Sections

Commentary

A brief history of U.S. encryption policy

The FBI’s recent attempt to force Apple to unlock the iPhone of Syed Farook brought the battle over encryption directly to the pockets of many Americans. For perhaps the first time, encryption was a topic for dinner table discussion. Though widely believed to be a new battle, a brief survey of the history of encryption regulation shows that law enforcement, intelligence agencies, and technologists have been struggling over encryption backdoors since the early 1990s.

Exporting encryption and the Clipper chip

The encryption battles of the early 1990s focused primarily on two issues: restrictions on the export of encryption technologies and the National Security Agency’s (NSA) attempts to introduce a chipset called the Clipper chip to network technology. The first was the result of Cold War era laws designed to control the diffusion of sensitive technologies, including encryption software. This became an issue in the early 1990s when encryption software became commonplace in web browsers. In 1996, President Clinton signed an executive order that loosened restrictions after technology companies claimed that the export controls on encrypted products hurt their sales.

The National Security Agency (NSA) announced the Clipper chip in 1993. The chip was a piece of hardware designed for phones which would provide encryption on communications while also producing an encryption key and making it available to the NSA. After backlash from civil liberty groups, findings of technical vulnerabilities in the chip, and low adoption rates despite incentives, the program ended in 1996.

Snowden and Bullrun

Between the failure of the Clipper chip and Congress’s decision to not address Internet encryption in the Digital Telephony Act, the status of encryption in the U.S. seemed settled. At the same time, encryption had become more widespread, and the NSA feared they would lose the ability to access those communications. As a result, the agency began a secret program called Bullrun to crack encryption standards.

The New York Times published an article in September 2013 based on documents received from Edward Snowden revealing details of this program. The NSA’s methods include the creation of backdoors by compromising the software used to generate the random numbers used in encryption algorithms and gaining access to encrypted communications through hacking. The New York Times article claims that by 2006, the NSA had gained access to the communications of “three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.”

Going Dark and Apple v. FBI

In the wake of the Snowden revelations, Apple and Google announced strengthened encryption in their products. In response, FBI director James Comey and other law enforcement officials publicly criticized the technology giants. Comey also spoke at Brookings in October 2014 on the “going dark” issue. He told the Senate Judiciary Committee in July 2015 that end-to-end encryption prevents law enforcement from collecting electronic evidence required to keep America safe. Comey’s request for government access to encrypted communication echoed other government officials who began to call for mandated encryption backdoors for the government. Unlike in the Clipper chip debate, the “going dark” debate has emphasized the threat of terrorism. Fueling this new narrative is a greater sense of the need for a backdoor after recent terrorist attacks in Paris, San Bernardino, and Brussels.

The context of this more recent encryption debate may be new, but the question at hand is not. The FBI’s demands for backdoor access and the recent bill drafted by Senators Diane Feinstein and Richard Burr attempt to accomplish the same goal as the Clipper chip and the Bullrun program. Rather than gaining access through technical means, however, the government is now using legal means. Manufacturers have responded in the same way as the export battle: selling a product with compromised encryption standards would reduce their ability to compete in the international market.

Are we forced to repeat this battle for the foreseeable future? It seems likely that law enforcement will always want access to encrypted communications, and technology companies will always have incentives to produce stronger encryption. It is essential for the public to understand that the issue isn’t resolved just because the FBI gained access to one iPhone. The Feinstein-Burr bill is only the most recent entry into in a string of attempts to make encryption backdoors for law enforcement the norm. If the bill is passed, do not expect technologists and civil liberties advocates to give up on a decades-long fight.

Lucas Wright contributed to this blog post.