would make encryption the default on their new operating systems (iOS and Android OS). Apple went further and said that for iOS, they would remove the government’s back-door access.

It’s not often that I praise Apple or—especially—Google. But, credit where due: they both did the right thing this time.

Did These People Solve Any Crimes Before 9/11?

A policeman’s job is only easy in a police state.—A Touch of Evil, 1958

Faced with losing their ability to steal everyone’s data, government agents pulled out the usual boogeymen. Eric Holder complained that this would “allow people to place themselves beyond the law,” a chief of detectives was put forward to say that this would make Apple “the phone of choice for the pedophile,” and the FBI director of cybercrime chimed in with more of the same.

Law enforcement agencies—and there are hundreds in the US on just the national level—are feasting on the fear of the American public. If they can imagine a scary scenario (and those are infinite), we’re all supposed to give them whatever power might be needed. It’s possible, after all!

Any discussion of too much power for the enforcer is reflexively excluded. Enforcers are presumed to be worthy of their ever-increasing power. (They’re trained, mind you!) Anyone who suggests otherwise takes risks with his or her reputation amongst right-thinking people.

Crypto War I

The awesome thing about the first Crypto War is that Big Brother lost.

Before the personal computer, encryption was treated like a weapon, and any sale or export to a foreign country was strongly criminalized. That’s a rather strange thing to do something that is essentially math, but since almost no one was using computers, almost no one noticed. Once the PC hit and once people began connecting them together, however, issues arose.

In 1991, a young cryptographer named Phil Zimmermann wrote a simple encryption program called “Pretty Good Privacy,” or PGP. But even though he wanted to share the program with his friends, publishing it to the Internet would have been a very serious crime. So some of his hacker friends took care of the problem for him:

They put Zimmermann’s program into a book (which was protected as free speech) and mailed it overseas, where other hackers—some of them teenagers—turned it back into a program and started protecting their messages.

The Feds went after Zimmermann, of course, and nearly had him jailed for violating the Arms Export Control Act. By 1996, however, the feds dropped their case and reclassified encryption from a munition to a technology.

The feds didn’t actually stop fighting encryption in the hands of the plebs at that point, but it was a major defeat.

Crypto War II

Now a new crypto war has kicked off. Less than two months ago, news of the US government’s displeasure at encryption and anonymization started appearing; US law enforcement agents started complaining at cyberwar conferences.

Then they started going after individual companies. In particular, they fined a company called Wind River $750,000 for exporting encryption to China, Hong Kong, Russia, Israel, South Africa, and South Korea. This is the first time this law has been enforced except against importers to an embargoed country, like Iran.

On the heels of this wild fine came Apple and Google’s smartphone encryption, followed by a swift, coordinated response.

At this point, the most serious observers are concluding that a new crypto war has begun. (See here and here.)

The feds want all of your data, they don’t care if that leaves you vulnerable to other attacks, and they expect you to submit. Period. Big Brother must win, and you must lose.

The Phrase That Enslaves

The great bamboozle phrase of our era is one that you’ve heard a dozen times:

If you don’t do anything wrong, you have nothing to fear.

This is Diocletian, telling you to prostrate yourself… and to stay there.

The originator of this phrase has his gun pointed at your chest before he opens his mouth. Then he says, “As long as you keep my rules, I won’t shoot.” He’s holding you in a state of prostration. Stay down and you won’t get hurt.

You should never accept a predator’s right to say this to you. Whether he has enough armed, obedient men to hurt you is a second issue—Big Brother has no right to make you prostrate yourself, and he’s a monster for trying.

What Do We Do?

There are lots of things to do, some of which I have mentioned before. (See the last two sections of this article.) But if you want to do something to stop this evil altogether, do this:

Start telling people (friends, coworkers, everyone) that this is prostration. And don’t stop. Speak out, persist, and endure. Let them say bad things about you.

Do not, however, fight about this with anyone. People need time to abandon their defenses, not arguments. Just make your point and move along. Then come back and make your point again. And again.

Big Brother cannot survive the light of day; he cannot stand up to honest, intelligent examination. In order for him to exist, the rest of us must remain intimidated, confused, and passive. Those are the things we must defeat.

Paul Rosenberg

This article was originally published by Casey Research.