It's impossible to create a backdoor that only the "good guys" can useby Wendy M. Grossman / June 5, 2017 / Leave a comment
From pig Latin to the complex mathematics of today’s computer encryption, encoding communications is as old as humanity. Often, as with Alan Turing’s work in World War II, cracking the enemy’s codes has conferred crucial military advantage.
Because the internet was designed to share, rather than secure, information, encryption plays several important roles in today’s digitised landscape. It ensures that sensitive data can’t be read by unauthorised people: when a healthcare manager forgets the clinic’s laptop in a taxi, a criminal steals a company’s usernames and passwords, or a consumer sends credit card details to an online retailer, encryption protects the data against interlopers.
Encryption also provides a way to check that digital files—from the software programs that run your car’s braking system to medical images and electronic payments— haven’t been tampered with.
Around 1990, three interrelated developments coalesced to disrupt the policies that govern encryption. The first was the culmination of two decades during which there had been growing adoption of computers and computer networks. Second, cryptographers began working outside the military—in academia and commercial companies. Third, computing plummeted in cost—while escalating in power.
In 1991, a programmer named Phil Zimmermann wrote and released the free program Pretty Good Privacy that for the first time offered individuals government-strength encryption for their email and stored computer data.
But by the mid-1990s, a steady stream of government spokespeople was arguing that the masses should not be allowed to use encryption without storing a copy of their decryption key for government access (“key escrow”).
The threat of drug dealers, organised crime, paedophiles, and terrorists was invoked so often they became known as “The Four Horsemen of the Infocalypse”.
A steady stream of mathematicians and security experts countered that key escrow would create a tempting target for cyber criminals, while enabling covert surveillance of the general population. In Britain, these “First Crypto Wars” ended with the dropping of key escrow from the Regulation of Investigatory Powers Act (2000). Instead, the act gave the authorities the power to compel suspects to produce their encryption keys or face jail time. To key escrow’s opponents, it appeared that common sense, and pragmatic aspirations for the digital economy, had prevailed.
For every terrorist who uses encryption there are millions of…