In his book Privacy on the Line, Whitfield Diffie reveals some of the history of the American government’s obsession with prying into the personal information of the country’s citizens.
When banks began moving their record keeping into digital formats in the 1960s, a move that included encrypting the records, the FBI and CIA met with the heads of the major banks, and requested that they create back doors into their digital storage. In a happier, more responsible time, the bankers refused.
However, the pursuit of the objective never ceased. Throughout the subsequent decades, government agencies tried various means to keep their hands on citizens’ information. One successful attempt was to get the National Institute of Standards and Technology to reduce the encryption key requirement for SSL to 56 bits. Diffie was at that meeting and predicted that such a small key would be broken within ten years. He was correct.
Certainly, the NSA and the CIA had their own reasons for wanting that shorter key — they wanted to break it themselves. The combination of the key cracking, and the increasing movement of financial data online led, inevitably to stronger encryption that would be beyond the cracking of everybody: except, possibly, the NSA.
In 1976, Diffie and Martin Hellman published the results of their work on a new form of cryptography, public key cryptography. The Diffie-Hellman Key Exchange made it possible for anyone, anywhere, to encrypt data. It broke the government monopoly on cryptographic technology.
The government responded with one measure after another, attempting to reclaim control of the technology. During Reagan’s administration, a plan was mooted to require that all Federal contractors provide their encryption keys to the government. Later, the so-called clipper chip was proposed. It was intended to be a universal encryption tool with a back door built into it for the NSA.
With the rapid spread of free tools for encrypting data, led by Phil Zimmerman’s Pretty Good Privacy (PGP), most of the government’s attempts to control citizen data streams failed. One way that the government controlled encryption technology was by defining it as a “munition,” and as such, subject to export controls. Zimmerman himself was under threat of prosecution by the US Customs Service for years, for violating those export rules.
One important exception is in cell phones. Although the cell phone data stream is nominally encrypted, the phones use an old, deprecated encryption algorithm that is easily broken by agencies with the money to buy the equipment needed to do it.
Today, solutions do exist that enable citizens to make secure, encrypted phone calls, but they require special phones or software at both ends of the call. Skype-to-Skype calls are encrypted end-to-end with Advanced Encryption Standard (AES), which is the current world standard for encryption.
What’s lacking, so far, is a commitment by citizens to protect themselves. Millions of Americans take for granted the possession of and carrying of a loaded firearm for protection from personal violence. Learning and using software tools is the corresponding tactic from protecting oneself from online violence, including that from the government. It is possible to prevent government agencies from taking a garden stroll through your private life. You have to want to do it, though.