Episode 49: Crypto Wars Redux

Ever since the Cold War, intelligence services and their sympathisers in Western governments have worked tirelessy to prevent everyday citizens from utilising effective encryption to shield their lives from prying eyes. When the Clipper chip failed, these people switched to influencing legislation to get what they want. And now they are at it again.

In this episode of The Private Citizen, I finally get around to talk about an important situation that I had my eyes on for a while: The resurgence of the Crypto Wars. But this episode is just the beginning of this conversation as I fear that this topic will be with us for a long time to come.

This episode was recorded before a live audience on Twitch. You can watch the video after the fact on YouTube.

Upcoming Hiatus of the Show

I’m planning to record and release two more episodes after this one and then take a break from the show for the rest of the year. That means the final episode for this year should be number 51 and it should be released on Wednesday, 2 December. I’m planning that one to be a review of the content I’ve covered on the show in 2020.

I will then take the rest of December off to recharge my batteries, rethink the show somewhat and do some work on the website. The plan is to come back to the regular schedule on Wednesday, 6 January 2021.

The Return of the Crypto Wars

Before we get into the new developments I want to talk about, I need to go back and explain some of the historic backgrounds behind the Crypto Wars.

Some History

The Crypto Wars began in the Cold War with export regulations to prevent Eastern bloc countries from gaining access to cryptographic systems that could defeat spying by the US or allied powers. As Wikipedia puts it:

The Crypto Wars is an unofficial name for the U.S. and allied governments’ attempts to limit the public’s and foreign nations’ access to cryptography strong enough to resist decryption by national intelligence agencies.

As such, the US classified encryption technologies as weapons to get these export restrictions to stick. This continued after the Berlin Wall fell. This is why we have “export ciphers”.

→ See also the Wassernaar Arrangement, which, since 2013, also includes intrusion software and network surveillance systems.

The biggest battle fought in the Crypto Wars up until now revolved around the Clipper chip.

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages” with a built-in backdoor that was intended to “allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions.” It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

Organizations such as the Electronic Privacy Information Center and the Electronic Frontier Foundation challenged the Clipper chip proposal, saying that it would have the effect not only of subjecting citizens to increased and possibly illegal government surveillance, but that the strength of the Clipper chip’s encryption could not be evaluated by the public as its design was classified secret, and that therefore individuals and businesses might be hobbled with an insecure communications system. Further, it was pointed out that while American companies could be forced to use the Clipper chip in their encryption products, foreign companies could not, and presumably phones with strong data encryption would be manufactured abroad and spread throughout the world and into the United States, negating the point of the whole exercise, and, of course, materially damaging U.S. manufacturers en route.

The release and development of several strong cryptographic software packages such as Nautilus, PGP and PGPfone was in response to the government push for the Clipper chip. The thinking was that if strong cryptography was freely available on the internet as an alternative, the government would be unable to stop its use.

At about the same time, public campaigning also brought an end to classing encryption algorithms as munitions:

Legal challenges by Peter Junger and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U.S., and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in President Bill Clinton signing the Executive order 13026 transferring the commercial encryption from the Munition List to the Commerce Control List. Furthermore, the order stated that, “the software shall not be considered or treated as ‘technology’” in the sense of Export Administration Regulations. This order permitted the United States Department of Commerce to implement rules that greatly simplified the export of proprietary and open source software containing cryptography, which they did in 2000.

As we know from the Snowden documents, the NSA and other agencies are still trying to weaken and/or outlaw encryption as best they can, including with software programs like BULLRUN.

The Crypto Wars are Picking Up Speed Again

Fast forward to today, when renewed efforts are underway to make it impossible for the general public to use working encryption (when they say “strong encryption” in the mainstream media, this is what they mean – weak encryption can be considered to be no encryption at all when your adversary is the NSA).

These efforts are underway in the US, where a number of senators during the summer introduced an anti-encryption law called the Lawful Access to Encrypted Data Act and with the EARN IT Act, which I covered in episode 30 of this show, and which currently resides with the House. I fear this will get worse with the neocon-backed warmonger coalition surrounding President-elect Biden.

But it is also happening in the EU, driven by the German government which is currently chairing the Council of the European Union.

The last few months have seen a steady stream of proposals, encouraged by the advocacy of the FBI and Department of Justice, to provide “lawful access” to end-to-end encrypted services in the United States. Now lobbying has moved from the U.S., where Congress has been largely paralyzed by the nation’s polarization problems, to the European Union – where advocates for anti-encryption laws hope to have a smoother ride. A series of leaked documents from the EU’s highest institutions show a blueprint for how they intend to make that happen, with the apparent intention of presenting anti-encryption law to the European Parliament within the next year.

