Just Finished Reading: Crypto – Secrecy and Privacy in the New Code War by Steven Levy (FP: 2000)

Everyone knew it was coming. It was inevitable as the sun raising over the Californian scrubland. With computer technology growing faster and more sophisticated each year it was only a matter of time before the electronic behemoths were linked together and started to exchange messages. Before long banks, commercial enterprises and others would want to transfer money, sign contracts and over services to their customers all electronically. Eventually some even believed that computers would become so ubiquitous that members of the public might even own them. When things go that far, decades in the future, it would already be too late to look for solutions. Such were needed now – before the obvious problems became too acute. How to you protect the privacy of electronic communications? How do you prevent fraud or theft during an electronic fund transfer? How do you authenticate a signature sent over the wire in 1’s and 0’s? How do you stop the government reading your electronic mail? The answer to all of these problems seemed deceptively simple – cryptography. The problem though was twofold: First, few outside the government knew very much about encryption and second, the government had very strong views indeed about anyone else just talking about encryption never mind developing and using it.

At the centre of everything was a US organisation that few had even heard of. The inside joke called it No Such Agency – the NSA: National Security Agency – who developed and broke codes. The world’s experts worked there and that was supposed to be the end of the story. But commercialisation was coming, interesting problems never to be solved and, not a small incentive, there was money to be made – lots of money. It started in academia with the invention and reinvention of cryptographic knowhow. The goal was to produce a widespread standard (later known as DES – Data Encryption Standard) that would be used in industry as well as government. It would be strong enough to ensure privacy but not too strong so as to be unbreakable by the NSA. But there was a catch. Encryption was classified as a munition and could not be exported outside the US without a licence – something it would never get if it was too strong. So while DES was fairly strong inside the US any export version was much weaker outside its borders. Within the cracker community growing up across American universities weak encryption was less than useless – it was in every sense a false security. If the government would not allow universities to develop strong encryption maybe tech savvy individuals could do it themselves. The gauntlet had been drop and a number of young practitioners were more than happy to pick it up. So began the NSA’s nightmare scenario – groups of intelligent, knowledgeable and politically aware mathematicians and cryptographers working hard to bring a new reality into existence where privacy reigned supreme and were anonymity was available at the push of a button. It was going to be quite a fight.

This is the fascinating story of how a small group of students and tech guru’s brought encryption out of the dark places and offered it (usually for a price) to the public to use how they wished and how the US government did everything it its power to stop them. Both sides talked in apocalyptic terms about bring the existing system of government to its knees. Unsurprisingly both sides were wrong but in the turmoil a new world order did emerge that we have both adapted to and had to learn to live with. Personal privacy also means criminal privacy. When encryption is hard (or impossible) to crack it’s not just the concerned citizen that resorts to its use but the criminal, the political and the terrorist. The freedom to speak our mind, to correspond in private, to live outside the scrutiny of our governments has a price. Freedom isn’t free (and never has been) but for the time being at least it can be exercised in secret. Highly recommended to anyone interested in privacy issues or the history of information technology.