Tuesday, March 15, 2016
Why Are We Fighting the Crypto Wars Again?
Three big things have happened since the first round of the Crypto Wars. First, of course, was 9/11. The second was the Snowden revelations, which exposed how the government had stepped up its surveillance of communications, greatly increasing its cache of private information despite the existence of crypto. And the third, definitely related to factor two, was the explosion of new technologies — notably the iPhone and its progeny — that put even more of our personal information in the cloud. (In 2001, Google was just getting started.) All of these things make the stakes much higher this time around.
But here’s something that didn’t happen: a strong crypto infrastructure that protected our information and privacy. The fact is that while the security industry has boomed, our information really isn’t much safer than it was when we were fighting the first crypto war. This is because the tech world has been slow to build strong encryption into our systems as a default. It’s been too hard to use, and all too often businesses and institutions don’t even take obvious steps to secure data. Chronic lapses in our communications software and disasters happen on almost a daily basis. (Two horrifying examples from a long list: Anthem Blue Cross’s breach that exposed records of up to 80 million Americans; and the theft of over 21 million super-sensitive government background checks from the Office of Personnel Management). We simply haven’t used our capabilities to make our electrical grids, our credit card systems, and our ISPs bulletproof. As a result, the public has not fully reaped the spoils from winning that first crypto war.
But that’s changing. Because of the endless chain of spectacular security failures and the Snowden news that the NSA is grabbing everything it can, the tech industry is finally ramping up its security. American companies are worried that foreign customers might regard their products as direct conduits to American authorities. So they have changed their practices for moving information between their data centers. Now, confirming government’s biggest nightmare, Apple has planted a flag in the ground for privacy — endeavoring to scramble data on its iPhones so only customers can access them.