A conspiracy theorist would make something dramatic of this week's raw materials. In both the US and the UK government and law enforcement insist more and more loudly that encryption must be weakened so they can read everything, Meanwhile, in uncharacteristic silence, Caspar Bowden, one of the UK's leading advocates against such notions, has died.
Bowden sprang into my life so fully formed as a privacy advocate that I was startled to discover he was not ever thus: conversational hints and online biographies indicate that he studied mathematics at Cambridge, worked in investment banking (writing proprietary trading risk management software for option arbitrage) and software engineering (graphics engines and cryptography). In the roughly 20 years I knew him, which encompassed his ten years trying to implement privacy at Microsoft, I never heard him mention family other than his wife. He argued with everyone: "Prickly for the right reasons," a friend said on hearing the news. I was astonished and flattered when, years afterwards, he told me that one of the things that led him into the politics of cryptography was articles I wrote in the early 1990s. Moments like that can keep a writer motivated for decades.
What he did discuss, copiously and passionately, was privacy: he fought demands (such as those our governments are reviving) for back-doored encryption, spotted the "snooper's charter" while it was still just a wish list item, and issued very early warnings about the dangers of the rampant collection of metadata (the "data" in "data retention") and the risks posed even to data stored outside American borders by provisions in US laws like the FISA amendments and PATRIOT Act. Latterly, he was particularly incensed about American exceptionalism, which reserves human rights for Americans and refuses them to "foreigners". He was, you could say, advocacy all the way down. At a party he gave in 1999, I recall the two of us getting animatedly stuck into some of these subjects somewhere around 2am. Feeling left out, "I came for the craic," the person sitting next to him drunkenly protested. "You don't understand," he replied. "For us, this *is* the craic."
He leaves a hole but not a void. This week saw anti-encryption rhetoric much on display in both the UK (by Prime Minister David Cameron and Home Secretary Theresa May) and in the US by FBI director James Comey and Deputy Attorney General Sally Yates. In the US, Comey and Yates, plus opponents Peter Swire and Herb Lin, testified in front of the Senate Judiciary Committee. At Lawfare, Benjamin Wittes has a summary: he suggests that Comey is gathering political support with diligence and skill.
In the post-election UK, Cameron's statements are increasingly intemperate: social media privacy is "unsustainable"; he will ban communications government can't read; privacy-oriented services like Whatsapp and Snapchat are threats to national security. The possibility that both governments may try to pass legislation banning strong cryptography is becoming increasingly real, a rerun of 1991, when Phil Zimmermann pre-emptively released PGP to render the idea moot, or 1997, when Bowden helped organize the first of the Scrambling for Safety public debates that led up to the passage of the Regulation of Investigatory Powers Act. It's like watching people deliberately eliminate all other forms of transport and then remove all airplanes' safety features.
Pre-emption by technology won't help this time. PGP and other privacy-enhancing technologies such as Tor seem to have withstood cracking, but they are unusable enough that they won't achieve mass adoption. The authorities focus on major companies because we now know that to be usable encryption must be built invisibly into services like SSL (cracked by the NSA) or mobile standards. The tiny sufficiently motivated minority won't be deterred by a ban, they will stick out in a world that's 90% readable. For Cameron and Comey that'd good enough.
In response to these threats to (inter)national security, on Wednesday 14 computer scientists and security experts released Keys under Doormats, a paper explaining the precise level of danger Cameron and Comey are advocating. The New York Times, among many others, has a summary (see also many past net.wars).
These governments are refusing to learn from their own headlines: the Hacking Team hack (more here being a prime example. Here we have a company (apparently conceived by sf writer Philip K. Dick) that sells governments products so they can spy on all of us, with backdoors the company can use to spy on them. Bruce Schneier's comment: " It's one thing to have dissatisfied customers. It's another to have dissatisfied customers with death squads. " Meanwhile, the hack at the Office of Personnel Management has exposed 19.7 million security clearance applications, 127 pages each, plus 1.8 million spouses and co-habitants, the intimate details of people's entire lives that encryption should have protected from exactly this. OPM has, for the moment, gone back to processing applications on paper (a good conspiracy theorist would suspect the paper manufacturers).
Bowden spent the last 20 years being called paranoid and watching people discover he was right. In one of his last public talks, at last December's Chaos Computer Congress, he discusses privacy and cloud computing. In the coming Second Crypto Wars - we will need all his legacy, and much more.
Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.