Crypto War II is heating up. David Cameron has vowed to make effective cryptography illegal in the Britain, the Federal Bureau of Investigations (FBI) has been uging Congress to pass a ban on effective cryptography, and Australia has been ahead of the curve by not just prohibiting the use of strong cryptography but also learning about it. I’ve spent a good deal of time fighting against attempts to restrict or prohibit gun ownership. From my experience there I can say that attempts to restrict or prohibit effective cryptography is the exact same thing with the same outcome.
First, let’s consider what restricting or prohibiting gun ownership does. Gun restriction laws prohibit non-state individuals from having legal access to certain types of firearms and what they can do with their firearms. The National Firearms Act (NFA), for example, places heavy restrictions on purchasing machine guns, suppressors, and several other categories of firearms. Adding to the NFA’s restrictions on machine guns the Hughes Amendment to the Firearm Owners Protection Act outright prohibited non-state entities from legally owning machine guns manufactured after 1986. In addition to these restrictions the Gun Control Act of 1968 also created a list of individuals prohibited from owning any type of firearm. The list includes anybody who has been labeled a felon, which means simply failing to abide by the entire tax code could make it illegal for you to own a firearm. Most states have laws restricting individuals from lawfully carrying a firearm without state permission. In other words most states restrict individuals’ options for self-defense. Those laws, like all laws, only apply to individuals acting within the law. Criminals, by definition, do not have to abide by these restrictions and prohibitions so the ultimate outcome is that non-state individuals can be outgunned by violent criminals (both the state and non-state variety).
Now let’s consider what restricting or prohibiting effective cryptography does. Restrictions against effective cryptography create a legal requirement that all cryptographic systems be weakened in such a way that they can be easily bypassed by the state. In reality cryptographic systems cannot be weakened in such to allow only one entity to bypass them without also allowing other entities to bypass them. We learned this lesson during the Clipper chip fiasco. When you purposely introduce weaknesses into cryptographic systems those weaknesses can be targeted by anybody, including run of the mill criminals and foreign states. In the case of key escrow, the system being proposed where all encrypted data can be decrypted by a key held by the state, the focus would likely be in either creating or stealing a copy of the state’s key. Once that happened, and it would only be a matter of time until it did happen, the encrypted data would be available to anybody with a copy of the key to read. Imagine the day, and it would happen, where that master key was widely distributed across the Internet. Suddenly everything that was lawfully encrypted would be easily decrypted by anybody. Your personal information, including credit card and Social Security numbers, would be accessible to every identify thief in the world. Any communications you had that could imply you were participating in an unlawful activity, even if you weren’t, would suddenly be accessible not only to law enforcement agents but also individuals interested in blackmailing you. All future communications with online stores would be vulnerable, which means your credit card and shipping information could be snapped up by anybody surveiling the network you’re using. Any information you entered into state and federal online tax systems would be viewable to anybody with a copy of the master key. Effectively everything you communicated would be transmitted in plaintext and viewable to anybody.
Cryptography, like a firearm, is a means of self-defense. Where firearms are used to defend your physical self cryptography is used to defend your data. If your phone or laptop is stolen encryption can defend all of the information stored on it from the thief. When you make a purchase online encryption defends your credit card number and shipping address from identify thieves. Your Social Security number is also defended against identify thieves by encryption when you fill out your taxes online. There are a lot of bad individuals who want to steal personal information about you and the only thing you have to defend against them is effective cryptography. Any restriction against effective cryptography necessarily inhibits the ability of individuals to defend themselves.
The fight against restricting cryptography is the same fight against restricting firearm ownership. Both fights are against attempts by the state to restrict the ability of individuals to protect themselves from harm.