Speaking at a webinar on “Preventing and combating child sexual abuse and exploitation”, Johansson called for a “technical solution” to what she described as the “problem” of encryption, and announced that her office had initiated “a special group of experts from academia, government, civil society and business to find ways of detecting and reporting encrypted child sexual abuse material.” The subsequent report was subsequently leaked to Politico. It includes a laundry list of tortuous ways to achieve the impossible: allowing government access to encrypted data, without somehow breaking encryption.

At the top of that precarious stack was, as with similar proposals in the United States, client-side scanning. We’ve explained previously why client-side scanning is a backdoor by any other name. Unalterable computer code that runs on your own device, comparing in real-time the contents of your messages to an unauditable ban-list, stands directly opposed to the privacy assurances that the term “end-to-end encryption” is understood to convey. It’s the same approach used by China to keep track of political conversations on services like WeChat, and has no place in a tool that claims to keep conversations private.

But while it would require a concerted political push, EU’s higher powers are gearing up for such a battle. In late September, Statewatch published a note, now being circulated by the current EU German Presidency, called “Security through encryption and security despite encryption”, encouraging the EU’s member states to agree to a new EU position on encryption in the final weeks of 2020.

While conceding that “the weakening of encryption by any means (including backdoors) is not a desirable option”, the Presidency’s note also positively quoted an EU Counter-Terrorism Coordinator (CTC) paper from May (obtained and made available by German digital rights news site NetzPolitik.org ), which calls for what it calls a “front-door” – a “legal framework that would allow lawful access to encrypted data for law enforcement without dictating technical solutions for providers and technology companies”.

We are in the first stages of a long anti-encryption march by the upper echelons of the EU, headed directly toward Europeans’ digital front-doors. It’s the same direction as the United Kingdom, Australia, and the United States have been moving for some time. If Europe wants to keep its status as a jurisdiction that treasures privacy, it will need to fight for it.

c.f.: Nächste Schlacht in den CryptoWars: EU-Ministerrat plant Anschlag auf Verschlüsselung , Chaos Computer Club

As Julia Reda points out on heise , one of the reasons this is happening in the EU now is that changes to the EU’s laws that were passed two years ago are coming into effect now. From December, Messenger and VoIP systems on the internet are included in protections that concern the privacy of electronic communications. Spying on these services server-side would therefore be as illegal as a telco listening in to its customers phone calls.

This has become even more urgent and important this year, as the SARS-CoV-2 pan(ic)demic has shifted more and more conversations from real-life meetings into these online systems. And now, the European governments (Germany proudly marching ahead) seem to be using the same pan(ic)demic to defeat these laws by mandating legal access to this information. As if by accident, the German government has identified messenger services like Telegram as “reservoirs of extremism” because people who were kicked off of Twitter, Facebook and YouTube for voicing opinions about the coronavirus scare that do not conform with WHO- and government-mandated wisdom now use encrypted messengers to communicate. Who could’ve guessed that would happen?

Stefan Krempl comments on heise that the goal of these politicians is to catapult us back into the age of the analog telephone, were the government could relatively easily spy on anyone they deemed dangerous. The top security official in the German interior ministry literally said the government wants a situation “comparable to the analog telephone”.

So that what it is all about. The people in power can’t stand the progress the internet and its constituent communication technologies have bestowed upon ordinary, private citizens. They want their ability to spy on people back. Which goes hand in hand with new control measures established “to fight the pandemic”.

I’m not even going to go into the security implications. They should be obvious. As Bruce Schneier said in 2016:

We’re not being asked to choose between security and privacy. We’re being asked to choose between less security and more security.

Producer Feedback

Fadi Mansour writes in regarding episode 48 (as usual, very thoughtfully):

Let me first start by re-stating how important it is to be able to have a civil and reasonable discussion even with the difference of opinion. But unfortunately, my impression was that both of you were coming from different a priori positions.

This was clear when Fab brought in the topic of the Biden laptop. On one hand, it’s clear that you are willing to entertain that there’s something worth seeing there, while for Mike, it was purely and clearly a continuation of the Trump camp ploy to muddy the waters with no root in reality. This is another instance of the phenomenon related to filter bubbles, and what the No Agenda folk call Dimensh A/B.

A little of personal history: When the rebelion started in Syria, it was clear after a while that you have two different camps that had a complete different view on what’s happening: one camp believed that everbody is rebelling and the government is soon to fall, while the other did’t believe anything is happening and it’s all exageration by foreign actors. Now, to my horror, I see the same thing happening in other areas, like the political situation in the United States, and the whole world with COVID-19.

