kNOw Future Inc.

law, technology and cinema, washed down with wine

Party Like it’s 2000: Revisiting Crypto

At the time when I first studied law, my interest in technology was entirely separate and parallel. On just one occasion they intersected, due to the requirement of a note from one’s tutor stating that the requested email address/shell account was necessary for purposes of scholarly activities; in those days emails were issued automatically only to maths and computer science students, everyone else had to demonstrate that they needed one.

There followed many all night sessions in the computer labs (the only buildings open 24 hours!) and conversations with nerds who began to drop in to the bookshop where I worked. Sometimes this just meant riffing about the exotic ideas encountered on Usenet (Ireland was seriously theocratic and very insular), but inexorably discussion would return to speculation on the political consequences of the new medium in two areas: copyright and surveillance/political control.

So when I later decided to return to law, it was natural to focus on these conflicts. My emphasis was originally on cryptography. In retrospect I guess this is because that moment was a kind of peak of political absurdity. Encryption technologies were still classed as dual use technologies by government, meaning that they had both civilian and military applications, and were thus subjected to a special regulatory regime limiting their export. At the same time the encryption software PGP (Pretty Good Privacy) was available for download from the net in flagrant breach of US export controls – the International Traffic in Arms Regulations (ITAR). Daniel Bernstein was challenging the constitutionality of these arrangements in the US while Phil Karn was filing requests with the US State Department to check whether a book, Applied Cryptography, and accompanying floppy disk were subject to export restrictions; it turned out the book wasn’t and the floppy was (I got a copies from amazon and never used either!).

Investigative journalist Duncan Campbell had already uncovered the first bits of information about a surveillance dragnet called Echelon. Meanwhile the US government had spent years trying to inject compromised encryption systems via hardware into the public’s computers and phones via its Clipper Chip proposal. This would have provided law enforcement with a side-door entrance to encrypted communications on foot of a warrant obtained as part of an investigation, but required that the secret keys necessary for this be stored at a location accessible to the police. Were they to be excluded from access to plaintext, we were told, the consequences would be dire: the four horsemen of infocalypse – terrorists, drug dealers, paedophiles and money-launderers – would ride forth unleashing their villainy on the innocent. A little later there was an international scandal involving a shady Swiss firm called Crypto AG, who were supplying compromised encryption systems to governments. When the exploit was revealed the Vatican was the first ‘user’ to change its system. … In short, these were exciting times, the rock and roll period of the so-called crypto wars.

Absurdly it was still possible then to imagine a field of ‘computer technology and the law’: the number of users was still small; the legal disputes actually reaching a judge were few: even the range of devices was limited. I gobbled it all up: digital signatures, data protection and copyright. Then I came across articles about Digital Rights Management systems and realized that where I had imagined a politically mobilized populace embracing PGP to engage in oppositional politics, it was more likely that users would encounter encryption as a lock preventing them from having access to the media cookie jar. Whereas the inability of governments to prevent civilian access to strong cryptography was foretold, the copyright and allied industries (mostly in the patent and trademark sectors) were well-organised, and had achieved considerable success in rewriting the law at both domestic (DMCA, European Copyright duration Directive) and international levels (GATT-TRIPS, WIPO-WCT). Thus in the United States the DMCA made it an offense both (a) to produce and distribute tools for the circumvention of DRM access controls on media and (b) to engage in the act of circumventing itself – irrespective of whether a breach of copyright occurred.

But the copyright industry’s victory turned out to be easier at the level of lobbying and legislation than it was in reality once these technologies were released into the wild. The dream of perfect technological control turned out to be a mirage. Worse, the internet ensured that once an access control technology was defeated once, it was effectively defeated everywhere, as the developers of the protection systems for DVDs and digital music formats were to discover at some expense. In 1999, just as the means to neutralize the DRM on DVDs was being made public, Napster, the first p2p system, appeared on the scene.

Thus at the turn of the millennium the struggle for public access to strong cryptography seemed to have been won, and the copyright industry’s efforts to retain control of distribution seemed to be skidding on the black ice of technological history. Such was the mood in January 2001 when Steven Levy’s celebratory account, Crypto, was published, with the unfortunate subtitle ‘How the Code Rebels Beat the Government Saving Privacy in the Digital Age ‘. By year’s end that tune would appear mistaken.

To be continued.

November 30, 2014 Posted by | / | Leave a comment