The world ended in 1991

Spoiler: since you are reading this, it is safe to assume the world did, in fact, not end in 1991

What happened in 1991 that was so awful and worried authorities so much?  What could possibly bring about the end of civilization? What worried the US Government so much they launched a multi-year criminal investigation?  1991 was the year Phil Zimmermann created PGP (Pretty Good Privacy) and enabled powerful end-to-end encryption to be used by private citizens to protect files and messages.

Also in 1991, the Senate introduced SB266, the Comprehensive Counter-Terrorism Act of 1991, that included Subtitle B: Electronic Communications - Expresses the sense of the Congress that providers of electronic communications services and manufacturers of electronic communications service equipment should ensure that communications systems permit the Government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law.

Authorities were concerned the encryption technology could be used by criminals and terrorists, so they wanted to control the use of encryption and prevent regular citizens from sharing it outside the US (at a minimum). 

Per Wikipedia, “To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic, or computational means.”  PGP is still known for the quality of its security and there is no known hidden or embedded “back-door”. 

Fast forward 30 years and we are facing yet another initiative by governments to force technology providers to insert a backdoor or otherwise enable encrypted files and messages to be decrypted and read. There is a concerted effort to prevent end-to-end encryption of social media messaging because it will allow criminals and terrorists to pursue their nefarious objectives. These efforts include an emotional plea that encryption enables human trafficking and child pornography.

The United States government is pursuing LAEDA and EARN IT, two initiatives to force technology hardware, software, and services providers to include a backdoor to decrypt encrypted data.   From LAEDA press release June 23, 2020: “... to provide assistance to law enforcement when access to encrypted devices or data is necessary”.  In addition, the release states “Yet increasingly, technology providers are deliberately designing their products and services so that only the user, and not law enforcement, has access to content...”  Well, yes, isn’t keeping private things private the point?

The UK government is pushing to pass the Online Safety Bill that would impose a “duty of care on digital service providers to moderate user generated content”.  However, the UK Home Office International statement: End-to-end encryption and public safety, published in October 2020, goes beyond end-to-end encryption of messages and states “that commitment applies across the range of encrypted services available, including device encryption, custom encrypted applications and encryption across integrated platforms.”  In other words, all approaches to encryption would be required to embed some mechanism whereas that encrypted information could be decrypted – also known as a backdoor.

What seems to be missing is recognition that a backdoor into encryption technology means significantly reducing the safety of encryption and ensuring the ability for hackers to figure out how to exploit that backdoor.  A backdoor literally breaks the encryption.

The contradictions are painfully exposed in the statement where the UK government on one hand “support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security” and yet on the other hand “tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can gain access to data in a readable and usable format.” One can’t support strong encryption and at the same time have it open to decryption. That is just not how it works.

This is the same challenge raised in 1991 and Phil Zimmermann’s words from the 90’s resonate today: “If privacy is outlawed, only outlaws will have privacy.”

Leave a Comment