My attempt at explaining this is simple enough: in all these cases, it’s difficult to have first hand information, and all of us rely on second (if not third) hand information. This brings up the important role news media is playing in shaping our world view. And here, the risk of having a monopoly on news propagation becomes very critical. I know that you believe in the importance of having independent media, and the risk of having some organizations monopolizing media platforms, and communication channels. While writing this, I can’t help but think, what if some algorithm would decide that this email, or similar should not be delivered. This is a very dangerous slippery slope. This of course brings to mind your recent favourit Picard quote (With the first link…).

Let me switch to a different slippery slope now. During the discussion, Mike used the expression “compassionate society”. I have no doubts about Mike’s good intentions, but hearing this as a slogan doesn’t give me a very good feeling.

Let me explain: I totally share the hope that humans in general would become more compassionate and helpful towards each other. But how? The risk I see, is that this “compassionate” talk is sometimes used as a tool, so that more power is given to goverments, and here the slippery slope begins. What liberties will be sacreficed so that everybody is nice to each other? For this, my position is this: No, I don’t want “compassion by decree”. People have the right to be jerks!

But this wouldn’t stop me or anybody from seeking out and supporting compassionate people. This is the only “right” way (in my opinion) to build compassion. It’s not my job (or anybody’s) to start imposing this. Of course this discussion would now devolve into what could or could not be acceptable in a society, and to make it short: The less rules, the better. More rules means more power concentrated in one place, which will be the target of the nastiest people to hold. Caveat emptor!

I will stop here. And again, keep up the good work. Many thanks to you and Mike, and I would love to hear more interesting discussions.

Our Anonymous Canadian once again sent me an encrypted message (let’s use these systems as long as that’s still legal):

Just got most of the way through your newest record breaking content episode, and enjoying it. I’ve had a couple items I have been meaning to send, and have a few minutes now to do it.

This article is interesting – It starts with a quick run down that follows the direction of the headline, the creation of a propaganda department, but finishes by talking about how the Canadian military has started collecting social media data on Canadian citizens.

The next topic is the rolling out of tighter coronavirus restrictions. As of yesterday, British Columbia has asked for all non essential travel to be stopped, including reaching out to other provinces and the federal government to aid in this. All private gatherings are now prohibited. All indoor public spaces will now require masks. Oddly enough, COVID-19 does not seem to spread in restaurants or schools, so masks are not required in those 2 locations. Theaters and gyms remain open. Religious places of worship, such as churches have been told they can not have mass, however, the virus does not survive at baptisms and funerals, so those are still OK. So, once again, it appears to have been a liberal rolling of AD&D dice in creating these rules. This is all due to “record numbers of cases” being recorded. Personally, I think that if you are only testing people that have symptoms, you should probably have a high positive rate. Especially considering we know there is a high false positive rate. And, I would also suspect that when you go from 1,000 tests per day to 10,000 tests per day, under those same circumstances, it would be magic if you didn’t see that alarming “spike” they are referring to.

But I am glad I do not live in the province of Manitoba. Absolutely no guests allowed in your house, not even your child if they live with the other parent. Stores not allowed to sell non-essential items and must either remove them or rope them off.

I feel sorry for Elon Musk. Four tests in one day, two came back positive, two came back negative. Not too sure how you are supposed to process that kind of diagnosis. As always, keep up the good work, and I look forward to finishing this current episode.

On our patron Discord server, Barry Williams chimes in from South Australia, where they just had their lockdown end after it was discovered that someone lied during contact tracing efforts which caused idiotic claims of a new mutation of SARS-CoV-2.

According to the police, purchasing alcohol is an essential service, so that’s OK for the next 6 days (very Australian) but heaven forbid you leave your house to exercise FFS.

Another patron brought up the idiocy of banning outside exercise, which I agree with. I think it’s a no-brainer that such bans do more harm than good when it comes to people’s health, especially when gyms are also closed.

If you, too, have thoughts on the topics discussed in this or previous episodes, please feel free to contact me.

Toss a Coin to Your Podcaster

I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.

You can also support the show by sending money to via PayPal, if you prefer.

This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me, pard. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.

Thanks and Credits

I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.

Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.

But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Niall Donegan, Michael Mullan-Jensen, Jonathan M. Hethey, Dave, Butterbeans, Georges Walther, Steve Hoos, Mark Holland, Shelby Cruver, Vlad, Jackie Plage, 1i11g, Kai Siers, Philip Klostermann, Jaroslav Lichtblau, Fadi Mansour, ikn, Matt Jelliman, Joe Poser, Dirk Dede, David Potter, Mika, Dave Umrysh, Martin, S.J., RikyM, drivezero, Jonathan Edwards, Barry Williams, MrAmish, Vytautas Sadauskas, Neil, Captain Egghead, Galteran and indiegameiacs.