Please no non-consensual BACKDOOR SNIFFING, Mr Obama

Major tech firms against vulnerability by default

The US White House. Pic: Roman Boed
Crypto Wars: Tech companies fear a re-run of the 1990s bunfights

Google, Apple and 140 other technology companies will write to US President Obama today (19 May) to argue against plans which could see the security of electronic communications deliberately and compulsorily compromised for the sake of government surveillance access.

The letter is intended to display the depth of support for secure encryption.

The letter follows comments made at the RSA security conference in April, where various government speakers urged Silicon Valley attendees to create breakable non-breakable encryption.

While knowledge of particular cryptographic vulns may allow security services to attack encrypted data with a greater expectation of success, the vulnerability would obviously be discovered and be available to all attackers.

This was demonstrated by none other than RSA, who had accepted $10m to implement the NSA's own Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG). A weakness in the generator had been discovered in 2007 [PDF], although it wasn't until documents handed to journalists by Edward Snowden were published that the weakness was revealed to be a creation of the NSA.

As a result, RSA was boycotted by many parties for what they regarded as a betrayal of its efforts to defend the integrity of encryption against government's attempts to weaken it.

The Washington Post reports that among the other signatories to the letter are three of the five members of President Obama's review panel, created in 2013, which has been assigned to assessing tech policy following the surveillance revelations from Mr Snowden.

The signatories urge the president that the US should "fully support and not undermine efforts to create encryption standards", and not "in any way subvert, undermine, weaken or make vulnerable" commercial encryption software.

The Crypto Wars

Export controls on cryptography began in the US in the 1970s, when cryptographic algorithms and software were formally classed as munitions. This classification was contested at the time by scientists and academics, but became even more widely challenged following the introduction of the personal computer. Additionally, the invention of the free, publicly-available, PGP crypto system by Phil Zimmerman – which the internet made easily communicable abroad – lead to landmark legal rulings which found the export controls to be in breach of the US First Amendment.

This to and fro between the government and the public over access to cryptography became known as the Crypto Wars. The wars were largely considered to have ended in the US when President Bill Clinton signed Executive order 13026 [PDF] in 1996, which relaxed export controls.

In the UK, the Foundation for Information Policy Research considers the British Crypto Wars to have ended in 2005, when Part I of the Electronic Communications Act 2000 was repealed.

This year, however, Blighty's Prime Minister David Cameron publicly criticised the existence of encrypted messages which law enforcement and security services are unable to access, stating his intention of gaining US support for the notion that "[We must not] allow a means of communications which it simply isn't possible to read".

While Cameron was unsuccessful in firmly establishing President Obama's support for his cryptography-banning ideas – which were dismissed as "absurd" by crypto godhead Phil Zimmerman – the UK's domestic attempts to establish greater access to citizens' communications continue with the so-called Snooper's Charter. ®

Sponsored: Fast data protection ROI?